Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Malware: Wserving.exe, Atpsck.exe, Afinding.exe, Nobicyt.exe, Perfs.exe, Routing.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 Cherry2000

Cherry2000

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phx, az
  • Local time:07:36 AM

Posted 11 July 2008 - 07:54 PM

My computer slowed down and noticed some process that had no descriptions, name etc when using sysinternals process explorer-x64. Started researching online and noticed others that where helped here and the problem was solved.. I would appreciate any help on this and to look at any other suspicious items from the hijackthis log, especially since I'm running xp pro x64. I have followed the directions for everything and hope I'm correct.

Here is the hijackthis log created by decker's system scanner. After the scan i only got the main.txt below, no extra.txt log. I know the wserving.exe, atpsck.exe, afinding.exe, Nobicyt.exe, perfs.exe, routing.exe processes are bad.

Also, almost forgot that nod32 has unsuccessfully handled a threat in the system restore file. After renaming or deleting I still get a warning. Nod32 log shows: C:\System Volume Information\_restore{4E743E30-AE49-4DB7-939E-6655C92F5C97}\RP282\A0076123.Vexe Win32/Adware.Antivirus2008 application renamed to ?K?\Device\HarddiskVolume1\System Volume Information\_restore{4E743E30-AE49-4DB7-939E-6655C92F5C97}\RP282\A0076123.VVexe NT AUTHORITY\SYSTEM

thanks so much, I hope I'm not two much of a pain for everyone :thumbsup:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-11 16:49:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:18 PM, on 7/11/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\afinding.exe
C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\WINDOWS\SysWOW64\perfs.exe
C:\WINDOWS\routing.exe
C:\WINDOWS\wserving.exe
C:\Program Files\Logitech\SetPoint\SetPoint32.exe
C:\Program Files (x86)\Eset\nod32krn.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=193.251.181.135:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files (x86)\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME (x86)\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\SysWow64\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\SysWow64\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MyIPAddress] "C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\RunServices: [SystemTray Monitor] Setup.exe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: V3Net for Windows Server 6.0.exe.lnk = C:\Program Files\Common Files\V3Net for Windows Server 6.0.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: V3Net for Windows Server 6.0.exe.lnk = C:\Program Files\Common Files\V3Net for Windows Server 6.0.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: V3Net for Windows Server 6.0.exe.lnk = C:\Program Files\Common Files\V3Net for Windows Server 6.0.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: AltaVista Search - file://C:\Program Files (x86)\ALTAVISTA Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Translate - file://C:\Program Files (x86)\ALTAVISTA Toolbar\Cache\SelectedContextTranslation.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O12 - Plugin for .mu3: C:\Program Files (x86)\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files (x86)\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files (x86)\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files (x86)\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files (x86)\Internet Explorer\Plugins\NPMyrMus.dll
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.goear.com
O15 - Trusted Zone: http://www.hotmail.com
O15 - Trusted Zone: http://h10025.www1.hp.com
O15 - Trusted Zone: http://www.subscription.support.hp.com
O15 - Trusted Zone: http://maps.live.com
O15 - Trusted Zone: http://www.hotmail.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AFinding Log Service (AFinding) - Unknown owner - C:\WINDOWS\afinding.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HTTPFilter - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder 64\ImapiHelper.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: License Management Service ESD - element5 - C:\Program Files (x86)\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
O23 - Service: LVPrcS64 - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: NOBICYT - Unknown owner - C:\WINDOWS\Nobicyt.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files (x86)\Eset\nod32krn.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: perfmons - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Documents and Settings\Administrator\Desktop\sotware stress test\p64v2414\PRIME95.EXE (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\routing.exe
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Documents and Settings\Administrator\Desktop\FILES FROM CD INSTALL\ProgramChecker\sassvc.exe (file missing)
O23 - Service: Synergy Server - Unknown owner - C:\Program Files (x86)\Synergy\synergys.exe
O23 - Service: vds - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VLC media player - Unknown owner - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
O23 - Service: VSS - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WmiApSrv - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: WServing - Unknown owner - C:\WINDOWS\wserving.exe

--
End of file - 13318 bytes

-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 14:24:16 48 --ah----- C:\aaw7boot.cmd
2008-07-11 14:17:55 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-11 09:49:48 0 d-------- C:\Program Files (x86)\Lavasoft
2008-07-10 12:24:30 0 d-------- C:\Program Files (x86)\Security Task Manager
2008-07-09 19:24:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\CompanionLink
2008-07-09 19:24:30 0 d-------- C:\Program Files (x86)\CompanionLink
2008-07-08 12:53:53 0 d-------- C:\Program Files (x86)\ABC Amber Text Converter
2008-07-08 06:56:47 0 d-------- C:\Program Files (x86)\ABC Amber BlackBerry Converter
2008-07-08 03:38:13 0 d-------- C:\Program Files (x86)\ABC Amber IPD Merger
2008-07-06 11:14:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2008-07-05 17:56:22 0 d--h----- C:\Documents and Settings\All Users\Application Data\{70C1087F-F1B5-43EE-88B2-AA09A3FD1936}
2008-07-05 14:36:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-05 12:22:38 4608 --a------ C:\WINDOWS\system32\W95Inf32.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-07-05 12:22:38 2272 --a------ C:\WINDOWS\system32\W95Inf16.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-07-04 03:19:19 16 --a------ C:\WINDOWS\PwdManage.dat
2008-06-29 19:00:27 0 d-------- C:\Program Files (x86)\Quicken Rental Property Manager
2008-06-29 11:53:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\TweakNow PowerPack
2008-06-29 10:29:04 0 d-------- C:\WINDOWS\system32\IME
2008-06-29 10:25:50 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-06-29 10:18:00 36864 --a------ C:\WINDOWS\xwxfst.sys <Not Verified; ; dp0eosf>
2008-06-29 10:17:52 32768 --a------ C:\WINDOWS\perfs.exe
2008-06-29 10:17:46 33280 --a------ C:\WINDOWS\routing.exe
2008-06-29 10:17:37 187904 --a------ C:\WINDOWS\wserving.exe
2008-06-29 10:17:27 184832 --a------ C:\WINDOWS\afinding.exe
2008-06-29 06:45:09 0 d-------- C:\Program Files (x86)\SSA
2008-06-28 23:36:51 0 d-------- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
2008-06-28 23:36:19 0 d-------- C:\Program Files (x86)\Common Files\Palo Alto Software
2008-06-28 23:36:08 0 d-------- C:\Program Files (x86)\Common Files\Intuit
2008-06-28 22:04:50 0 d-------- C:\Program Files (x86)\blinkx BroadbandTV
2008-06-28 21:56:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\blinkx
2008-06-28 17:53:46 40448 --a------ C:\WINDOWS\system32\regobj.dll
2008-06-28 14:09:12 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2008-06-28 14:08:52 60416 --a------ C:\WINDOWS\system32\DSETUP.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-06-28 14:08:52 9856 --a------ C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-06-28 14:08:52 4608 --a------ C:\WINDOWS\system32\drivers\nvport.sys <Not Verified; NVIDIA Corporation.; Port Driver>
2008-06-28 14:08:52 671744 --a------ C:\WINDOWS\system32\DolbyHph.dll <Not Verified; Lake Technology Limited, http://www.lake.com.au; Dolby Headphone>
2008-06-27 15:29:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-26 13:24:01 0 d-------- C:\WINDOWS\IE8updates
2008-06-26 07:06:34 360580 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-06-26 07:06:30 0 d-------- C:\Program Files (x86)\Hot CPU Tester Pro 4
2008-06-26 02:19:36 0 d-------- C:\Program Files (x86)\My IP Address
2008-06-24 02:32:32 0 d-------- C:\Program Files (x86)\DivX Subtitle Displayer
2008-06-24 02:11:25 0 d-------- C:\Program Files (x86)\Gabest
2008-06-24 01:42:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\LEAPS
2008-06-24 01:27:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
2008-06-24 01:03:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
2008-06-24 00:44:54 33408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD>
2008-06-24 00:44:21 0 d-------- C:\Program Files (x86)\Pegasys Inc
2008-06-23 20:47:36 0 d-------- C:\Program Files (x86)\Reasonable NoClone 2007 Enterprise
2008-06-23 12:32:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Move Networks
2008-06-23 04:56:14 0 d-------- C:\Program Files (x86)\Live Search Maps for Outlook
2008-06-23 04:21:14 0 d-------- C:\Program Files (x86)\Microsoft Office Outlook Connector
2008-06-20 17:01:25 0 d-------- C:\Program Files (x86)\OneNoteUtilities
2008-06-11 21:38:50 0 d-------- C:\Program Files (x86)\Chord Pickout
2008-06-11 03:30:03 0 d-------- C:\Program Files (x86)\Windsurfing 2007


