Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/Trojan Infected PC, DDS log


  • This topic is locked This topic is locked
2 replies to this topic

#1 Diablue

Diablue

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 01 February 2009 - 10:52 PM

Machine in question: eMachines W3052 512 RAM, AMD 3000 Processor, Windows XP Home SP3


I'll try to explain as best I can so bare with me. I am on this thread using a clean(i think) PC because mine is literally giving me a headache trying to fix-- there's some trojan program that won't seem to stay deleted/removed. It's located in this folder.

C:\Doccuments and Settings\Owner\Application Data\_3a3e49ae576f103cf17c8663eb8327df
In that folder is two .ini's "control.ini" and "save.ini"

And another folder called "Down" containing these EXEs; curl, ic007, im001, mini000, rp000, tp000, wr007, xxx000.

These EXEs run and hog my PC's RAM when it's online so I quit trying to go online. I've scanned with norton, AVG, Spybot search and destroy, and a few others with no luck. I had tried to install one that works on this PC called Malwarebytes' Anti-Malware but every time I start the install the installer closes instantly.

When I run a scan, sometime durring the scan a popup tells me it has to restart because a Generic host32 was closed. Which leads to another NTAUTHORITY\SYSTEM message about 5 minutes later counting down to a restart.

Another effect is one that pops up a message "Windows cannot find 'RECYCLER\S-6-4-57-100004899-1000-29656-100014770-1406.com'. make sure you typed the name correctly, then try again." when i double click the C:\ drive. I have to right click then use the "explore" button to access it. It concerns me more because THIS PC it doing that too. But none of the other effects of my PC.

I don't want to risk going online with my(the majorly infected) pc because I don't know what the EXEs are doing when they're connected but I need to fix this because my PC won't run Vista, I don't have my OEM disc and I don't know where to get another copy of Windows XP home. Not to mention there's a few files I want off of my PC.

