Results 1 to 5 of 5

Thread: safesurf.exe keeps appearing and disappearing

  1. #1
    Junior Member
    Join Date
    Apr 2012
    Posts
    2

    Default safesurf.exe keeps appearing and disappearing

    Hi. Recently, this trojan came to annoy me during my gaming time. I tried to remove it by using the task manager but it keeps coming back after a few minutes. Right now, that thing keeps crashing and wants me to manually "close" it. A sort a popup message. It stills come back afterward. Anyway here's the DDS log.

    DDS log
    ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514
    Run by Alex at 23:34:46 on 2012-04-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1568 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\chrome\chrome.exe
    C:\Program Files\DAEMON Tools Pro\DTAgent.exe
    C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Logitech\SetPointG\SetPointII.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.ca/
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
    uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    {ae07101b-46d4-4a98-af68-0333ea26e113}
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
    uRun: [Google Update] "c:\users\alex\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    uRun: [Akamai NetSession Interface] "c:\users\alex\appdata\local\akamai\netsession_win.exe"
    uRun: [PlayNC Launcher]
    uRun: [Facebook Update] "c:\users\alex\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [AdobeBridge]
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
    mRun: [VX6000] c:\windows\vVX6000.exe
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [Chrome] c:\chrome\chrome.exe
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\alex\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{E312710C-FAD5-4D94-ACA4-370BCEF2D1A6} : DhcpNameServer = 192.168.2.1 192.168.2.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-4-14 263888]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-4-14 338880]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-4-14 656320]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-24 357968]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-24 294608]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-28 242240]
    R1 MpKsl394e62c9;MpKsl394e62c9;c:\programdata\microsoft\microsoft antimalware\definition updates\{090aacaa-c495-4dff-8a6a-4c76dd8ba2f9}\MpKsl394e62c9.sys [2012-4-29 29904]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-4-14 233976]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-3-9 176128]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-24 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-24 51280]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-24 40384]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-3-2 47640]
    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-1-3 2984832]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-3-9 7723008]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-3-9 239616]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-9-24 101392]
    R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-5-20 2074480]
    RUnknown DiagnosticScan;DiagnosticScan; [x]
    RUnknown Start1Driver;Start1Driver; [x]
    S2 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\pc tools security\bdt\bdtupdateservice.exe" --> c:\program files\pc tools security\bdt\BDTUpdateService.exe [?]
    S2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [2012-3-20 609792]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 253088]
    S3 apf003;apf003;c:\windows\system32\apf003.sys [2012-3-17 13232]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsauxs.exe --> c:\program files\pc tools security\pctsAuxs.exe [?]
    S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctssvc.exe --> c:\program files\pc tools security\pctsSvc.exe [?]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-24 52224]
    S3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-2-3 658528]
    SUnknown MpKsl74aa916b;MpKsl74aa916b; [x]
    .
    =============== Created Last 30 ================
    .
    2012-04-29 09:14:08 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{090aacaa-c495-4dff-8a6a-4c76dd8ba2f9}\offreg.dll
    2012-04-29 09:14:08 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{090aacaa-c495-4dff-8a6a-4c76dd8ba2f9}\MpKsl394e62c9.sys
    2012-04-29 09:12:36 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{090aacaa-c495-4dff-8a6a-4c76dd8ba2f9}\mpengine.dll
    2012-04-29 04:46:20 6734704 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-04-29 03:31:56 -------- d-----w- C:\ijji
    2012-04-29 03:30:08 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
    2012-04-29 03:30:08 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
    2012-04-29 03:30:08 -------- d-----w- C:\Temp
    2012-04-29 02:51:47 -------- d-----w- c:\users\alex\appdata\local\{1876F58D-4CCC-4B24-8FEE-A854085116A3}
    2012-04-29 02:51:32 -------- d-----w- c:\users\alex\appdata\local\{85F537F4-3138-459D-86FF-61220A961B99}
    2012-04-28 06:58:45 -------- d-----w- c:\users\alex\appdata\local\{CD5C8CC6-D91B-4020-806A-286F997BD638}
    2012-04-28 06:58:24 -------- d-----w- c:\users\alex\appdata\local\{8147E985-2753-4023-A700-056F1335553C}
    2012-04-28 03:15:58 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{84b91b85-077d-4d3d-ab5c-c3720f52b8e9}\gapaengine.dll
    2012-04-28 03:12:33 -------- d-----w- c:\program files\Microsoft Security Client
    2012-04-28 03:02:18 -------- d-----w- c:\users\alex\appdata\local\{A83B8262-8D04-4DEC-9E59-A28529E5F870}
    2012-04-28 03:01:41 -------- d-----w- c:\users\alex\appdata\local\{113BC27C-5E11-4D67-A076-983F2CD203C5}
    2012-04-28 02:55:06 -------- d-----w- C:\AMD
    2012-04-27 23:50:34 -------- d-----w- c:\users\alex\appdata\local\{0D201DC6-F0D2-4D73-9A69-B269A0B24EA4}
