cheesehead9099
Posts: 12 +0
Today I found some suspicious folders in the C: drive - they are both random numbers and letters, and one has the files $shtdwn$.req, mrt.exe._p, and mrtstub.exe in it. When I try to open the files, it says "you do not have permission to open these files. contact the administrator or owner for permission." The other has spinstall.exe as well as another folder with a long name of numbers and letters, which opens up to reveal 20-25 folders with the name pt-br, pt-pt, ro-ro, etc. All of these folders have the same 4 files in them: acres.dll.mui, spcmsg.dll.mui, sperror.dll.mui, and spwizui.dll.mui. I need to know whether these files are viruses or not.. I've run all the required scans and have pasted the logs below. The computer has had virus problems in the past and I have found and removed some trojans and adware programs with MBAM, MSE, and more. Computer is running win 7 x32 and is sometimes glitchy (I.e. cursor jumps around, random programs 'not responding')
Please help me in determining whether or not this computer is infected
DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by jatbai at 21:13:03 on 2012-07-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3033.2041 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Windows\System32\IgrsSvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\StikyNot.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://www.lenovo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [GameXN GO] "c:\programdata\gamexn\GameXNGO.exe" /startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-in.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81}\2454C4C4731393 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81}\64255454023554C4543445023514E44475943484027594D26494 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81}\75C414E4 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81}\845627F6 : DhcpNameServer = 192.168.0.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 171064]
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-12-12 54800]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2009-7-14 38152]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-8-11 30152]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-1-20 23136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-6-19 374648]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2009-12-12 11792]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-5 135664]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2009-12-12 63240]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-5 135664]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2009-12-12 414984]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2009-12-12 472328]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-21 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-13 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-22 81704]
.
=============== Created Last 30 ================
.
2012-07-25 18:45:126891424----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{fd054265-0189-42c1-aea2-17db5d9e967c}\mpengine.dll
2012-07-25 18:40:59766976----a-w-c:\program files\common files\microsoft shared\vgx\VGX.dll
2012-07-25 18:36:40--------d-----w-c:\users\jatbai\appdata\local\{AC1AED8E-2441-438F-95B8-A4376366CFC1}
2012-07-25 18:35:42--------d-----w-c:\users\jatbai\appdata\local\{E72604DC-7FC1-4B47-8660-B3ABFF61CE9D}
2012-07-23 02:12:22--------d-----w-c:\users\jatbai\appdata\roaming\SUPERAntiSpyware.com
2012-07-23 02:12:11--------d-----w-c:\programdata\SUPERAntiSpyware.com
2012-07-23 02:12:11--------d-----w-c:\program files\SUPERAntiSpyware
2012-07-22 22:39:236891424----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-22 22:19:04--------d-----w-c:\program files\Microsoft
2012-07-22 22:18:236891424----a-w-c:\programdata\microsoft\windows defender\definition updates\{3da8dcec-e03a-4f6c-ab90-ecceb8dbdadd}\mpengine.dll
2012-07-22 22:15:53514560----a-w-c:\windows\system32\qdvd.dll
2012-07-22 22:15:39478720----a-w-c:\windows\system32\timedate.cpl
2012-07-22 22:15:03288256----a-w-c:\windows\system32\XpsGdiConverter.dll
2012-07-22 22:14:43442880----a-w-c:\windows\system32\ntshrui.dll
2012-07-22 22:14:4027008----a-w-c:\windows\system32\drivers\Diskdump.sys
2012-07-22 16:13:42--------d-----w-c:\program files\ESET
2012-07-22 16:10:531549312----a-w-c:\windows\system32\tquery.dll
2012-07-22 16:07:23219008----a-w-c:\windows\system32\drivers\dxgmms1.sys
2012-07-22 16:03:34--------d-----w-c:\users\jatbai\appdata\local\{48D5729A-2169-4CB6-91CF-90C03861011A}
2012-07-22 16:03:22--------d-----w-c:\users\jatbai\appdata\local\{948E9AE0-FE1A-46F6-9AB8-4ABA0535D399}
2012-07-21 21:31:37--------d-----w-c:\windows\system32\SPReview
2012-07-21 21:28:59744448----a-w-c:\windows\system32\ActionCenter.dll
2012-07-21 21:03:12--------d-----w-c:\users\jatbai\appdata\local\{485FBE4F-AEA4-4604-907E-8AEE3C29F09F}
2012-07-21 21:03:01--------d-----w-c:\users\jatbai\appdata\local\{5879D6F2-0CC1-4B19-91C7-51F5D04A4A49}
2012-07-21 20:41:306260088----a-w-c:\program files\common files\windows live\.cache\342afc661cd678109\Silverlight.4.0.exe
2012-07-21 20:41:15--------d-----w-c:\users\jatbai\appdata\local\Windows Live
2012-07-21 19:53:55--------d-----w-c:\program files\CCleaner
2012-07-21 19:00:33--------d-----w-C:\TDSSKiller_Quarantine
2012-07-21 18:39:3722344----a-w-c:\windows\system32\drivers\mbam.sys
2012-07-12 04:42:482345984----a-w-c:\windows\system32\win32k.sys
2012-07-11 13:49:501158656----a-w-c:\windows\system32\crypt32.dll
2012-07-11 13:49:49140288----a-w-c:\windows\system32\cryptsvc.dll
2012-07-11 13:49:49103936----a-w-c:\windows\system32\cryptnet.dll
2012-07-03 23:59:41713784------w-c:\programdata\microsoft\microsoft antimalware\definition updates\{42dea5b7-d546-4254-a630-fc4acb26b3f7}\gapaengine.dll
.
