Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TrojanDropper.Agent.ZLH or Kryptik.DT.trojan?


  • This topic is locked This topic is locked
2 replies to this topic

#1 harbal

harbal

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 03 January 2009 - 07:42 AM

Something created jhujnoea.dll and laseexjr.dll in System32 Folder, as well disabled automatic updates and created new startup items.
Here are the files that NOD32 quarantined in the last week:

2009-01-03 12:03:55 AM HTTP filter file <http://216.12.168.130/ts/kbg04311.exe?&uid=C83DF5F4D87A11DD9710166898CFFFFF&rid=zdez&guid=EF908E6D1B0644C388D8A68870156EFE&affid=166898> a variant of Win32/Kryptik.DT trojan connection terminated - quarantined TSUNAMI\Brad Threat was detected upon access to web by the application: C:\WINDOWS\explorer.exe.

2009-01-02 8:44:11 PM Real-time file system protection file C:\DOCUME~1\Brad\LOCALS~1\Temp\VS08R3OM.19M Win32/PowerReg application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox 3\firefox.exe.

2009-01-02 8:44:04 PM Real-time file system protection file C:\DOCUME~1\Brad\LOCALS~1\Temp\VS08R3OM.19L Win32/PowerReg application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox 3\firefox.exe.

2009-01-02 3:50:13 PM HTTP filter file <http://giga-track.net/download/codecsz3485.exe> a variant of Win32/Kryptik.DR trojan connection terminated - quarantined TSUNAMI\Brad Threat was detected upon access to web by the application: C:\Documents and Settings\Brad\Local Settings\Temp\2.exe.

2009-01-02 3:49:55 PM HTTP filter file <http://mutx.org/32/5> probably a variant of Win32/Statik application connection terminated - quarantined TSUNAMI\Brad Threat was detected upon access to web by the application: C:\WINDOWS\WinVerCheck.exe.

2009-01-02 3:49:46 PM HTTP filter file <http://mutx.org/32/4> probably a variant of Win32/TrojanDownloader.BHO trojan connection terminated - quarantined TSUNAMI\Brad Threat was detected upon access to web by the application: C:\WINDOWS\WinVerCheck.exe.

2009-01-02 3:49:45 PM HTTP filter file <http://mutx.org/32/3> a variant of Win32/Kryptik.CY trojan connection terminated - quarantined TSUNAMI\Brad Threat was detected upon access to web by the application: C:\WINDOWS\WinVerCheck.exe.

2009-01-01 10:04:43 PM HTTP filter file <http://childhe.com/pas/apstpldr.dll.html?affid=166898&uid=&guid=EF908E6D1B0644C388D8A68870156EFE> Win32/BHO.NKU trojan connection terminated - quarantined TSUNAMI\Brad Threat was detected upon access to web by the application: C:\WINDOWS\explorer.exe.

2008-12-27 11:34:48 PM Real-time file system protection file C:\Program Files\Frets on Fire\MarioForever.exe Win32/TrojanDropper.Agent.ZLH trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\cidaemon.exe.

2008-12-27 11:34:44 PM Real-time file system protection file C:\Program Files\Futuremark\MarioForever.exe Win32/TrojanDropper.Agent.ZLH trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\cidaemon.exe.

2008-12-27 11:33:55 PM Real-time file system protection file C:\Program Files\Guitar Hero III\MarioForever.exe Win32/TrojanDropper.Agent.ZLH trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\cidaemon.exe.

2008-12-27 8:22:37 PM Real-time file system protection file C:\System Volume Information\_restore{494F652F-9018-4D45-886F-D348A73103F6}\RP224\A0059460.exe Win32/TrojanDropper.Agent.ZLH trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\cidaemon.exe.
2008-12-27 7:08:08 PM Real-time file system protection file C:\WINDOWS\system32\spool\drivers\MarioForever.exe Win32/TrojanDropper.Agent.ZLH trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\cidaemon.exe.