Here's the DDS from my PC,


DDS (Ver_09-01-19.01) - NTFSx86
Run by Owner at 17:04:18.40 on Sat 01/31/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.188 [GMT -6:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\scvhost32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
"C:\Documents and Settings\Owner\Application Data\svchost.exe"
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.youtube.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = about:blank
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
mCustomizeSearch = about:blank
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {D80C4E21-C346-4E21-8E64-20746AA20AEB} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {5AA06644-BC46-4220-A460-47A6EB47C96D} - No File
TB: {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - No File
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [svchost32] c:\windows\scvhost32.exe
mRun: [*svchostBoot] "c:\documents and settings\owner\application data\svchost.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Jzohucefuhel] rundll32.exe "c:\windows\oteradiy.dll",e
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {17492023-C23A-453E-A040-C7C580BBF700}
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501}
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822}
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643}
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\zgir4aqt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gaiaonline.com/
FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=freecause&ourmark=3&type=108&ei=utf-8&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPPGWrap.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {C3588EFE-B324-4774-85B8-BF5AEC882E7F} - c:\documents and settings\owner\local settings\application data\{C3588EFE-B324-4774-85B8-BF5AEC882E7F}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-1-29 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-30 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-29 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-29 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-29 107272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-6-2 109616]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080602.003\NAVENG.SYS [2008-6-2 82256]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080602.003\NAVEX15.SYS [2008-6-2 895408]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-11 1251720]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-29 903960]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-29 298264]
R4 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2006-6-10 3744]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
R4 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2006-6-10 3904]
S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2008-10-5 68922]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2008-10-19 7548]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-01-31 17:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-31 11:05 <DIR> --d----- c:\program files\Lavalys
2009-01-31 10:58 <DIR> --d----- c:\program files\SpywareBlaster
2009-01-30 17:31 <DIR> --d----- c:\docume~1\owner\applic~1\_3a3e49ae576f103cf17c8663eb8327df
2009-01-30 13:24 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-30 13:23 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-30 13:23 <DIR> --d----- c:\program files\Lavasoft
2009-01-30 13:10 75,776 a------- c:\windows\system32\drivers\gaopdxserv.sys
2009-01-30 13:05 361 ---shr-- C:\autorun.inf
2009-01-30 00:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-01-30 00:54 <DIR> --d----- c:\program files\Security Task Manager
2009-01-30 00:22 <DIR> --d----- c:\program files\CCleaner
2009-01-30 00:04 <DIR> --d-h--- C:\BJPrinter
2009-01-29 21:47 336,136 a------- c:\documents and settings\owner\setup.exe
2009-01-29 17:25 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-29 17:19 133,120 a------- c:\windows\oteradiy.dll
2009-01-29 17:19 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-29 17:19 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-29 17:19 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-01-29 17:19 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-29 17:18 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-29 17:18 <DIR> --d----- c:\program files\AVG
2009-01-29 17:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-29 17:07 43,008 a------- c:\windows\system32\chert10-303361.exe
2009-01-29 16:34 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-29 14:26 151,040 a------- c:\windows\scvhost32.exe
2009-01-29 14:24 33 a------- c:\docume~1\owner\applic~1\__t.bin
2009-01-29 14:23 796,787 a------- c:\docume~1\owner\applic~1\svchost.exe
2009-01-29 12:20 <DIR> --d----- c:\program files\Red Kawa
2009-01-27 10:57 <DIR> --d----- c:\documents and settings\owner\Contacts
2009-01-24 01:03 <DIR> --d----- c:\windows\UbiSoft
2009-01-23 17:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\2DBoy
2009-01-23 17:04 <DIR> --d----- c:\program files\WorldOfGoo
2009-01-23 16:58 <DIR> --d----- c:\windows\Favorites
2009-01-16 12:56 1,518 a------- C:\ff8input.cfg
2009-01-16 12:51 40,960 a------- c:\windows\system32\eax.dll
2009-01-16 12:51 <DIR> --d----- c:\program files\Creative Labs
2009-01-14 02:07 <DIR> --d----- c:\program files\Math Compass
2009-01-14 02:03 26,384 a----r-- c:\windows\system32\FM20ENU.DLL
2009-01-14 02:03 30,720 a------- c:\windows\system32\RCHTXCHS.DLL
2009-01-14 02:03 83,552 a------- c:\windows\system32\GAPI32.DLL
2009-01-14 02:03 62,464 a------- c:\windows\system32\MCI32.oca
2009-01-14 02:03 26,384 a------- c:\windows\system32\FM20CHS.DLL
2009-01-14 02:03 13,824 a------- c:\windows\system32\INETCHS.DLL
2009-01-14 02:03 2,396 a------- c:\windows\system32\MCI32.DEP
2009-01-14 02:03 347,136 a------- c:\windows\system32\FM20.oca
2009-01-14 02:03 1,129,232 a------- c:\windows\system32\FM20.DLL
2009-01-05 20:35 <DIR> --d----- c:\docume~1\owner\applic~1\DAEMON Tools Pro
2009-01-05 16:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-01-05 16:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-01-05 10:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-01-05 10:31 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-01-05 10:20 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-01-05 10:20 <DIR> --d----- c:\docume~1\owner\applic~1\DAEMON Tools Lite
2009-01-02 16:40 <DIR> --d----- c:\windows\lhsp
2009-01-02 16:40 <DIR> --d----- c:\windows\speech

==================== Find3M ====================

2009-01-05 20:06 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-05 20:06 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-05 20:06 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-05 20:06 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-11 15:15 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-09-13 13:59 87,608 a------- c:\docume~1\owner\applic~1\inst.exe
2008-09-13 13:59 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys
2007-10-19 03:32 320 a------- c:\documents and settings\owner\rockconfig.dat
2007-09-12 21:13 274 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2005-05-11 05:01 0 a--sh--- c:\windows\sminst\HPCD.sys
2006-09-13 08:47 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-17 17:45 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080908\index.dat
2008-09-17 17:45 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat

============= FINISH: 17:04:39.85 ===============


I have the Attach.txt file if it's needed.

Edited by Diablue, 02 February 2009 - 11:09 AM.


BC AdBot (Login to Remove)

 


#2 Diablue

Diablue
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 03 February 2009 - 12:12 AM

Being impatient as I am at times, I am doing research and feel I can handle this issue. Please delete or move this thread.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:38 PM

Posted 03 February 2009 - 06:42 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users