==================== Find3M ====================
.
2012-07-25 18:40:59420864----a-w-c:\windows\system32\vbscript.dll
2012-07-25 18:40:5935840----a-w-c:\windows\system32\imgutil.dll
2012-07-25 18:40:592382848----a-w-c:\windows\system32\mshtml.tlb
2012-07-25 18:40:591800192----a-w-c:\windows\system32\jscript9.dll
2012-07-25 18:40:59142848----a-w-c:\windows\system32\ieUnatt.exe
2012-07-25 18:40:5911776----a-w-c:\windows\system32\mshta.exe
2012-07-25 18:40:59101888----a-w-c:\windows\system32\admparse.dll
2012-07-21 21:39:05152576----a-w-c:\windows\system32\msclmd.dll
2012-06-19 04:32:12374648----a-w-c:\windows\system32\drivers\b57nd60x.sys
2012-06-06 05:05:521390080----a-w-c:\windows\system32\msxml6.dll
2012-06-06 05:05:521236992----a-w-c:\windows\system32\msxml3.dll
2012-06-06 05:03:06805376----a-w-c:\windows\system32\cdosys.dll
2012-06-02 22:12:322422272----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:12:1388576----a-w-c:\windows\system32\wudriver.dll
2012-06-02 19:19:42171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 19:12:2033792----a-w-c:\windows\system32\wuapp.exe
2012-06-02 04:45:0467440----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59369336----a-w-c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39225280----a-w-c:\windows\system32\schannel.dll
2012-06-02 04:39:10219136----a-w-c:\windows\system32\ncrypt.dll
2012-05-01 04:44:12164352----a-w-c:\windows\system32\profsvc.dll
2012-04-28 03:17:07183808----a-w-c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 21:13:42.41 ===============
Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 09/01/2010 12:45:45 AM
System Uptime: 25/07/2012 7:57:18 PM (2 hours ago)
.
Motherboard: LENOVO | | NITU1
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 1197/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 189 GiB total, 152.731 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 0.001 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.0.1
ALPS Touch Pad Driver
Bing Desktop
Broadcom 802.11 Wireless Driver
Broadcom Gigabit Integrated Controller
Canon MF Toolbox 4.9.1.1.mf03
Canon MF4100 Series
CCleaner
Conexant HD Audio
D3DX10
EasyCapture
Energy Management
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Application Error Reporting
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Power2Go
QuickBooks
QuickBooks Premier: Accountant Edition 2011
Realtek USB 2.0 Card Reader
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Skype Toolbars
Skype™ 4.2
SUPERAntiSpyware
SupportSoft Assisted Service
VeriFace
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual Studio 2005 Tools for Office Second Edition Runtime
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
21/07/2012 5:38:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows 7 Service Pack 1 (KB976932).
21/07/2012 4:59:57 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
21/07/2012 4:59:57 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
21/07/2012 4:51:43 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
21/07/2012 4:45:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows 7 Service Pack 1 (KB976932).
.