DDS (Version 1.1.0) - NTFSx86
Run by Brad at 7:23:34.23 on 2009-01-03
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1274 [GMT -5:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
FW: Sunbelt Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\NOD32 Antivirus\egui.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Safari\Safari.exe
C:\Program Files\Mozilla Firefox 3\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\XnView\xnview.exe
C:\Documents and Settings\Brad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://anandtech.com/
uInternet Settings,ProxyOverride = *.local
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
BHO: {63477d93-4ff3-4340-99e5-5b0c4016ebd5} - c:\windows\system32\awtrOhIC.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\xxywTmKC.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9d0d0b12-d0c5-3eb7-aa28-b3ae6356ca5c} - D
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {240888d3-6012-6078-43d4-393f244c104b}: {b401c442-f393-4d34-8706-21063d888042} - c:\windows\system32\hdhpqu.dll
BHO: NTIECatcher Class: {c56cb6b0-0d96-11d6-8c65-b2868b609932} - c:\program files\xi\nettransport 2\NTIEHelper.dll
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun: [egui] "c:\program files\nod32 antivirus\egui.exe" /hide /waitservice
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\PicLens.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
TCP: {13A3D4D4-599E-42FD-BB84-BE184A5BC83F} = 192.168.1.1
TCP: {549E1446-133E-4B3C-82E9-9E28C50F82CC} = 69.1.30.19,69.1.30.18
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds6\wbsrv.dll
Notify: xxywTmKC - xxywTmKC.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\progra~1\dvd region+css free\DVDShell.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\xxywTmKC.dll
LSA: Authentication Packages = msv1_0 relog_ap c:\windows\system32\awtrOhIC

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brad\applic~1\mozilla\firefox\profiles\cyl5zsmp.default\
FF - prefs.js: browser.startup.homepage - hxxp://anandtech.com/
FF - component: c:\documents and settings\brad\application data\mozilla\firefox\profiles\cyl5zsmp.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\mozilla firefox 3\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\brad\local settings\application data\google\update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: c:\program files\google\google updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2006-3-9 16384]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-9-5 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072]
R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [2008-1-24 71720]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-1-2 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R3 ausbmon;Advanced USB Port Monitor Filter Driver;c:\windows\system32\drivers\ausbmon.sys [2008-2-8 21072]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2006-1-4 33792]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2007-12-12 98328]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-1-2 65576]
R4 ekrn;Eset Service;c:\program files\nod32 antivirus\ekrn.exe [2008-2-20 472320]
R4 pciinfo;pciinfo;c:\windows\system32\drivers\PCIINFO.SYS [2005-4-7 2752]
R4 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [2007-7-14 27992]
R4 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R4 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
S3 aawservice;Lavasoft Ad-Aware Service;c:\program files\ad-aware\aawservice.exe [2008-5-12 611664]
S3 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2007-12-6 660768]
S3 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-7-24 23040]
S3 cg;cg;c:\benchmark\clockgen\cg.sys [2004-12-6 6528]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2007-12-12 98328]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2007-12-12 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2007-12-12 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2007-12-12 528920]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2007-12-12 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.sys [2007-12-12 163352]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.sys [2007-12-12 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.sys [2007-12-12 259096]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.sys [2007-12-12 259096]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.sys [2007-12-12 134168]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.sys [2007-12-12 134168]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.sys [2007-12-12 309784]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.sys [2007-12-12 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2007-12-12 99352]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2007-12-12 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2007-12-12 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2007-12-12 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2007-12-12 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2007-12-12 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2007-12-12 534040]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2007-12-12 534040]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-11-4 30192]
S3 hddledd;hddledd;c:\program files\hddled\hddledd.exe [2008-4-20 49152]
S3 ma763006;M-Audio Transit USB;c:\windows\system32\drivers\MA763006.sys [2008-1-24 41728]
S3 MacDriveService;MacDriveService;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2007-5-1 143360]
S3 MADFU006;MADFU006;c:\windows\system32\drivers\MADFU006.sys [2008-1-24 16512]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\drivers\mausbft.sys [2008-2-23 132096]
S3 OKAMAI;OKAMAI Service;c:\windows\system32\cmd.exe [2004-8-4 388608]
S3 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-1-16 664840]
S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-1-16 894216]
S3 photonau;photonau;c:\windows\system32\drivers\photonau.sys [2008-2-23 46080]
S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;c:\windows\system32\drivers\prismnds.sys --> c:\windows\system32\drivers\PRISMNDS.sys [?]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2005-4-5 644608]
S3 TransitInstallerService;M-Audio Transit Installer;c:\program files\m-audio\transit\install\TUSBInst.exe [2007-12-25 49152]
S3 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2007-9-6 302112]
S4 Nefs32;Nefs32; [x]
S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]

