PDA

View Full Version : process that just wont go away


fowerman
2011-11-02, 21:24
hi new here and in serious need of expert help

got a file in the processes section in windows task manager called

2567497509:3659069286.exe

first noticed this file when all of a sudden, the number of processes went from around 40 to 70-80, these figure are fluctuating a lot

i originally had firewall on and was using microsoft security essentials and nothing else till now, when i downloaded spy bot search and destroy.

once i knew of the above process microsoft security essentials would load tell me i needed to run a scan, would not do anything else. i ran spy bot a ran everything, s think a trojan came up and a couple of other low risk viruses, can't be sure though, some cookies and some other stuff, anyway spy bot sorted everything and i though i was sorted, but sadly not.

2567497509:3659069286.exe

always as the same number above and in the same manner. Ive tried right clicking to end process, does nothing, tried end process tree, does nothing, tried debug (i haven't a clue what that does), but had to try it, when c++ loaded it said, just tried the debug now, the program is (not responding), cant remember exactly what it says but i cant access anything in c++ application at all.

when i go on web type search in google results come up normal, when selected another site appears, internet is so slow and getting slower, programs close on their own my laptop is running really slow too,

please help i haven't a clue what to do or where to start,

many thanks

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.1.0
Run by Owner at 18:52:36 on 2011-11-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2038.1095 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\2567497509:3659069286.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
C:\Program Files\Spotify\spotify.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
uSearch Page = hxxp://www.bing.com/?pc=AVBR
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uWinlogon: Shell=c:\documents and settings\owner\local settings\application data\25e70899\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove Folder Synchronization: {35ec672a-334e-03ce-6653-50d123b0061d} - c:\windows\system32\lprhellp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctODg0MTcwODI4LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMS
1TVEZUMTJUKzE"&"
prod=
90"&"ver=
2012.0.1834"&"mid=
7a0179e8302147
d1a4cdd15de2b13994-8f3c1
ce81019f99d2071e507e819d70011b5024a
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\canon ij status monitor canon ip2700 series.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{537056b7-32a4-4408-9b54-0341963c7c9c}\IcoUltraMon.ico
uPolicies-explorer: NoSMHelp = 1 (0x1)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000336&p=ZRxdm782YYGB&si=&a=1DrA1NBF_i9f5TSvJiARSA&n=2011072811
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office14\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{89640326-3177-4A58-8767-DDFB58913BB0} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A2AEC20F-7025-43ED-B0C8-009826EDC4F2} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - No File
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\uxhw1xgu.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-24 64512]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2011-10-31 38504]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 MySQL51;MySQL51;"c:\program files\mysql\mysql server 5.1\bin\mysqld" --defaults-file="c:\documents and settings\all users\application data\mysql\mysql server 5.1\my.ini" mysql51 --> c:\program files\mysql\mysql server 5.1\bin\mysqld [?]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2011-10-31 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-5-20 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-10-31 955816]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-8-27 30312]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-28 22216]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-1-5 19056]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-8-27 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-8-27 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-8-27 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-8-27 114280]
S0 cerc6;cerc6; [x]
S1 aufopquj;aufopquj;\??\c:\windows\system32\drivers\aufopquj.sys --> c:\windows\system32\drivers\aufopquj.sys [?]
S1 MpKsl0619a117;MpKsl0619a117;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc4fc63b-688e-4ef5-b097-8ae9d4db8099}\mpksl0619a117.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc4fc63b-688e-4ef5-b097-8ae9d4db8099}\MpKsl0619a117.sys [?]
S1 MpKsl0707db43;MpKsl0707db43;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1049c57f-715b-4eeb-afee-f38612cdf2d6}\mpksl0707db43.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1049c57f-715b-4eeb-afee-f38612cdf2d6}\MpKsl0707db43.sys [?]
S1 MpKsl0ad2eeb0;MpKsl0ad2eeb0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d5911313-9dde-4f33-a27c-db016fb828d4}\mpksl0ad2eeb0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d5911313-9dde-4f33-a27c-db016fb828d4}\MpKsl0ad2eeb0.sys [?]
S1 MpKsl2152e184;MpKsl2152e184;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc4fc63b-688e-4ef5-b097-8ae9d4db8099}\mpksl2152e184.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc4fc63b-688e-4ef5-b097-8ae9d4db8099}\MpKsl2152e184.sys [?]
S1 MpKsl34c8313a;MpKsl34c8313a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1049c57f-715b-4eeb-afee-f38612cdf2d6}\mpksl34c8313a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1049c57f-715b-4eeb-afee-f38612cdf2d6}\MpKsl34c8313a.sys [?]
S1 MpKsl400c46f1;MpKsl400c46f1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{38fc8420-eeba-4b69-909d-3475d5acece7}\mpksl400c46f1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{38fc8420-eeba-4b69-909d-3475d5acece7}\MpKsl400c46f1.sys [?]
