1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive iexplore.exe malware and other problems

Discussion in 'Malware and Virus Removal Archive' started by amcoolio, 2011/05/14.

Thread Status:
Not open for further replies.
  1. 2011/05/14
    amcoolio

    amcoolio Inactive Thread Starter

    Joined:
    2011/05/14
    Messages:
    2
    Likes Received:
    0
    [Inactive] iexplore.exe malware and other problems

    Hi,

    I took over an office computer that I can't really reformat as it has a lot of POS software/settings on it that I can't reinstall. There is a process running by system called iexplore.exe that is taking a lot of CPU usage and its not internet explorer. There are also some related popups with no browser open. I'm new to Hijackthis so I figured if I posted the log someone can help me out.

    [HJT log removed - Broni]

    It looks like there are some .exe files that are running that should be, like "C:\Documents and Settings\All Users\Application Data\w3cb8lXc.exe ".
     
    Last edited by a moderator: 2011/05/14
    amcoolio,
    #1
  2. 2011/05/14
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Welcome to WindowsBBS :)

    Please read this as indicated at the head of the forum and post the logs requested in this thread.

    An HJT log is not required.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2011/05/14
    amcoolio

    amcoolio Inactive Thread Starter

    Joined:
    2011/05/14
    Messages:
    2
    Likes Received:
    0
    MBAM
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6520

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5/13/2011 12:02:21 PM
    mbam-log-2011-05-13 (12-02-21).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 293344
    Time elapsed: 50 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\ICS5R7Y0OS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\R8388QA8U8 (Trojan.Downloader) -> Value: R8388QA8U8 -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pL31000MaKpJ31000 (Trojan.FakeAlert.Gen) -> Value: pL31000MaKpJ31000 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\administrator\local settings\Temp\Ich.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\pl31000makpj31000\pl31000makpj31000.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\local settings\Temp\Icg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\WINDOWS\Idaxua.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


