PDA

View Full Version : safesurf.exe keeps appearing and disappearing



insaniclol
2012-04-30, 06:45
Hi. Recently, this trojan came to annoy me during my gaming time. I tried to remove it by using the task manager but it keeps coming back after a few minutes. Right now, that thing keeps crashing and wants me to manually "close" it. A sort a popup message. It stills come back afterward. Anyway here's the DDS log.

DDS log
----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Alex at 23:34:46 on 2012-04-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1568 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\chrome\chrome.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\DllHost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [Google Update] "c:\users\alex\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\valve\steam\steam.exe" -silent
uRun: [Akamai NetSession Interface] "c:\users\alex\appdata\local\akamai\netsession_win.exe"
uRun: [PlayNC Launcher]
uRun: [Facebook Update] "c:\users\alex\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [AdobeBridge]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Chrome] c:\chrome\chrome.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\alex\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{E312710C-FAD5-4D94-ACA4-370BCEF2D1A6} : DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-4-14 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-4-14 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-4-14 656320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-24 357968]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-24 294608]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-28 242240]
R1 MpKsl394e62c9;MpKsl394e62c9;c:\programdata\microsoft\microsoft antimalware\definition updates\{090aacaa-c495-4dff-8a6a-4c76dd8ba2f9}\MpKsl394e62c9.sys [2012-4-29 29904]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-4-14 233976]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-3-9 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-24 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-24 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-24 40384]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-3-2 47640]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-1-3 2984832]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-3-9 7723008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-3-9 239616]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-9-24 101392]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-5-20 2074480]
RUnknown DiagnosticScan;DiagnosticScan; [x]
RUnknown Start1Driver;Start1Driver; [x]
S2 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\pc tools security\bdt\bdtupdateservice.exe" --> c:\program files\pc tools security\bdt\BDTUpdateService.exe [?]
S2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [2012-3-20 609792]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 253088]
S3 apf003;apf003;c:\windows\system32\apf003.sys [2012-3-17 13232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsauxs.exe --> c:\program files\pc tools security\pctsAuxs.exe [?]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctssvc.exe --> c:\program files\pc tools security\pctsSvc.exe [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-24 52224]
S3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-2-3 658528]
SUnknown MpKsl74aa916b;MpKsl74aa916b; [x]
.
=============== Created Last 30 ================
.
2012-04-29 09:14:08 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{090aacaa-c495-4dff-8a6a-4c76dd8ba2f9}\offreg.dll
2012-04-29 09:14:08 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{090aacaa-c495-4dff-8a6a-4c76dd8ba2f9}\MpKsl394e62c9.sys
2012-04-29 09:12:36 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{090aacaa-c495-4dff-8a6a-4c76dd8ba2f9}\mpengine.dll
2012-04-29 04:46:20 6734704 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-04-29 03:31:56 -------- d-----w- C:\ijji
2012-04-29 03:30:08 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
2012-04-29 03:30:08 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2012-04-29 03:30:08 -------- d-----w- C:\Temp
2012-04-29 02:51:47 -------- d-----w- c:\users\alex\appdata\local\{1876F58D-4CCC-4B24-8FEE-A854085116A3}
2012-04-29 02:51:32 -------- d-----w- c:\users\alex\appdata\local\{85F537F4-3138-459D-86FF-61220A961B99}
2012-04-28 06:58:45 -------- d-----w- c:\users\alex\appdata\local\{CD5C8CC6-D91B-4020-806A-286F997BD638}
2012-04-28 06:58:24 -------- d-----w- c:\users\alex\appdata\local\{8147E985-2753-4023-A700-056F1335553C}
2012-04-28 03:15:58 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{84b91b85-077d-4d3d-ab5c-c3720f52b8e9}\gapaengine.dll
2012-04-28 03:12:33 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-28 03:02:18 -------- d-----w- c:\users\alex\appdata\local\{A83B8262-8D04-4DEC-9E59-A28529E5F870}
2012-04-28 03:01:41 -------- d-----w- c:\users\alex\appdata\local\{113BC27C-5E11-4D67-A076-983F2CD203C5}
2012-04-28 02:55:06 -------- d-----w- C:\AMD
2012-04-27 23:50:34 -------- d-----w- c:\users\alex\appdata\local\{0D201DC6-F0D2-4D73-9A69-B269A0B24EA4}
2012-04-27 23:49:02 537432 ----a-w- c:\program files\common files\windows live\.cache\5217452c1cd24d001\DXSETUP.exe
2012-04-27 23:49:01 89944 ----a-w- c:\program files\common files\windows live\.cache\5217452c1cd24d001\DSETUP.dll
2012-04-27 23:49:01 1801048 ----a-w- c:\program files\common files\windows live\.cache\5217452c1cd24d001\dsetup32.dll
2012-04-27 23:47:29 -------- d-----w- c:\users\alex\appdata\local\{DA1944F4-CE67-4BEB-9925-9B3FF82C82C0}
2012-04-27 23:47:09 -------- d-----w- c:\users\alex\appdata\local\{F2D0BC2F-F70B-4AF3-AB70-1934D16A0580}
2012-04-26 02:53:38 -------- d-----w- c:\program files\REACTOR
2012-04-24 20:43:56 -------- d-----w- C:\koramgame
2012-04-24 20:43:00 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-04-24 20:43:00 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2012-04-24 20:42:59 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2012-04-24 20:42:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2012-04-24 20:42:59 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2012-04-24 20:42:58 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2012-04-24 20:42:57 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2012-04-24 20:42:55 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2012-04-20 17:01:38 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-20 07:22:58 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2012-04-20 07:21:35 -------- d-----w- c:\programdata\Battle.net
2012-04-19 22:45:11 -------- d-----w- c:\program files\SplitMediaLabs
2012-04-15 03:39:22 767952 ----a-w- c:\windows\BDTSupport.dll
2012-04-15 03:39:21 2074576 ----a-w- c:\windows\PCTBDCore.dll
2012-04-15 03:39:21 1533904 ----a-w- c:\windows\PCTBDRes.dll
2012-04-15 03:39:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-04-15 03:36:01 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-04-15 03:36:01 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-04-15 03:36:01 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-04-15 03:36:01 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-04-15 03:35:57 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-04-15 03:35:57 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-04-15 03:35:56 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-15 03:35:55 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-04-15 03:35:44 -------- d-----w- c:\programdata\PC Tools
2012-04-15 03:35:44 -------- d-----w- c:\program files\common files\PC Tools
2012-04-10 06:49:10 -------- d-----w- c:\users\alex\appdata\local\{7E301E07-9DAC-4636-B60C-E69B38DEA3B4}
2012-04-10 06:48:48 -------- d-----w- c:\users\alex\appdata\local\{E8A3579D-C501-497C-9A68-208482B7B595}
2012-04-10 03:48:50 -------- d-----w- c:\users\alex\appdata\local\{B19DF15C-7B59-474D-B23C-174911AC7315}
2012-04-10 03:47:04 -------- d-----w- c:\users\alex\appdata\local\Smartbar
2012-04-10 03:44:32 -------- d-----w- c:\users\alex\appdata\local\{3E6ABEC2-B6A0-40B6-BE58-73DAFA5044C6}
2012-04-10 03:44:19 -------- d-----w- c:\users\alex\appdata\local\{429AB84A-D459-4931-8471-431022A34645}
2012-04-09 08:09:07 40960 ----a-r- c:\users\alex\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-04-09 08:09:07 40960 ----a-r- c:\users\alex\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\ARPPRODUCTICON.exe
2012-04-09 08:08:41 -------- d-----w- c:\program files\Project64 1.6
2012-04-07 23:23:29 -------- d-----w- c:\users\alex\appdata\local\SplitMediaLabs
2012-04-07 01:52:24 -------- d-----w- c:\programdata\WEBZEN
2012-04-06 21:11:23 -------- d-----w- c:\users\alex\appdata\local\{95330642-5F64-4A0A-8CF8-9DBD0FF001A3}
2012-04-02 18:56:42 -------- d-----w- c:\users\alex\appdata\local\{D65D35CB-A627-4C14-B145-5AC44AE2039C}
2012-04-02 18:56:20 -------- d-----w- c:\users\alex\appdata\local\{65CEB3C0-B140-45C0-BA78-F83095C9241E}
2012-04-02 06:56:44 -------- d-----w- c:\users\alex\appdata\local\{53D2A0FA-1E0A-46AA-971D-12ECF8CDCCFB}
2012-04-02 06:56:22 -------- d-----w- c:\users\alex\appdata\local\{DEEF0F14-157E-45A1-9F33-A4B27F453C7E}
2012-04-01 18:56:43 -------- d-----w- c:\users\alex\appdata\local\{A94C6CA0-76BE-48D1-B934-A5AD5EB942AB}
2012-04-01 18:56:21 -------- d-----w- c:\users\alex\appdata\local\{AC7BF34D-303F-463B-A1B2-AF03210ECF90}
2012-04-01 06:56:45 -------- d-----w- c:\users\alex\appdata\local\{0A3CDA1E-FA16-42F5-B4AF-BB97DE583727}
2012-04-01 06:56:20 -------- d-----w- c:\users\alex\appdata\local\{520D16A1-B92C-44E6-ABEA-BCC450659534}
.
==================== Find3M ====================
.
2012-04-14 07:07:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 07:07:10 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-07 02:09:43 658528 ----a-w- c:\windows\system32\xsherlock.xem
2012-04-04 00:47:02 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-28 18:14:21 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-21 00:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 23:02:41 16304 ------w- c:\windows\system32\apl003.sys
2012-03-17 23:02:41 13232 ------w- c:\windows\system32\apf003.sys
2012-02-29 19:21:24 42392 ----a-w- c:\windows\system32\xfcodec.dll
2012-02-02 22:50:43 5265 ----a-w- c:\windows\system32\nppt9x.vxd
2012-02-02 22:50:43 4774 ----a-w- c:\windows\system32\npptNT2.sys
2012-02-01 02:30:36 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-01 02:30:26 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-02-01 02:30:18 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-01 02:30:16 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 23:35:56.29 ===============

Scolabar
2012-05-04, 09:44
Hi insaniclol,

Firstly, welcome to the Safer-Networking Malware Removal Forum. :)
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help I would be grateful if you would let me know.

Please note the following important guidelines before proceeding:
The instructions that will be provided are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
Absence of symptoms does not necessarily mean that everything is clear.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Please Note: If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.

Windows 7 Advice:
Please Note: The programs I ask you to use will need to be run in Administrator Mode.
In order to do this Right-click on the program file and select the Run as Administrator option.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
If prompted, please click on the Allow button.
Reference: User Account Control (UAC) and Running as Administrator (http://support.microsoft.com/kb/922708)


Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

Backup Your Data - Windows 7 (http://support.microsoft.com/kb/971759)
If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar

Scolabar
2012-05-04, 10:23
Hi insaniclol,

Thank you again for your patience. :)

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
Business or Educational Computer?

Entries in the log provided lead me to believe this computer may connect to a business or educational network.
Please confirm whether or not this computer is a company owned computer, a computer used for business or connects to a business or educational network.
If this is not the case, please proceed with Step 2 and clarify for what purposes this computer is used in your next post.

Step 2:
MGA Diagnostics

Please download this tool (http://go.microsoft.com/fwlink/?linkid=52012) from Microsoft and Save it to your Desktop.
Right-click on MGADiag.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Click on the Continue button to proceed.
The program will now run. It will take a short while to complete its diagnosis, please be patient.
When it has finished click on the Copy button.
Click on Start and then click on the Start Search box in the Start Menu.
Copy and Paste the following value into the open text entry box:

notepad

Then click on the magnifying glass symbol or press Enter.
This will open an empty Notepad file.
Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
Click on the OK button to exit the MGA Diagnostics program.
Then Copy and Paste the entire contents of mgadiag.txt into your next reply.
Step 3:
CKScanner

Please download CKScanner (http://downloads.malwareremoval.com/CKScanner.exe) and Save it to your Desktop.
Make sure that CKScanner.exe is on your Desktop before running the application!
Right-click on CKScanner.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Then click on the Search For Files button.
When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
A text file will be created on your Desktop named ckfiles.txt. A message box will verify the file saved.
Note: Please run the program ONCE only.
Click on the Exit button to close the program.
Double-click on the ckfiles.txt file to open it.
Then Copy and Paste the entire contents of the file into your next reply.
Step 4:
Include in Next Post

Did you have any problems carrying out the instructions?
Is this computer used for business purposes? Does the computer connect to a business or educational network? If not, please clarify for what purposes the computer is used.
mgadiag.txt.
ckfiles.txt.
Do you have original Windows installation media for your PC?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Scolabar
2012-05-06, 11:17
Hi insaniclol,

It has been over 48 hours since my last post.

Do you still need help?
Do you need more time?
Are you having problems following my instructions?
In line with Safer-Networking's Forum Guidelines, topics will be closed after 3 days without a response.
If you do not reply within the next 24 hours, this topic will be closed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Jack&Jill
2012-05-08, 02:26
Due to lack of response, this topic is now closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log. (http://forums.spybot.info/showpost.php?p=1150&postcount=2)

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.