=============== Created Last 30 ================

2009-01-03 06:18 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-03 06:18 1,409 a------- c:\windows\QTFont.for
2009-01-03 00:06 103,424 a------- c:\windows\system32\hdhpqu.dll
2009-01-03 00:06 103,424 a------- c:\windows\system32\jgfahcir.dll
2009-01-03 00:01 1,307,356 ---sh--- c:\windows\system32\aeonjuhj.ini
2009-01-03 00:00 68,096 a------- c:\windows\system32\jhujnoea.dll.renamed
2009-01-02 22:15 103,424 a------- c:\windows\system32\sserft.dll
2009-01-02 22:15 103,424 a------- c:\windows\system32\nlcvwmaq.dll
2009-01-02 22:12 1,307,356 ---sh--- c:\windows\system32\cwwjrssj.ini
2009-01-02 21:35 0 a------- c:\windows\system32\mcrh.tmp
2009-01-02 20:53 <DIR> --d----- c:\program files\PeerGuardian2
2009-01-02 18:40 65,576 a------- c:\windows\system32\drivers\SbFwIm.sys
2009-01-02 18:40 270,888 a----r-- c:\windows\system32\drivers\SbFw.sys
2009-01-02 15:46 67 a------- c:\windows\DVDRegionFree.INI
2009-01-02 15:45 <DIR> --d----- c:\program files\DVD Region+CSS Free
2009-01-01 22:12 103,936 a------- c:\windows\system32\ezkwws.dll
2009-01-01 22:12 103,936 a------- c:\windows\system32\vayegsld.dll
2009-01-01 22:10 1,307,356 ---sh--- c:\windows\system32\rjxeesal.ini
2009-01-01 22:10 67,584 a------- c:\windows\system32\laseexjr.dll.renamed
2009-01-01 22:09 675,275 a--sh--- c:\windows\system32\CIhOrtwa.ini2
2009-01-01 22:09 675,275 a--sh--- c:\windows\system32\CIhOrtwa.ini
2009-01-01 22:09 236,032 a------- c:\windows\system32\awtrOhIC.dll
2009-01-01 22:05 <DIR> --d----- c:\program files\SlySoft
2009-01-01 22:04 37,376 a------- c:\windows\system32\xxywTmKC.dll
2008-12-31 08:59 24,872 -------- c:\windows\system32\drivers\ElbyCDIO.sys
2008-12-28 03:39 161,792 a------- c:\windows\SWREG.exe
2008-12-28 03:39 98,816 a------- c:\windows\sed.exe
2008-12-28 03:38 388,608 a------- c:\windows\system32\CF309.exe
2008-12-28 03:38 <DIR> --d----- C:\ComboFix
2008-12-27 19:00 1,228,800 a------- c:\windows\~DF58C5.tmp
2008-12-27 11:14 19,569 a------- c:\windows\003360_.tmp
2008-12-27 09:05 19,569 a------- c:\windows\006762_.tmp
2008-12-27 08:43 <DIR> --d----- C:\dell
2008-12-27 08:15 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2008-12-27 07:23 <DIR> --d----- c:\program files\PowerISO
2008-12-27 01:38 753,664 a------- c:\windows\~DF4CDC.tmp
2008-12-24 19:24 1,228,800 a------- c:\windows\~DF70EF.tmp
2008-12-23 19:44 622,592 a------- c:\windows\~DF57D3.tmp
2008-12-20 01:04 <DIR> --d----- c:\windows\ie8updates
2008-12-19 20:53 622,592 a------- c:\windows\~DFE1BF.tmp
2008-12-19 02:03 1,228,800 a------- c:\windows\~DF3DB0.tmp
2008-12-16 13:27 163,840 a------- c:\windows\~DF7B53.tmp
2008-12-15 16:06 753,664 a------- c:\windows\~DF899D.tmp
2008-12-12 15:26 163,840 a------- c:\windows\~DFCC37.tmp
2008-12-08 22:41 163,840 a------- c:\windows\~DF56E5.tmp
2008-12-07 23:38 1,228,800 a------- c:\windows\~DFE261.tmp
2008-12-04 13:49 1,228,800 a------- c:\windows\~DF3B02.tmp