==== End Of File ===========================
Malwarebytes Log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.21.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
jatbai :: JATBAI-PC [administrator]
25/07/2012 8:59:29 PM
mbam-log-2012-07-25 (20-59-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219713
Time elapsed: 9 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
And finally, the GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-25 21:54:10
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0
Running: rcjoy6of.exe; Driver: C:\Users\jatbai\AppData\Local\Temp\uxdiqpog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C753C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9983FC9D 28 Bytes CALL CF083232
.text peauth.sys 9983FCC1 28 Bytes CALL CF083256
? C:\Users\jatbai\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [72C124CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [72BF562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [72BF56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [72C12546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [72C085AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [72C04D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [72C05105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [72C051DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [72C06707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [72C08301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [72C08850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [72C090B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [72C0E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [72C04C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Thanks for your help
Please help me in determining whether or not this computer is infected
DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by jatbai at 21:13:03 on 2012-07-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3033.2041 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Windows\System32\IgrsSvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\StikyNot.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://www.lenovo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [GameXN GO] "c:\programdata\gamexn\GameXNGO.exe" /startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-in.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81}\2454C4C4731393 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81}\64255454023554C4543445023514E44475943484027594D26494 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81}\75C414E4 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81}\845627F6 : DhcpNameServer = 192.168.0.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 171064]
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-12-12 54800]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2009-7-14 38152]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-8-11 30152]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-1-20 23136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-6-19 374648]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2009-12-12 11792]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-5 135664]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2009-12-12 63240]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-5 135664]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2009-12-12 414984]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2009-12-12 472328]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-21 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-13 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-22 81704]
.
=============== Created Last 30 ================
.
2012-07-25 18:45:126891424----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{fd054265-0189-42c1-aea2-17db5d9e967c}\mpengine.dll
2012-07-25 18:40:59766976----a-w-c:\program files\common files\microsoft shared\vgx\VGX.dll
2012-07-25 18:36:40--------d-----w-c:\users\jatbai\appdata\local\{AC1AED8E-2441-438F-95B8-A4376366CFC1}
2012-07-25 18:35:42--------d-----w-c:\users\jatbai\appdata\local\{E72604DC-7FC1-4B47-8660-B3ABFF61CE9D}
2012-07-23 02:12:22--------d-----w-c:\users\jatbai\appdata\roaming\SUPERAntiSpyware.com
2012-07-23 02:12:11--------d-----w-c:\programdata\SUPERAntiSpyware.com
2012-07-23 02:12:11--------d-----w-c:\program files\SUPERAntiSpyware
2012-07-22 22:39:236891424----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-22 22:19:04--------d-----w-c:\program files\Microsoft
2012-07-22 22:18:236891424----a-w-c:\programdata\microsoft\windows defender\definition updates\{3da8dcec-e03a-4f6c-ab90-ecceb8dbdadd}\mpengine.dll
2012-07-22 22:15:53514560----a-w-c:\windows\system32\qdvd.dll
2012-07-22 22:15:39478720----a-w-c:\windows\system32\timedate.cpl
2012-07-22 22:15:03288256----a-w-c:\windows\system32\XpsGdiConverter.dll
2012-07-22 22:14:43442880----a-w-c:\windows\system32\ntshrui.dll
2012-07-22 22:14:4027008----a-w-c:\windows\system32\drivers\Diskdump.sys
2012-07-22 16:13:42--------d-----w-c:\program files\ESET
2012-07-22 16:10:531549312----a-w-c:\windows\system32\tquery.dll
2012-07-22 16:07:23219008----a-w-c:\windows\system32\drivers\dxgmms1.sys
2012-07-22 16:03:34--------d-----w-c:\users\jatbai\appdata\local\{48D5729A-2169-4CB6-91CF-90C03861011A}
2012-07-22 16:03:22--------d-----w-c:\users\jatbai\appdata\local\{948E9AE0-FE1A-46F6-9AB8-4ABA0535D399}
2012-07-21 21:31:37--------d-----w-c:\windows\system32\SPReview
2012-07-21 21:28:59744448----a-w-c:\windows\system32\ActionCenter.dll
2012-07-21 21:03:12--------d-----w-c:\users\jatbai\appdata\local\{485FBE4F-AEA4-4604-907E-8AEE3C29F09F}
2012-07-21 21:03:01--------d-----w-c:\users\jatbai\appdata\local\{5879D6F2-0CC1-4B19-91C7-51F5D04A4A49}
2012-07-21 20:41:306260088----a-w-c:\program files\common files\windows live\.cache\342afc661cd678109\Silverlight.4.0.exe
2012-07-21 20:41:15--------d-----w-c:\users\jatbai\appdata\local\Windows Live
2012-07-21 19:53:55--------d-----w-c:\program files\CCleaner
2012-07-21 19:00:33--------d-----w-C:\TDSSKiller_Quarantine
2012-07-21 18:39:3722344----a-w-c:\windows\system32\drivers\mbam.sys
2012-07-12 04:42:482345984----a-w-c:\windows\system32\win32k.sys
2012-07-11 13:49:501158656----a-w-c:\windows\system32\crypt32.dll
2012-07-11 13:49:49140288----a-w-c:\windows\system32\cryptsvc.dll
2012-07-11 13:49:49103936----a-w-c:\windows\system32\cryptnet.dll
2012-07-03 23:59:41713784------w-c:\programdata\microsoft\microsoft antimalware\definition updates\{42dea5b7-d546-4254-a630-fc4acb26b3f7}\gapaengine.dll
.
==================== Find3M ====================
.
2012-07-25 18:40:59420864----a-w-c:\windows\system32\vbscript.dll
2012-07-25 18:40:5935840----a-w-c:\windows\system32\imgutil.dll
2012-07-25 18:40:592382848----a-w-c:\windows\system32\mshtml.tlb
2012-07-25 18:40:591800192----a-w-c:\windows\system32\jscript9.dll
2012-07-25 18:40:59142848----a-w-c:\windows\system32\ieUnatt.exe
2012-07-25 18:40:5911776----a-w-c:\windows\system32\mshta.exe
2012-07-25 18:40:59101888----a-w-c:\windows\system32\admparse.dll
2012-07-21 21:39:05152576----a-w-c:\windows\system32\msclmd.dll
2012-06-19 04:32:12374648----a-w-c:\windows\system32\drivers\b57nd60x.sys
2012-06-06 05:05:521390080----a-w-c:\windows\system32\msxml6.dll
2012-06-06 05:05:521236992----a-w-c:\windows\system32\msxml3.dll
2012-06-06 05:03:06805376----a-w-c:\windows\system32\cdosys.dll
2012-06-02 22:12:322422272----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:12:1388576----a-w-c:\windows\system32\wudriver.dll
2012-06-02 19:19:42171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 19:12:2033792----a-w-c:\windows\system32\wuapp.exe
2012-06-02 04:45:0467440----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59369336----a-w-c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39225280----a-w-c:\windows\system32\schannel.dll
2012-06-02 04:39:10219136----a-w-c:\windows\system32\ncrypt.dll
2012-05-01 04:44:12164352----a-w-c:\windows\system32\profsvc.dll
2012-04-28 03:17:07183808----a-w-c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 21:13:42.41 ===============
Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 09/01/2010 12:45:45 AM
System Uptime: 25/07/2012 7:57:18 PM (2 hours ago)
.
Motherboard: LENOVO | | NITU1
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 1197/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 189 GiB total, 152.731 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 0.001 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.0.1
ALPS Touch Pad Driver
Bing Desktop
Broadcom 802.11 Wireless Driver
Broadcom Gigabit Integrated Controller
Canon MF Toolbox 4.9.1.1.mf03
Canon MF4100 Series
CCleaner
Conexant HD Audio
D3DX10
EasyCapture
Energy Management
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Application Error Reporting
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Power2Go
QuickBooks
QuickBooks Premier: Accountant Edition 2011
Realtek USB 2.0 Card Reader
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Skype Toolbars
Skype™ 4.2
SUPERAntiSpyware
SupportSoft Assisted Service
VeriFace
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual Studio 2005 Tools for Office Second Edition Runtime
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
21/07/2012 5:38:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows 7 Service Pack 1 (KB976932).
21/07/2012 4:59:57 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
21/07/2012 4:59:57 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
21/07/2012 4:51:43 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
21/07/2012 4:45:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows 7 Service Pack 1 (KB976932).
.
==== End Of File ===========================
Malwarebytes Log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.21.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
jatbai :: JATBAI-PC [administrator]
25/07/2012 8:59:29 PM
mbam-log-2012-07-25 (20-59-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219713
Time elapsed: 9 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
And finally, the GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-25 21:54:10
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0
Running: rcjoy6of.exe; Driver: C:\Users\jatbai\AppData\Local\Temp\uxdiqpog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C753C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9983FC9D 28 Bytes CALL CF083232
.text peauth.sys 9983FCC1 28 Bytes CALL CF083256
? C:\Users\jatbai\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [72C124CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [72BF562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [72BF56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [72C12546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [72C085AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [72C04D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [72C05105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [72C051DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [72C06707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [72C08301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [72C08850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [72C090B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [72C0E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [72C04C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Thanks for your help