S1 MpKsl48a43ccd;MpKsl48a43ccd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1049c57f-715b-4eeb-afee-f38612cdf2d6}\mpksl48a43ccd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1049c57f-715b-4eeb-afee-f38612cdf2d6}\MpKsl48a43ccd.sys [?]
S1 MpKsl4a3d3113;MpKsl4a3d3113;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1049c57f-715b-4eeb-afee-f38612cdf2d6}\mpksl4a3d3113.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1049c57f-715b-4eeb-afee-f38612cdf2d6}\MpKsl4a3d3113.sys [?]
S1 MpKsl531375ad;MpKsl531375ad;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{948c937a-c358-49b3-8e44-958c4b56a391}\mpksl531375ad.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{948c937a-c358-49b3-8e44-958c4b56a391}\MpKsl531375ad.sys [?]
S1 MpKsl68351bca;MpKsl68351bca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ad84c710-42be-46e0-a85a-cf9c42526ec9}\mpksl68351bca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ad84c710-42be-46e0-a85a-cf9c42526ec9}\MpKsl68351bca.sys [?]
S1 MpKsl78d730f1;MpKsl78d730f1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{38fc8420-eeba-4b69-909d-3475d5acece7}\mpksl78d730f1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{38fc8420-eeba-4b69-909d-3475d5acece7}\MpKsl78d730f1.sys [?]
S1 MpKsl7ee0a255;MpKsl7ee0a255;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{948c937a-c358-49b3-8e44-958c4b56a391}\mpksl7ee0a255.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{948c937a-c358-49b3-8e44-958c4b56a391}\MpKsl7ee0a255.sys [?]
S1 MpKsl811a4eb2;MpKsl811a4eb2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e50f36ea-6cb8-4105-90c6-5b5d36e87146}\mpksl811a4eb2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e50f36ea-6cb8-4105-90c6-5b5d36e87146}\MpKsl811a4eb2.sys [?]
S1 MpKsl8a9f43ac;MpKsl8a9f43ac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f48fbca7-a78a-4d1b-a456-9c03a7f2da31}\mpksl8a9f43ac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f48fbca7-a78a-4d1b-a456-9c03a7f2da31}\MpKsl8a9f43ac.sys [?]
S1 MpKsl8e519a82;MpKsl8e519a82;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db4b3e04-633d-4ba8-b25e-7d1ce652271d}\mpksl8e519a82.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db4b3e04-633d-4ba8-b25e-7d1ce652271d}\MpKsl8e519a82.sys [?]
S1 MpKsl9aa87c1a;MpKsl9aa87c1a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2916bf47-0e46-4632-82eb-da9739c63668}\mpksl9aa87c1a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2916bf47-0e46-4632-82eb-da9739c63668}\MpKsl9aa87c1a.sys [?]
S1 MpKslb4f852bc;MpKslb4f852bc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bb8f952a-5e9a-463b-8964-17c21cb77763}\mpkslb4f852bc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bb8f952a-5e9a-463b-8964-17c21cb77763}\MpKslb4f852bc.sys [?]
S1 MpKslb52587c4;MpKslb52587c4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40b21752-02f3-490d-b636-4bf3d076f5c8}\mpkslb52587c4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40b21752-02f3-490d-b636-4bf3d076f5c8}\MpKslb52587c4.sys [?]
S1 MpKslc6e6e79c;MpKslc6e6e79c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d24b6bdf-1c84-4360-8e4f-732edbcb4b28}\mpkslc6e6e79c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d24b6bdf-1c84-4360-8e4f-732edbcb4b28}\MpKslc6e6e79c.sys [?]
S1 MpKslca00706d;MpKslca00706d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da8810b9-7b89-4715-a789-3aea1317335b}\mpkslca00706d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da8810b9-7b89-4715-a789-3aea1317335b}\MpKslca00706d.sys [?]
S1 MpKslcd0e16c8;MpKslcd0e16c8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d59800f-838a-4316-be56-2139a8a4f531}\mpkslcd0e16c8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d59800f-838a-4316-be56-2139a8a4f531}\MpKslcd0e16c8.sys [?]
S1 MpKsld75de7a2;MpKsld75de7a2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{948c937a-c358-49b3-8e44-958c4b56a391}\mpksld75de7a2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{948c937a-c358-49b3-8e44-958c4b56a391}\MpKsld75de7a2.sys [?]
S1 MpKsld8ab9691;MpKsld8ab9691;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{948c937a-c358-49b3-8e44-958c4b56a391}\mpksld8ab9691.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{948c937a-c358-49b3-8e44-958c4b56a391}\MpKsld8ab9691.sys [?]
S1 MpKslee7f86ad;MpKslee7f86ad;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40b21752-02f3-490d-b636-4bf3d076f5c8}\mpkslee7f86ad.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40b21752-02f3-490d-b636-4bf3d076f5c8}\MpKslee7f86ad.sys [?]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\fsusbexservice.exe --> c:\windows\system32\FsUsbExService.Exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-31 135664]
S2 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-31 135664]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-28 366152]
S2 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2010-10-18 20549]
S3 cpuz134;cpuz134;\??\c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-6-7 20032]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-2-11 36640]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-1-8 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-1-8 8576]
S3 PORTMON;PORTMON;\??\c:\documents and settings\owner\local settings\temporary internet files\content.ie5\tls13nou\portmsys.sys --> c:\documents and settings\owner\local settings\temporary internet files\content.ie5\tls13nou\PORTMSYS.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
.
=============== Created Last 30 ================
.
2011-11-01 18:37:03 -------- d-----w- C:\34a7fb4328e3cb92792be6f6ee
2011-11-01 18:00:47 -------- d-----w- C:\2bd5dc60d46b44103793a0fb
2011-10-31 07:44:12 6668624 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-10-31 07:39:32 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{398d2a62-038f-45a0-932c-51d1828c577a}\offreg.dll
2011-10-31 07:39:30 7269712 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{398d2a62-038f-45a0-932c-51d1828c577a}\mpengine.dll