==================== Find3M ====================

2008-12-02 02:56 103,360 a------- c:\windows\system32\drivers\AnyDVD.sys
2008-12-01 19:00 1,228,800 a------- c:\windows\~DFF387.tmp
2008-11-30 19:52 901,120 a------- c:\windows\~DF57C9.tmp
2008-11-26 11:51 1,228,800 a------- c:\windows\~DFCEC1.tmp
2008-11-23 12:02 163,840 a------- c:\windows\~DFEDF4.tmp
2008-11-21 19:00 1,228,800 a------- c:\windows\~DFCDE2.tmp
2008-11-21 00:49 1,228,800 a------- c:\windows\~DF72E.tmp
2008-11-19 19:00 1,228,800 a------- c:\windows\~DF262.tmp
2008-11-19 12:21 93,128 a------- c:\windows\system32\ElbyCDIO.dll
2008-11-19 00:22 163,840 a------- c:\windows\~DF22E0.tmp
2008-11-17 19:00 1,228,800 a------- c:\windows\~DF9183.tmp
2008-11-17 15:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-11-16 23:50 1,228,800 a------- c:\windows\~DFA229.tmp
2008-11-16 10:54 81,748 a------- c:\windows\WinVerCheck.exe
2008-11-15 22:21 1,228,800 a------- c:\windows\~DF4A10.tmp
2008-11-14 22:19 753,664 a------- c:\windows\~DF7B2A.tmp
2008-11-12 19:00 1,228,800 a------- c:\windows\~DF9ACD.tmp
2008-11-09 19:00 1,228,800 a------- c:\windows\~DF8BC1.tmp
2008-11-08 19:09 901,120 a------- c:\windows\~DFDE02.tmp
2008-11-04 23:15 137,480 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-11-04 23:15 183,120 a------- c:\windows\system32\PnkBstrB.exe
2008-11-04 23:11 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-11-04 19:00 1,228,800 a------- c:\windows\~DF489C.tmp
2008-11-04 00:29 23,364 a---h--- c:\windows\system32\mlfcache.dat
2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-10-23 07:51 284,160 a------- c:\windows\system32\gdi32.dll
2008-10-22 05:29 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-22 05:29 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-10 04:52 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2008-10-10 04:52 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2008-10-10 04:52 452,440 a------- c:\windows\system32\d3dx10_40.dll
2008-09-13 01:49 22,328 a------- c:\docume~1\brad\applic~1\PnkBstrK.sys
2008-07-18 15:58 87,608 a------- c:\docume~1\brad\applic~1\inst.exe
2008-07-18 15:58 47,360 a------- c:\docume~1\brad\applic~1\pcouffin.sys
2008-01-27 06:12 72 a------- c:\docume~1\brad\applic~1\22.cmd
2006-03-09 21:01 262,144 a------- c:\program files\ITLUgui.exe
2006-03-09 21:01 90,112 a------- c:\program files\ITLUengine.dll
2006-03-09 21:01 73,728 a------- c:\program files\Interop.iTunesLib.dll
2006-03-09 21:01 24,576 a------- c:\program files\ITLUconsole.exe
2006-02-01 12:58 340,983 a------- c:\program files\iTLU Manual.pdf
2006-02-01 12:57 350,221 a------- c:\program files\iTLU Handbuch.pdf
2005-09-01 17:11 806,912 a------- c:\program files\PureComponents.NicePanel.fw11.dll
2006-09-28 19:47 108 a--shr-- c:\windows\neoqaz2.dll
2007-02-09 09:53 56 a--shr-- c:\windows\system32\698033D688.sys
2008-01-11 01:54 88 ---shr-- c:\windows\system32\88D6338069.sys
2008-03-28 11:01 5,172 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 7:25:05.48 ===============

Attached Files


Edited by Orange Blossom, 03 January 2009 - 01:39 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 05 January 2009 - 03:36 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 12 January 2009 - 03:01 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users