-- Find3M Report ---------------------------------------------------------------

2008-07-11 14:17:37 0 d-------- C:\Program Files (x86)\CCleaner
2008-07-11 09:45:07 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-07-11 06:52:01 0 d-------- C:\Program Files (x86)\Opera
2008-07-09 20:39:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Research In Motion
2008-07-09 11:36:06 0 d-------- C:\Program Files (x86)\PowerCmd
2008-07-08 12:20:31 0 d-------- C:\Program Files (x86)\USB Safely Remove
2008-07-08 01:51:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-07-06 22:33:06 0 d-------- C:\Program Files (x86)\Quicken
2008-07-06 22:33:06 0 d-------- C:\Program Files (x86)\Common Files
2008-07-06 15:05:57 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-07-06 14:14:21 0 d-------- C:\Program Files (x86)\Microsoft Money Plus
2008-07-06 06:13:14 0 d-------- C:\Program Files (x86)\DSL Speed
2008-07-05 12:19:23 0 d-------- C:\Program Files (x86)\SuperEncryptor
2008-07-04 09:05:14 0 d-------- C:\Program Files (x86)\SHMM
2008-07-01 18:29:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-07-01 06:12:17 256 --a----c- C:\WINDOWS\system32\pool.bin
2008-06-29 08:21:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-06-29 08:20:04 0 d-------- C:\Program Files (x86)\Common Files\InstallShield
2008-06-28 14:08:52 0 d-------- C:\Program Files (x86)\NVIDIA Corporation
2008-06-27 15:27:34 0 d-------- C:\Program Files (x86)\Yahoo!
2008-06-26 11:41:49 0 d-------- C:\Program Files (x86)\Dr.Hardware 2008 english
2008-06-26 07:59:57 360580 --a------ C:\WINDOWS\system32\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-06-25 20:36:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-06-25 19:00:55 0 d-------- C:\Program Files (x86)\LimeWire
2008-06-24 14:42:50 560 --a----c- C:\Documents and Settings\Administrator\Application Data\TheLastRipper.xml
2008-06-23 03:59:44 0 d-------- C:\Program Files (x86)\xmplay34
2008-06-14 21:48:06 0 d-------- C:\Program Files (x86)\Opera 9.5 beta
2008-06-10 02:23:12 0 d-------- C:\Program Files (x86)\DivX
2008-06-10 01:32:15 0 d-------- C:\Program Files (x86)\Acoustica CD Label Maker
2008-06-10 01:04:39 0 d-------- C:\Program Files (x86)\XMicroplayer
2008-06-03 00:02:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-06-02 02:23:42 0 d-------- C:\Program Files (x86)\Common Files\LogiShrd
2008-06-02 02:23:35 0 d-------- C:\Program Files (x86)\Logitech
2008-06-01 20:59:14 0 d-------- C:\Program Files (x86)\Scale Viewer
2008-06-01 20:51:32 0 d-------- C:\Program Files (x86)\KrView
2008-06-01 18:33:08 66833 --a------ C:\WINDOWS\x64ins02.dat
2008-05-30 16:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-29 04:06:22 24064 --a------ C:\WINDOWS\autoload.exe
2008-05-29 02:40:45 101888 -----n--- C:\WINDOWS\odestkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-29 02:40:45 151622 -----n--- C:\WINDOWS\modcas.dll <Not Verified; Microsoft Corporation; Microsoft ® Office Developer>
2008-05-29 02:40:44 73216 --a------ C:\WINDOWS\ODEUNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-27 21:31:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-05-27 20:44:43 0 d-------- C:\Program Files (x86)\Common Files\Skype
2008-05-26 09:18:28 0 d-------- C:\Program Files (x86)\StorageCraft