2011-10-31 07:20:54 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-28 11:38:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-28 11:38:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-28 03:38:54 861936 ----a-w- C:\WindowsXP-KB904423-x86-ENU.exe
2011-10-27 12:07:21 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-10-27 11:23:52 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-27 11:23:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-26 17:45:19 -------- d-----w- c:\documents and settings\owner\application data\MediaBox
2011-10-26 17:45:16 -------- d-----w- c:\documents and settings\owner\local settings\application data\MediaBox
2011-10-26 17:42:39 -------- d-sh--w- c:\documents and settings\owner\local settings\application data\25e70899
2011-10-26 16:39:18 -------- d-----w- c:\documents and settings\owner\local settings\application data\PCHealth
2011-10-26 15:11:39 -------- d-----w- c:\documents and settings\owner\application data\AVG
2011-10-26 14:52:09 -------- d-----w- c:\program files\Microsoft SQL Server
2011-10-26 14:49:28 188128 ----a-w- c:\documents and settings\all users\application data\microsoft\vcsexpress\10.0\1033\ResourceCache.dll
2011-10-26 14:42:13 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-10-26 14:42:12 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-10-26 14:17:41 -------- d-----w- c:\documents and settings\all users\application data\Summitsoft
2011-10-26 09:06:34 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2011-10-25 19:38:44 -------- d-----w- c:\program files\Summitsoft
2011-10-24 19:38:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-10-24 19:37:56 797656 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-10-24 19:37:56 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-10-24 19:37:55 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-10-24 19:37:55 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-10-24 19:37:55 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-10-24 19:37:54 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-10-24 19:37:54 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-10-24 16:42:42 -------- d-----w- c:\program files\RAMDisk
2011-10-24 15:49:27 -------- d-----w- C:\BC5
2011-10-24 15:35:30 43520 ----a-w- c:\windows\system\MSVIDC.DRV
2011-10-24 15:35:30 11776 ----a-w- c:\windows\system\MSRLE.DRV
2011-10-24 15:35:29 77664 ----a-w- c:\windows\system\IR21_R.DLL
2011-10-24 15:35:29 7168 ----a-w- c:\windows\system\DISPDIB.DLL
2011-10-24 15:35:29 65408 ----a-w- c:\windows\system\ICCVID.DRV
2011-10-24 15:35:29 49616 ----a-w- c:\windows\system\MSACM.DLL
2011-10-24 15:35:29 22816 ----a-w- c:\windows\system\MSACM.DRV
2011-10-24 15:35:29 18384 ----a-w- c:\windows\system\DCISVGA.DRV
2011-10-24 15:35:29 151040 ----a-w- c:\windows\system\IR32.DLL
2011-10-24 15:35:29 14208 ----a-w- c:\windows\system\CTL3D.DLL
2011-10-24 15:35:29 12800 ----a-w- c:\windows\system\ACMCMPRS.DLL
2011-10-24 15:22:01 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-24 11:05:10 -------- d--h--w- C:\$AVG
2011-10-24 09:33:07 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-10-24 09:30:02 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-24 09:30:02 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-10-24 09:29:46 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-24 09:27:51 -------- d-----w- c:\program files\AVG
2011-10-24 09:14:07 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-10-24 09:13:31 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-24 09:13:18 -------- d-----w- c:\program files\Lavasoft
2011-10-24 08:36:59 -------- d-----w- c:\program files\LochJournal
2011-10-23 14:45:44 -------- d-sh--w- C:\found.000
2011-10-23 02:07:05 -------- d-----w- c:\documents and settings\owner\local settings\application data\Flock
2011-10-23 02:07:05 -------- d-----w- c:\documents and settings\owner\application data\Flock
2011-10-23 02:06:45 -------- d-----w- c:\program files\Flock
2011-10-22 03:38:06 -------- d-----w- c:\program files\Undisker
2011-10-22 03:23:39 143360 ----a-w- c:\windows\system32\ImageDrive.cpl
2011-10-21 03:34:14 -------- d-----w- c:\program files\Chit Chat For Facebook
2011-10-21 03:34:14 -------- d-----w- c:\documents and settings\all users\application data\Chit Chat For Facebook
2011-10-21 03:33:46 -------- d-----w- c:\program files\ADLSoft UnCompressor
2011-10-21 00:32:07 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-10-19 15:27:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-19 15:27:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-18 10:01:03 -------- d-----w- c:\windows\system32\2075
2011-10-18 09:48:21 -------- d-----w- c:\documents and settings\owner\application data\elefundesktops
2011-10-13 08:08:33 -------- d-----w- c:\program files\Mobile Action
2011-10-13 08:08:33 -------- d-----w- c:\documents and settings\owner\application data\Mobile Action
2011-10-10 10:09:40 4550304 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2011-10-05 05:20:04 -------- d-----w- c:\documents and settings\owner\application data\Unity
.
==================== Find3M ====================
.
2011-10-23 13:57:48 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-23 13:57:47 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-19 15:33:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 11:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 11:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 11:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-24 08:13:49 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-06 10:37:56 24754 ----a-w- c:\documents and settings\owner\REG BACKUP.reg
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-26 07:28:15 161720 ----a-w- c:\program files\4pres.dll
2011-06-26 07:27:53 669072 ----a-w- c:\program files\4pUninstall MindDabble.dll
.
============= FINISH: 18:57:16.39 ===============
JonTom
2011-11-03, 15:39
Hello fowerman and :welcome:

My name is JonTom

Malware Logs can sometimes take a lot of time to research and interpret.

Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.

Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.

Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.

PLEASE NOTE: If you do not reply after 5 days your thread will be closed.


You have a serious malware infection that is very difficult to remove. I believe we may be dealing with the ZeroAccess Rootkit.

Please make sure that you have backed up all of your essential data - if we are unable to clean this infection a reformat and reinstallation of the operating system will be the best course of action.

Important!!!


It is very likely that the malware we are dealing with has password stealing capabilities. For this reason you are Strongly Advised to disconnect the infected computer from the internet and from any networked computers until it can be cleaned. If you have networked compters, these must be checked, as they may also be infected.

If you use your computer for online banking, call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft. It may also be prudent to ask your banks to freeze/disable online access to your accounts until you are certain that your computer is free of the infecting malware.


It is Essential that you use a Clean (uninfected) computer to change ALL of your passwords for the online services (banking etc) that you use. Do not use the infected computer to change your passwords or to perform any financial transactions, as doing so will give the attacker access to the new password that you create.



Security Programs


I can see from your log that you have a number of real-time security programs running, namely AVG Anti-Virus Free Edition 2012, Lavasoft Ad-Watch Live! Anti-Virus and Microsoft Security Essentials
Whilst these programs provide good security, they may clash with each other which can leave your system vulnerable to infection.
You are advised to remove two of these programs.
Please make sure that you only have ONE Firewall and ONE real-time Antivirus running on your system.



P2P Programs:


P2P programs are a major source of Malware infections.
From your log I see you have uTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
If you wish to keep the program(s), please do not use them until your computer is cleaned.


Information regarding the risk of using these programs can be found from here (http://malwareremoval.com/p2pindex.php) and here. (http://www.internetworldstats.com/articles/art053.htm)


It is strongly recommend that you uninstall any P2P programs you have on your system.


To do this, Click on "Start" then on "Control Panel" and then on "Add or remove programs".
A list of currently installed programs will be displayed.
Find the "uTorrent" program, click on it once and then click on the "Remove" button.
If you are prompted to re-boot your computer to complete the uninstall please do so.


PLEASE NOTE:
Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.



aswMBR


Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan.

http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply.

http://public.avast.com/~gmerek/aswMBR2.png


Please scan your system with GMER


http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and post it in your reply.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries

Please post the aswMBR log and the GMER log in your next reply. If you encounter any problems with the scans come back and let me know.
JonTom
2011-11-08, 12:15
Due to lack of response, this topic is now closed. If you need continued support, please begin a new thread.