    MBR

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 121):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xB85A8000 \WINDOWS\system32\KDCOM.DLL
    0xB84B8000 \WINDOWS\system32\BOOTVID.dll
    0xB7F79000 ACPI.sys
    0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB7F68000 pci.sys
    0xB80A8000 isapnp.sys
    0xB8670000 pciide.sys
    0xB8328000 \WINDOWS\system32\drivers\PCIIDEX.SYS
    0xB85AC000 intelide.sys
    0xB80B8000 MountMgr.sys
    0xB7F49000 ftdisk.sys
    0xB85AE000 dmload.sys
    0xB7F23000 dmio.sys
    0xB8330000 PartMgr.sys
    0xB80C8000 VolSnap.sys
    0xB7F0B000 atapi.sys
    0xB80D8000 disk.sys
    0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB7EEB000 fltmgr.sys
    0xB7ED9000 sr.sys
    0xB7EC2000 KSecDD.sys
    0xB7EAF000 WudfPf.sys
    0xB7E22000 Ntfs.sys
    0xB7DF5000 NDIS.sys
    0xB7DDB000 Mup.sys
    0xB8278000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
    0xB83B8000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xB7D7F000 \SystemRoot\system32\DRIVERS\parport.sys
    0xB85C8000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0xB8288000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB8574000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB83C0000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0xB83C8000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB7D5B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xB83D0000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB7D33000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB8298000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB82A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB82B8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB7D10000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB82C8000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
    0xB7C26000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
    0xB7209000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB71F5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB857C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xB87E7000 \SystemRoot\system32\DRIVERS\lmimirr.sys
    0xB87E8000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB82D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB8580000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB71DE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB82E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB82F8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB83D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB71CD000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB8308000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xB83E0000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xB83E8000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB719D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB8318000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xB83F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB83F8000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB85CE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB7106000 \SystemRoot\system32\DRIVERS\update.sys
    0xB85A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB8400000 \SystemRoot\system32\DRIVERS\evsbc.sys
    0xB8158000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB8168000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xB85D0000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB8178000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
    0xB4A04000 \SystemRoot\system32\drivers\viahduaa.sys
    0xB49E0000 \SystemRoot\system32\drivers\portcls.sys
    0xB81A8000 \SystemRoot\system32\drivers\drmk.sys
    0xB488C000 \SystemRoot\system32\drivers\monfilt.sys
    0xB8418000 \SystemRoot\system32\drivers\nvhda32.sys
    0xB85D6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB86EC000 \SystemRoot\System32\Drivers\Null.SYS
    0xB85D8000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB8430000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xB8438000 \SystemRoot\System32\drivers\vga.sys
    0xB85DA000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xB85DC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB8440000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB8448000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB8554000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB4831000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB47D8000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB47B0000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB478A000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB4768000 \SystemRoot\System32\drivers\afd.sys
    0xB81D8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB81F8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB469D000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB462D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB8208000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB7195000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB8228000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xB8458000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xB7191000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB7189000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xB8470000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xB717D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB4748000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB451A000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xB8650000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB8550000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB8368000 \SystemRoot\System32\watchdog.sys
    0xBD000000 \SystemRoot\System32\drivers\dxg.sys
    0xB8714000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBD012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB4212000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB3ECD000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB4022000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB3AE8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB3728000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB325C000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB0DDA000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 48):
    0 System Idle Process
    4 System
    636 C:\WINDOWS\system32\smss.exe
    684 csrss.exe
    708 C:\WINDOWS\system32\winlogon.exe
    752 C:\WINDOWS\system32\services.exe
    764 C:\WINDOWS\system32\lsass.exe
    936 C:\WINDOWS\system32\nvsvc32.exe
    968 C:\WINDOWS\system32\svchost.exe
    1016 svchost.exe
    1104 C:\WINDOWS\system32\svchost.exe
    1144 C:\WINDOWS\system32\svchost.exe
    1196 svchost.exe
    1300 svchost.exe
    1516 C:\WINDOWS\system32\spoolsv.exe
    1544 C:\WINDOWS\system32\rundll32.exe
    1860 C:\WINDOWS\explorer.exe
    188 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    200 C:\FPOS40\Bin\SVCMGR.exe
    212 C:\FPOS40\Bin\INETCCAM.exe
    300 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    316 C:\FPOS40\Bin\WINSCHED.exe
    332 svchost.exe
    340 C:\PROGRA~1\GFI\GFIBAC~1\GFIAgent.exe
    412 C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe
    368 UPDENG2.EXE
    812 C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
    1056 C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
    1128 C:\PROGRA~1\GFI\GFIBAC~1\GFIAgent .exe
    1296 C:\Program Files\Java\jre6\bin\jqs.exe
    376 C:\Program Files\Common Files\Motive\McciCMService.exe
    148 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    1456 C:\WINDOWS\system32\IoctlSvc.exe
    1676 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    2504 C:\WINDOWS\system32\svchost.exe
    2536 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2732 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3300 alg.exe
    3924 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    2688 C:\WINDOWS\system32\taskmgr.exe
    3756 C:\WINDOWS\system32\rundll32.exe
    5400 C:\Documents and Settings\All Users\Application Data\w3cb8lXc.exe
    5456 C:\Documents and Settings\All Users\Application Data\w3cb8lXc.exe
    5692 C:\Documents and Settings\All Users\Application Data\w3cb8lXc.exe
    4684 C:\Program Files\Mozilla Firefox\firefox.exe
    3964 C:\Program Files\Mozilla Firefox\plugin-container.exe
    848 iexplore.exe
    1284 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: ST380815AS, Rev: 4.AAB

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 6BC52EFF0B4294A010F0D81DC7CD30387256635F