2008-05-26 09:16:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\ShadowProtect
2008-05-26 04:21:10 0 d-------- C:\Program Files (x86)\ExtraMind Systems
2008-05-25 21:31:32 0 d-------- C:\Program Files (x86)\Icon3D
2008-05-25 21:27:30 0 d-------- C:\Program Files (x86)\Microsoft
2008-05-24 20:15:10 0 d-------- C:\Program Files (x86)\Your Uninstaller 2008
2008-05-22 23:12:33 26000 --a------ C:\WINDOWS\system32\E3TL.DLL
2008-05-22 23:12:24 0 d-------- C:\Program Files (x86)\Zenturi
2008-05-22 21:53:59 0 d-------- C:\Program Files (x86)\Plextor
2008-05-22 15:25:12 0 d-------- C:\Program Files (x86)\Java
2008-05-22 15:23:49 0 d-------- C:\Program Files (x86)\Common Files\Java
2008-05-22 15:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 15:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 15:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-22 15:14:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\ImgBurn
2008-05-22 15:12:01 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-22 01:38:14 0 d-------- C:\Program Files (x86)\ImgBurn
2008-05-20 14:39:52 0 d-------- C:\Program Files (x86)\Softland
2008-05-20 14:39:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Softland
2008-05-20 06:18:13 0 d-------- C:\Program Files (x86)\Bit Che
2008-05-20 04:54:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-05-20 04:51:28 0 d-------- C:\Program Files (x86)\Digital Guitar Tuner 2.3
2008-05-19 18:29:06 0 d-------- C:\Program Files (x86)\Yawcam
2008-05-19 18:27:07 0 d-------- C:\Program Files (x86)\Microsoft Silverlight
2008-05-18 18:00:14 4241 --a------ C:\Documents and Settings\Administrator\Application Data\.googlewebacchosts
2008-05-17 17:04:01 737280 --a----c- C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-15 13:23:58 0 d-------- C:\Program Files (x86)\Common Files\AMD
2008-05-15 13:21:53 0 d-------- C:\Program Files (x86)\Replay Media Catcher
2008-05-15 04:16:24 0 d-------- C:\Program Files (x86)\Common Files\Adobe AIR
2008-05-13 12:04:14 6292 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-11 20:31:58 0 d-------- C:\Program Files (x86)\Common Files\SourceTec
2008-05-11 20:29:42 0 d-------- C:\Program Files (x86)\SourceTec
2008-05-11 16:54:16 0 d-------- C:\Program Files (x86)\AMD
2008-05-10 10:54:15 4 --a------ C:\WINDOWS\system32\utinfo.dat
2008-05-10 07:35:12 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-04 08:45:58 4096 --a----c- C:\WINDOWS\d3dx.dat
2008-04-25 09:21:55 3522 --a----c- C:\WINDOWS\mozver.dat
2008-04-22 07:03:00 545 --a----c- C:\WINDOWS\UC.PIF
2008-04-22 07:03:00 545 --a----c- C:\WINDOWS\RAR.PIF
2008-04-22 07:03:00 545 --a----c- C:\WINDOWS\PKZIP.PIF
2008-04-22 07:03:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-04-22 07:03:00 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-22 07:03:00 545 --a----c- C:\WINDOWS\LHA.PIF
2008-04-22 07:03:00 545 --a----c- C:\WINDOWS\ARJ.PIF
2008-04-19 16:25:56 3072 --a----c- C:\Documents and Settings\Administrator\Application Data\dvd.bmk


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-07-11 16:49:31 ------------

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:36 AM

Posted 03 August 2008 - 09:41 AM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:36 AM

Posted 12 August 2008 - 06:04 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users