    2012-04-27 23:49:02 537432 ----a-w- c:\program files\common files\windows live\.cache\5217452c1cd24d001\DXSETUP.exe
    2012-04-27 23:49:01 89944 ----a-w- c:\program files\common files\windows live\.cache\5217452c1cd24d001\DSETUP.dll
    2012-04-27 23:49:01 1801048 ----a-w- c:\program files\common files\windows live\.cache\5217452c1cd24d001\dsetup32.dll
    2012-04-27 23:47:29 -------- d-----w- c:\users\alex\appdata\local\{DA1944F4-CE67-4BEB-9925-9B3FF82C82C0}
    2012-04-27 23:47:09 -------- d-----w- c:\users\alex\appdata\local\{F2D0BC2F-F70B-4AF3-AB70-1934D16A0580}
    2012-04-26 02:53:38 -------- d-----w- c:\program files\REACTOR
    2012-04-24 20:43:56 -------- d-----w- C:\koramgame
    2012-04-24 20:43:00 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2012-04-24 20:43:00 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
    2012-04-24 20:42:59 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
    2012-04-24 20:42:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
    2012-04-24 20:42:59 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
    2012-04-24 20:42:58 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
    2012-04-24 20:42:57 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
    2012-04-24 20:42:55 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
    2012-04-20 17:01:38 -------- d-----w- c:\programdata\Blizzard Entertainment
    2012-04-20 07:22:58 -------- d-----w- c:\program files\common files\Blizzard Entertainment
    2012-04-20 07:21:35 -------- d-----w- c:\programdata\Battle.net
    2012-04-19 22:45:11 -------- d-----w- c:\program files\SplitMediaLabs
    2012-04-15 03:39:22 767952 ----a-w- c:\windows\BDTSupport.dll
    2012-04-15 03:39:21 2074576 ----a-w- c:\windows\PCTBDCore.dll
    2012-04-15 03:39:21 1533904 ----a-w- c:\windows\PCTBDRes.dll
    2012-04-15 03:39:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2012-04-15 03:36:01 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2012-04-15 03:36:01 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2012-04-15 03:36:01 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-04-15 03:36:01 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2012-04-15 03:35:57 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-04-15 03:35:57 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-04-15 03:35:56 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-04-15 03:35:55 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-04-15 03:35:44 -------- d-----w- c:\programdata\PC Tools
    2012-04-15 03:35:44 -------- d-----w- c:\program files\common files\PC Tools
    2012-04-10 06:49:10 -------- d-----w- c:\users\alex\appdata\local\{7E301E07-9DAC-4636-B60C-E69B38DEA3B4}
    2012-04-10 06:48:48 -------- d-----w- c:\users\alex\appdata\local\{E8A3579D-C501-497C-9A68-208482B7B595}
    2012-04-10 03:48:50 -------- d-----w- c:\users\alex\appdata\local\{B19DF15C-7B59-474D-B23C-174911AC7315}
    2012-04-10 03:47:04 -------- d-----w- c:\users\alex\appdata\local\Smartbar
    2012-04-10 03:44:32 -------- d-----w- c:\users\alex\appdata\local\{3E6ABEC2-B6A0-40B6-BE58-73DAFA5044C6}
    2012-04-10 03:44:19 -------- d-----w- c:\users\alex\appdata\local\{429AB84A-D459-4931-8471-431022A34645}
    2012-04-09 08:09:07 40960 ----a-r- c:\users\alex\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2012-04-09 08:09:07 40960 ----a-r- c:\users\alex\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\ARPPRODUCTICON.exe
    2012-04-09 08:08:41 -------- d-----w- c:\program files\Project64 1.6
    2012-04-07 23:23:29 -------- d-----w- c:\users\alex\appdata\local\SplitMediaLabs
    2012-04-07 01:52:24 -------- d-----w- c:\programdata\WEBZEN
    2012-04-06 21:11:23 -------- d-----w- c:\users\alex\appdata\local\{95330642-5F64-4A0A-8CF8-9DBD0FF001A3}
    2012-04-02 18:56:42 -------- d-----w- c:\users\alex\appdata\local\{D65D35CB-A627-4C14-B145-5AC44AE2039C}
    2012-04-02 18:56:20 -------- d-----w- c:\users\alex\appdata\local\{65CEB3C0-B140-45C0-BA78-F83095C9241E}
    2012-04-02 06:56:44 -------- d-----w- c:\users\alex\appdata\local\{53D2A0FA-1E0A-46AA-971D-12ECF8CDCCFB}
    2012-04-02 06:56:22 -------- d-----w- c:\users\alex\appdata\local\{DEEF0F14-157E-45A1-9F33-A4B27F453C7E}
    2012-04-01 18:56:43 -------- d-----w- c:\users\alex\appdata\local\{A94C6CA0-76BE-48D1-B934-A5AD5EB942AB}
    2012-04-01 18:56:21 -------- d-----w- c:\users\alex\appdata\local\{AC7BF34D-303F-463B-A1B2-AF03210ECF90}
    2012-04-01 06:56:45 -------- d-----w- c:\users\alex\appdata\local\{0A3CDA1E-FA16-42F5-B4AF-BB97DE583727}
    2012-04-01 06:56:20 -------- d-----w- c:\users\alex\appdata\local\{520D16A1-B92C-44E6-ABEA-BCC450659534}
    .
    ==================== Find3M ====================
    .
    2012-04-14 07:07:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-14 07:07:10 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-07 02:09:43 658528 ----a-w- c:\windows\system32\xsherlock.xem
    2012-04-04 00:47:02 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-03-28 18:14:21 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-03-21 00:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-03-17 23:02:41 16304 ------w- c:\windows\system32\apl003.sys
    2012-03-17 23:02:41 13232 ------w- c:\windows\system32\apf003.sys
    2012-02-29 19:21:24 42392 ----a-w- c:\windows\system32\xfcodec.dll
    2012-02-02 22:50:43 5265 ----a-w- c:\windows\system32\nppt9x.vxd
    2012-02-02 22:50:43 4774 ----a-w- c:\windows\system32\npptNT2.sys
    2012-02-01 02:30:36 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-02-01 02:30:26 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2012-02-01 02:30:18 30592 ----a-w- c:\windows\system32\LMIport.dll
    2012-02-01 02:30:16 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 23:35:56.29 ===============

