Results 1 to 3 of 3

Thread: Win32.AutoRun.tmp Infection - DDS Logs

  1. #1
    Junior Member
    Join Date
    Jun 2010
    Posts
    9

    Default Win32.AutoRun.tmp Infection - DDS Logs

    While using my browsers - FF and Chrome - I noticed that a tab would open a website without myself taking action so I downloaded Spybot S&D and it found Win32.AutoRun.tmp. Any help is greatly appreciated.

    here is the DDS Log:



    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Kevin at 11:08:12.72 on Fri 06/25/2010
    Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.899 [GMT -7:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Fitbit\fitbit.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ATK Hotkey\Hcontrol.exe
    C:\Program Files\ATK Hotkey\MsgTranAgt.exe
    C:\Program Files\ATK Hotkey\ATKOSD.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ATK Hotkey\WDC.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Lenovo\EnergyCut\utilty.exe
    C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
    C:\Program Files\OpenVPN\bin\openvpn-gui.exe
    C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files\CyberLink\Shared Files\brs.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Fitbit\fitbit-tray.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Safer Networking\RunAlyzer\RunAlyzer.exe
    C:\Windows\regedit.exe
    C:\Users\Kevin\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://lenovo.live.com/
    mDefault_Page_URL = hxxp://www.lenovo.com
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Taskman=c:\users\kevin\appdata\roaming\mrpky.exe
    uWinlogon: Shell=explorer.exe,c:\users\kevin\appdata\roaming\mrpky.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Google Update] "c:\users\kevin\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [DW6]
    uRun: [Fitbit Service Monitor] c:\program files\fitbit\fitbit-tray.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [Unattend0000000001{CE1C30CE-8390-4E54-A1C0-A091EBC35790}] c:\windows\test.bat
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [EnergyCut_Utility] c:\program files\lenovo\energycut\utilty.exe
    mRun: [EnergyCut] c:\program files\lenovo\energycut\EnergyCut.exe
    mRun: [openvpn-gui] c:\program files\openvpn\bin\openvpn-gui.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
    mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
    IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - c:\program files\lenovo\veriface\OpenWnd.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\kevin\appdata\roaming\mozilla\firefox\profiles\1akj8vmq.default\
    FF - component: c:\users\kevin\appdata\roaming\mozilla\firefox\profiles\1akj8vmq.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
    FF - component: c:\users\kevin\appdata\roaming\mozilla\firefox\profiles\1akj8vmq.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\opera 10 beta\program\plugins\NPSWF32.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\kevin\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\kevin\appdata\roaming\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\users\kevin\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-1-29 93360]
    R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/27 22:07:03];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]
    R2 Fitbit;Fitbit Data Uploader;c:\program files\fitbit\fitbit.exe [2009-12-29 799864]
    R2 kqemu;kqemu driver;c:\windows\system32\drivers\kqemu.sys [2007-2-6 123939]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-24 1153368]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-5-19 21520]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
    R3 lvvflt;Lenovo Video Filter;c:\windows\system32\drivers\lvVFlt.sys [2008-5-23 42904]
    R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSlh.sys [2009-9-23 543064]
    R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplaylh.sys [2009-9-23 190312]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-9-23 21848]
    R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVollh.sys [2009-9-23 14680]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608]
    R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-24 136176]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2007-1-23 6016]
    S3 CapFilt;CapFilt;c:\windows\system32\drivers\CapFilt.sys [2008-7-18 18048]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-18 21504]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-11-2 18176]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-22 7680]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2008-3-3 23296]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
    S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2009-12-29 14848]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-06-25 17:47:46 0 d-----w- c:\program files\Safer Networking
    2010-06-25 16:38:08 0 d-----w- c:\program files\Trend Micro
    2010-06-25 05:04:39 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2010-06-25 05:04:39 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-06-25 04:54:46 0 d-----w- c:\program files\McAfee Security Scan
    2010-06-23 10:01:38 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-06-23 10:01:38 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-06-23 10:01:38 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-06-23 10:01:38 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-06-23 10:01:38 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-06-23 05:06:38 0 d-----w- c:\users\kevin\appdata\roaming\com.rdio.desktop.3DBCFCD30911C934939BC57CB763235E8F0B2837.1
    2010-06-23 02:36:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-06-23 02:36:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-06-19 02:45:16 71168 --sh--r- c:\users\kevin\appdata\roaming\mrpky.exe
    2010-06-06 13:01:15 2048 ----a-w- c:\windows\system32\tzres.dll

    ==================== Find3M ====================

    2010-06-19 20:35:12 27335 ----a-w- c:\users\kevin\appdata\roaming\nvModes.dat
    2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
    2010-05-21 21:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-16 22:40:22 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
    2010-04-29 18:47:18 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-04-28 05:03:15 505128 ----a-w- c:\windows\system32\msvcp71.dll
    2010-04-28 05:03:15 353576 ----a-w- c:\windows\system32\msvcr71.dll
    2010-04-28 05:03:15 29480 ----a-w- c:\windows\system32\msxml3a.dll
    2010-04-05 17:01:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
    2009-12-30 03:09:04 51200 ----a-w- c:\windows\inf\infpub.dat
    2009-12-30 03:09:04 143360 ----a-w- c:\windows\inf\infstrng.dat
    2009-12-30 03:08:59 86016 ----a-w- c:\windows\inf\infstor.dat
    2009-11-02 04:54:18 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-07-19 05:26:54 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-11-03 02:21:18 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-10-17 05:47:45 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

    ============= FINISH: 11:09:29.54 ===============

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Download GMER here by clicking download exe -button and then saving it your desktop:
    • Double-click .exe that you downloaded
    • Click rootkit-tab, uncheck all but sections option and then click scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard
    • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply. Post also fresh dds logs contents (both dds.txt & attach.txt)
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •