Hello
I scanned with Avast, and it said that c:\windows\explorer.exe was infected with a trojan, and I couldnt move/rename or quarantine it. Considering its windows explorer I wouldnt want to anyway.
Here are all the required logs and my system specs:
AMD Anthlon 64 3500+
1 gb ram
Windows 7
__________________________________
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5391
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12/25/2010 1:30:44 PM
mbam-log-2010-12-25 (13-30-44).txt
Scan type: Quick scan
Objects scanned: 126658
Time elapsed: 2 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
____________________________________
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-25 13:41:38
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST340014AS rev.8.12
Running: n1dpgm86.exe; Driver: C:\Users\ADILMI~1\AppData\Local\Temp\uxrdqpog.sys
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8314D1F8
Device \Driver\atapi \Device\Ide\IdePort0 8314D1F8
Device \Driver\atapi \Device\Ide\IdePort1 8314D1F8
Device \Driver\atapi \Device\Ide\IdePort2 8314D1F8
Device \Driver\atapi \Device\Ide\IdePort3 8314D1F8
Device \Driver\atapi \Device\Ide\IdePort4 8314D1F8
Device \Driver\atapi \Device\Ide\IdePort5 8314D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-8 8314D1F8
Device \Driver\av224vqj \Device\Scsi\av224vqj1 8415A1F8
Device \Driver\av224vqj \Device\Scsi\av224vqj1Port6Path0Target0Lun0 8415A1F8
Device \FileSystem\Ntfs \Ntfs 8314F1F8
Device \FileSystem\fastfat \Fat 843891F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
________________________________________
DDS (Ver_10-12-12.02) - NTFSx86
Run by Adil Mian at 13:43:39.82 on 12/25/2010 Sat
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.932.81.1033.18.1023.626 [GMT 5:00]
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Adil Mian\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = about:blank
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-24 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-1-19 277544]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-24 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-24 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-24 138680]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
R3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2010-4-15 19648]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-24 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-24 352920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
=============== Created Last 30 ================
2010-12-25 06:03:58 -------- d-----w- c:\users\adilmi~1\appdata\roaming\Malwarebytes
2010-12-25 06:03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-25 06:03:53 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-25 06:03:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-25 06:03:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-24 15:30:32 -------- d-----w- c:\users\adilmi~1\appdata\roaming\74A168438519FE99441138E9104B7BD4
2010-12-23 13:25:08 -------- d-----w- c:\users\adilmi~1\appdata\roaming\SUPERAntiSpyware.com
2010-12-23 13:25:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-21 12:43:55 -------- d-----w- c:\users\adil mian\oni
2010-12-15 15:42:10 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-07 15:41:44 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-07 15:41:42 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-11-28 10:20:22 -------- d-----w- c:\program files\MagicISO
==================== Find3M ====================
2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-16 18:55:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-16 18:55:00 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-10-16 18:55:00 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-16 18:55:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55:00 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 07:42:20 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 07:42:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 07:42:16 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 07:42:12 2079336 ----a-w- c:\windows\system32\nvsvc.dll
============= FINISH: 13:44:05.26 ===============
Thank you in advance.
I scanned with Avast, and it said that c:\windows\explorer.exe was infected with a trojan, and I couldnt move/rename or quarantine it. Considering its windows explorer I wouldnt want to anyway.
Here are all the required logs and my system specs:
AMD Anthlon 64 3500+
1 gb ram
Windows 7
__________________________________
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5391
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12/25/2010 1:30:44 PM
mbam-log-2010-12-25 (13-30-44).txt
Scan type: Quick scan
Objects scanned: 126658
Time elapsed: 2 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
____________________________________
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-25 13:41:38
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST340014AS rev.8.12
Running: n1dpgm86.exe; Driver: C:\Users\ADILMI~1\AppData\Local\Temp\uxrdqpog.sys
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8314D1F8
Device \Driver\atapi \Device\Ide\IdePort0 8314D1F8
Device \Driver\atapi \Device\Ide\IdePort1 8314D1F8
Device \Driver\atapi \Device\Ide\IdePort2 8314D1F8
Device \Driver\atapi \Device\Ide\IdePort3 8314D1F8
Device \Driver\atapi \Device\Ide\IdePort4 8314D1F8
Device \Driver\atapi \Device\Ide\IdePort5 8314D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-8 8314D1F8
Device \Driver\av224vqj \Device\Scsi\av224vqj1 8415A1F8
Device \Driver\av224vqj \Device\Scsi\av224vqj1Port6Path0Target0Lun0 8415A1F8
Device \FileSystem\Ntfs \Ntfs 8314F1F8
Device \FileSystem\fastfat \Fat 843891F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
________________________________________
DDS (Ver_10-12-12.02) - NTFSx86
Run by Adil Mian at 13:43:39.82 on 12/25/2010 Sat
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.932.81.1033.18.1023.626 [GMT 5:00]
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Adil Mian\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = about:blank
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-24 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-1-19 277544]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-24 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-24 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-24 138680]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
R3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2010-4-15 19648]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-24 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-24 352920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
=============== Created Last 30 ================
2010-12-25 06:03:58 -------- d-----w- c:\users\adilmi~1\appdata\roaming\Malwarebytes
2010-12-25 06:03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-25 06:03:53 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-25 06:03:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-25 06:03:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-24 15:30:32 -------- d-----w- c:\users\adilmi~1\appdata\roaming\74A168438519FE99441138E9104B7BD4
2010-12-23 13:25:08 -------- d-----w- c:\users\adilmi~1\appdata\roaming\SUPERAntiSpyware.com
2010-12-23 13:25:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-21 12:43:55 -------- d-----w- c:\users\adil mian\oni
2010-12-15 15:42:10 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-07 15:41:44 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-07 15:41:42 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-11-28 10:20:22 -------- d-----w- c:\program files\MagicISO
==================== Find3M ====================
2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-16 18:55:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-16 18:55:00 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-10-16 18:55:00 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-16 18:55:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55:00 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 07:42:20 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 07:42:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 07:42:16 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 07:42:12 2079336 ----a-w- c:\windows\system32\nvsvc.dll
============= FINISH: 13:44:05.26 ===============
Thank you in advance.