  2. #2
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi insaniclol,

    Firstly, welcome to the Safer-Networking Malware Removal Forum.
    My name is Scolabar, and I'll be helping you with your malware problems.
    Logs can take a while to research, so please be patient.
    If you no longer require help I would be grateful if you would let me know.

    Please note the following important guidelines before proceeding:
    1. The instructions that will be provided are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
      !
    2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
    3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
    4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
      Absence of symptoms does not necessarily mean that everything is clear.
    5. DO NOT run any other fix or removal tools unless instructed to do so!
    6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
    8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

    Please Note: If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.

    Windows 7 Advice:
    Please Note: The programs I ask you to use will need to be run in Administrator Mode.
    In order to do this Right-click on the program file and select the Run as Administrator option.
    Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
    If prompted, please click on the Allow button.
    Reference: User Account Control (UAC) and Running as Administrator

    Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
    In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.


    If you follow these guidelines, things should proceed smoothly.
    I am currently reviewing your log and will return, as soon as possible, with additional instructions.

    Thank you for your patience.

    Scolabar
    Malware Removal University - You too could train to help others

  3. #3
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi insaniclol,

    Thank you again for your patience.

    Please read these instructions carefully before executing and perform the steps, in the order given.
    lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before proceeding please make sure any open programs are closed.

    Step 1:
    Business or Educational Computer?

    Entries in the log provided lead me to believe this computer may connect to a business or educational network.
    Please confirm whether or not this computer is a company owned computer, a computer used for business or connects to a business or educational network.
    If this is not the case, please proceed with Step 2 and clarify for what purposes this computer is used in your next post.

    Step 2:
    MGA Diagnostics

    1. Please download this tool from Microsoft and Save it to your Desktop.
    2. Right-click on MGADiag.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Click on the Continue button to proceed.
    4. The program will now run. It will take a short while to complete its diagnosis, please be patient.
    5. When it has finished click on the Copy button.
    6. Click on Start and then click on the Start Search box in the Start Menu.
    7. Copy and Paste the following value into the open text entry box:

      • notepad

    8. Then click on the magnifying glass symbol or press Enter.
    9. This will open an empty Notepad file.
    10. Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
    11. Click on the OK button to exit the MGA Diagnostics program.
    12. Then Copy and Paste the entire contents of mgadiag.txt into your next reply.

    Step 3:
    CKScanner

    1. Please download CKScanner and Save it to your Desktop.
      Make sure that CKScanner.exe is on your Desktop before running the application!
    2. Right-click on CKScanner.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Then click on the Search For Files button.
    4. When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
      A text file will be created on your Desktop named ckfiles.txt. A message box will verify the file saved.
      Note: Please run the program ONCE only.
    5. Click on the Exit button to close the program.
    6. Double-click on the ckfiles.txt file to open it.
    7. Then Copy and Paste the entire contents of the file into your next reply.

    Step 4:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. Is this computer used for business purposes? Does the computer connect to a business or educational network? If not, please clarify for what purposes the computer is used.
    3. mgadiag.txt.
    4. ckfiles.txt.
    5. Do you have original Windows installation media for your PC?


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  4. #4
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi insaniclol,

    It has been over 48 hours since my last post.

    • Do you still need help?
    • Do you need more time?
    • Are you having problems following my instructions?
    • In line with Safer-Networking's Forum Guidelines, topics will be closed after 3 days without a response.
    • If you do not reply within the next 24 hours, this topic will be closed.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  5. #5
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Due to lack of response, this topic is now closed.

    If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log.

    If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    Everyone else please begin a New Topic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •