Error Decompressing Wx Core Pyd
be down. Please try the request again. Your cache administrator is webmaster. Generated Tue, 11 Oct 2016 07:08:49 GMT by s_ac15 (squid/3.5.20)
Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Search More Malwarebytes.com Anti-Malware Anti-Malware for Mac Anti-Malware Mobile Anti-Exploit Endpoint Security Breach Remediation More More More All Activity Home Malware Removal Help Malware Removal for Windows Resolved Malware Removal Logs I believe I have multiple infections, or http://answers.microsoft.com/en-us/windows/forum/windows_xp-performance/win32eventpyd-fatal-error-alert/38e75069-b41f-4041-bbf4-224984eef650 just one bad case of startsear.info Sign in to follow this Followers 1 I believe I have multiple infections, or just one bad case of startsear.info Started by bigroblee, September 14, 2012 22 posts in this topic bigroblee New Member Topic Starter Members 12 posts Location: Salem, OR https://forums.malwarebytes.org/topic/115817-i-believe-i-have-multiple-infections-or-just-one-bad-case-of-startsearinfo/ Interests: Reading, Dodge trucks, television, movies. ID: 1 Posted September 14, 2012 As mentioned, I am having a ridiculous amount of PC problems over the past few days, starting with getting a trojan (?) that is sending all of my searches through startsear.info. I've tried various suggestions and programs to remove it to no avail. I am following the instructions located at this ling (http://forums.malwarebytes.org/index.php?showtopic=9573) and will sincerely appreciate any assistance. I believe I have followed the instructions correctly, and have the dds log below, and also attatched in addition to the attatch file being attatched. Thank you again.DDS.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35Run by Owner at 18:50:53 on 2012-09-13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2151 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated*{EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\WINDOWS\System32\svch
13:58:46 2013-10-15 14:01:12 146 seconds File Details File Name googledrivesync.exe File Size 20097696 bytes File Type error decompressing PE32 executable (GUI) Intel 80386, for MS Windows MD5 713e4bdec84f31374339cd4494a2ff15 SHA1 dd86ecb77653e735a3baf27fc0d825cd189c0f72 SHA256 b0b85d280c9253cf75a94bdab6431f7aaafdc3fe9f7ecfac254d831b4df293ee SHA512 9a123155a6889570dba40f99865f89facad9007371db6df38f33161e35eb1de340f53a90fe655cd0b11a86d5511e478ae928af5b64494a7c5904417521ba445f CRC32 D8BE249B Ssdeep 393216:nb4DkWYvo0uyRVkPSS3nI8/MRaO6ojUTmhe05XzZfMwcO++kNM6l7:b4sZLRVXS3nI8/Z0oTMD5XVfMwHe Yara shellcode - Matched error decompressing wx shellcode byte patterns Download You need to login Signatures Starts servers listening on 127.0.0.1:0, 0.0.0.0:0 Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) Steals private information from local Internet browsers Creates an Alternate Data Stream (ADS) file: C:/DOCUME~1/User/LOCALS~1/Temp/_MEI10882/*.* Screenshots Hosts No hosts contacted. Domains Domain IP accounts.google.com 74.125.136.84 fonts.googleapis.com 74.125.136.95 www.google.com 74.125.136.103 Summary Files Registry Keys Mutexes C:\DOCUME~1\User\LOCALS~1\Temp\googledrivesync.exe C:/DOCUME~1/User/LOCALS~1/Temp/_MEI10882\_win32sysloader.pyd C:\DOCUME~1\User\LOCALS~1\Temp\_MEI10882\_win32sysloader.pyd C:/DOCUME~1/User/LOCALS~1/Temp/_MEI10882\win32pipe.pyd C:\DOCUME~1\User\LOCALS~1\Temp\_MEI10882\win32pipe.pyd C:/DOCUME~1/User/LOCALS~1/Temp/_MEI10882\select.pyd C:\DOCUME~1\User\LOCALS~1\Temp\_MEI10882\select.pyd C:/DOCUME~1/User/LOCALS~1/Temp/_MEI10882\unicodedata.pyd C:\DOCUME~1\User\LOCALS~1\Temp\_MEI10882\unicodedata.pyd C:/DOCUME~1/User/LOCALS~1/Temp/_MEI10882\pyexpat.pyd C:\DOCUME~1\User\LOCALS~1\Temp\_MEI10882\pyexpat.pyd C:/DOCUME~1/User/LOCALS~1/Temp/_MEI10882\win32event.pyd C:\DOCUME~1\User\LOCALS~1\Temp\_MEI10882\win32event.pyd C:/DOCUME~1/Us
be down. Please try the request again. Your cache administrator is webmaster. Generated Tue, 11 Oct 2016 07:08:49 GMT by s_ac15 (squid/3.5.20)