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    DDS

    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Administrator at 13:40:51.75 on Sat 05/14/2011
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1187 [GMT -4:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\FPOS40\Bin\SVCMGR.exe
    C:\FPOS40\Bin\INETCCAM.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\FPOS40\Bin\WINSCHED.exe
    svchost.exe
    C:\PROGRA~1\GFI\GFIBAC~1\GFIAgent.exe
    C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
    C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
    C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
    C:\PROGRA~1\GFI\GFIBAC~1\GFIAgent .exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\All Users\Application Data\w3cb8lXc.exe
    C:\Documents and Settings\All Users\Application Data\w3cb8lXc.exe
    C:\Documents and Settings\All Users\Application Data\w3cb8lXc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.att.net
    uInternet Connection Wizard,ShellNext = iexplore
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
    uRun: [GFI Backup 2009 - Home Edition] "c:\progra~1\gfi\gfibac~1\GFIAgent.exe "
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRunOnce: [dlccUninstallerRan]
    dRunOnce: [SpybotDeletingD824] cmd.exe /c del "c:\documents and settings\administrator\start menu\programs\antimalware doctor\Antimalware Doctor.lnk "
    dRunOnce: [SpybotDeletingB5156] command.com /c del "c:\documents and settings\administrator\start menu\programs\antimalware doctor\Uninstall.lnk "
    dRunOnce: [SpybotDeletingD8287] cmd.exe /c del "c:\documents and settings\administrator\start menu\programs\antimalware doctor\Uninstall.lnk "
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_ActiveX.exe -update activex
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\future~1.lnk - c:\fpos40\bin\SVCMGR.exe
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\intern~1.lnk - c:\fpos40\bin\INETCCAM.exe
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\purgeo~1.lnk - c:\fpos40\bin\PURGEOLD.exe
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\refpos~1.lnk - c:\fpos40\bin\ReFposAll.exe
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\window~1.lnk - c:\fpos40\bin\WINSCHED.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    Trusted Zone: motive.com\patttbc.att
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: {A31EBDE9-2F9D-4A3A-9626-8220679269D8} = 192.168.1.254,208.67.222.222,8.8.8.8,2.4.4.1,208.67.220.220,8.8.4.4,2.4.4.2
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\silptmcl.default\
    FF - prefs.js: browser.startup.homepage - hxxp://foggy-rock.com/
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 FPOSUpdate;Future P.O.S. 4.1 Update;c:\windows\system32\UPDENG2.EXE [2009-10-1 335872]
    R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\gfi\gfibac~1\GFIHInst.exe [2009-12-11 440616]
    R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\gfi\gfibac~1\GFIHSC~1.EXE [2009-12-11 2324848]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-9-11 31392]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-9-11 222976]
    R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2011-1-3 27904]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-6 136176]
    S2 kitchiService;kitchiService; "c:\program files\pw2 computer services\kitchi\kitchiservice.exe" --> c:\program files\pw2 computer services\kitchi\kitchiService.exe [?]
    S2 sec_service;Eltima Serial To Ethernet Connector Service;c:\program files\eltima software\sec\sec_service.exe [2011-1-3 1798144]
    S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2011-1-3 53888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-6 136176]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-9-11 14336]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-9-11 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    UnknownUnknown LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2011-05-14 15:51:42 81920 ----a-w- c:\windows\system32\ieencode.dll
    2011-05-14 15:51:42 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
    2011-05-14 12:59:48 111618 ----a-w- c:\docume~1\alluse~1\applic~1\w3cb8lXc.exe
    2011-05-07 02:12:21 -------- d-----w- c:\program files\msn gaming zone
    2011-05-06 22:26:40 -------- d-----w- c:\windows\ServicePackFiles
    2011-05-06 21:20:28 -------- d-----w- c:\windows\pss
    2011-05-06 16:02:26 54016 ----a-w- c:\windows\system32\drivers\mtixtryw.sys
    2011-05-06 15:00:31 54016 ----a-w- c:\windows\system32\drivers\uemtwwd.sys
    2011-05-06 06:00:15 45568 ----a-w- c:\windows\system32\test.exe
    2011-05-06 02:19:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\pL31000MaKpJ31000
    2011-05-06 02:18:39 -------- d-----w- c:\docume~1\admini~1\applic~1\7E7752509272220A7601AAE80855FE57
    2011-05-01 04:46:40 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
    2011-05-01 04:46:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-01 04:46:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-05-01 04:46:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-01 04:46:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 13:41:44.46 ===============

    Attach

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/25/2009 3:24:48 PM
    System Uptime: 5/14/2011 12:01:50 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M3N78-VM
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5400+ | AM2 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 55.237 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 5/6/2011 10:27:21 AM - System Checkpoint
    RP2: 5/7/2011 12:15:55 PM - System Checkpoint
    RP3: 5/8/2011 12:35:22 PM - System Checkpoint
    RP4: 5/9/2011 2:37:19 PM - System Checkpoint
    RP5: 5/10/2011 3:35:19 PM - System Checkpoint
    RP6: 5/11/2011 3:46:29 PM - System Checkpoint
    RP7: 5/12/2011 8:29:23 PM - System Checkpoint
    RP8: 5/13/2011 9:07:11 PM - System Checkpoint
    RP9: 5/14/2011 11:53:10 AM - Installed Windows Internet Explorer 8.
    RP10: 5/14/2011 1:03:24 PM - Removed LogMeIn
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.15 beta
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.2
    Adobe Shockwave Player 11.5
    Alpha Ethernet Setup
    AlphaNET 30 Demo Install
    DSIClient Version 2.50
    EPSON Scan
    EPSON TMNet WinConfig Ver.3.00
    EpsonNet Print
    FeedForAll v2.0
    FileZilla Client 3.4.0
    GFI Backup 2009 - Home Edition
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Deskjet 2050 J510 series Basic Device Software
    HP Deskjet 2050 J510 series Help
    HP Deskjet 2050 J510 series Product Improvement Study
    HP Photo Creations
    HP Update
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 21
    kitchi
    LEDSignBackyardBallgameScoreboard 1.1
    LEDSignHelloWorld 1.1
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero 8 Essentials
    neroxml
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    OpenOffice.org 3.2
    Platform
    QuickBooks
    QuickBooks Pro 2010
    Rodney Whats The Score
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB970483)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Serial to Ethernet Connector 5.0 (Build 5.0.7.376)
    System Requirements Lab
    TCP-Com Serial to TCP/IP Converter
    TeamViewer 5
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VCRedistSetup
    VIA Platform Device Manager
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Live ID Sign-in Assistant
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows PowerShell(TM) 1.0
    WinRAR 4.00 (32-bit)
    WinSCP 4.2.8
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/9/2011 5:04:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
    5/9/2011 4:04:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
    5/9/2011 3:04:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
    5/9/2011 2:04:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
    5/9/2011 12:04:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
    5/9/2011 1:04:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
    5/8/2011 9:04:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
    5/8/2011 9:04:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
    5/8/2011 8:04:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
    5/8/2011 8:04:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
    5/8/2011 7:04:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
    5/8/2011 7:04:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
    5/8/2011 6:04:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
    5/8/2011 6:04:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
    5/8/2011 5:04:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
    5/8/2011 4:04:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
    5/8/2011 3:04:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
    5/8/2011 2:04:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
    5/8/2011 12:04:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
    5/8/2011 11:04:00 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
    5/8/2011 11:04:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
    5/8/2011 10:04:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
    5/8/2011 10:04:00 AM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
    5/8/2011 1:04:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
    5/14/2011 9:20:36 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Eltima Serial To Ethernet Connector Service service to connect.
    5/14/2011 9:20:36 AM, error: Service Control Manager [7000] - The kitchiService service failed to start due to the following error: The system cannot find the path specified.
    5/11/2011 12:40:17 PM, error: Print [6161] - The document Print Indian Lentil Soup Dal Shorva) Recipe - Food.com - 132397 owned by Guest failed to print on printer HP Deskjet 2050 J510 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 173720. Number of bytes printed: 173500. Total number of pages in the document: 2. Number of pages printed: 1. Client machine: \\ANDREWLAPTOP. Win32 error code returned by the print processor: 0 (0x0).
    5/10/2011 9:15:52 AM, error: Print [6161] - The document Sales by Range Report owned by Administrator failed to print on printer HP Deskjet 2050 J510 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\BACKOFFICE. Win32 error code returned by the print processor: 0 (0x0).
    .
    ==== End Of File ===========================

    GMER automatically closes and I can't save
     
    amcoolio,
    #3
  5. 2011/05/14
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Thanks :)

    One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

    Thank you for your patience.

    BTW - please do not use CODE tags for logs, it makes them very difficult to read. CODE is for code :)
     
    PeteC,
    #4
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...