Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

frmwrk32.exe - some form of Virus Infection


  • Please log in to reply
1 reply to this topic

#1 dAvik

dAvik

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 02 February 2009 - 01:07 PM

Downloaded a bogus file the other day (yes I know, bad move) and I thought something was up. A while later, up comes the Red Circle and White Cross in the system tray, telling me I'm infected and should download some software to get rid of it. Avast! did flash up at one point, telling me some connection was blocked, but didn't remove it. I went into task manager and didn't recognize frmwrk32.exe, so I deleted that, and away went the system tray icon. I then located the frmwrk32.exe file and deleted that, along with a prefatch file for it. I've scanned with Spybot S&D twice, I've scanned with Spyware Doctor, I've scanned with Avast!, and I've used Security Task Manager, with which I found a .dll file that had a 100% rating and was created around the same time this all happened. That and the fact that I didn't recognize the name prompted me to quarantine and delete it. Most scans brought up one or two things, like registry changes. The whole PC is running very slowly, which it was not doing before. It's not always the most sparkly clean, hyper quick PC, but it's quick nontheless. Also, when I tried to use it this morning, I task manager would not appear. The icon in the system tray would appear, but I couldn't use the actual thing itself.

Anyway, here's the logs. Any help would be greatly appreciated.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Joe at 17:43:15.51 on 02/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3326.2251 [GMT 0:00]

AV: avast! antivirus 4.8.1296 [VPS 090202-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\wudfhost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
X:\Security\Avast!\aswUpdSv.exe
X:\Security\Avast!\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
X:\Security\Avast!\ashDisp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
X:\Hardware\RivaTuner v2.06\RivaTuner.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Zune\ZuneLauncher.exe
X:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
X:\Misc\Netgear\Network Card\WinDomainlogon.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
X:\Security\Avast!\ashMaiSv.exe
X:\Security\Avast!\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
X:\Security\Avast!\ashSimp2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
X:\Security\Security Task Manager\TaskMan.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Joe\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - x:\security\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.1.1119.1736\swg.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [STYLEXP] c:\program files\tgtsoft\stylexp\StyleXP.exe -Hide
uRun: [Steam] "x:\games\steam\steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\joe\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [avast!] x:\security\avast!\ashDisp.exe
mRun: [RivaTuner] "x:\hardware\rivatuner v2.06\RivaTuner.exe" /T
mRun: [EasyTuneVPro] c:\program files\gigabyte\et5pro\ETcall.exe
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [RCSystem] "c:\program files\creative\shared files\module loader\DLLML.exe" RCSystem * -Startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "x:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "x:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [VolPanel] "c:\program files\creative\volume panel\VolPanlu.exe" /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Mjace] rundll32.exe "c:\windows\inugepukog.dll",e
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Amusuni] rundll32.exe "c:\windows\Brecaliy.dll",e
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Nokia.PCSync] "x:\misc\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\joe\startm~1\programs\startup\et5.lnk - c:\program files\gigabyte\et5\ET5SC.exe
StartupFolder: c:\docume~1\joe\startm~1\programs\startup\shortc~1.lnk - x:\misc\netgear\network card\WinDomainlogon.exe
StartupFolder: c:\docume~1\joe\startm~1\programs\startup\speedfan.lnk - c:\program files\speedfan\speedfan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - x:\security\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199066897875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15033/CTPID.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joe\applic~1\mozilla\firefox\profiles\8sg99gnf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: c:\documents and settings\joe\application data\mozilla\firefox\profiles\8sg99gnf.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\joe\application data\mozilla\firefox\profiles\8sg99gnf.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\joe\application data\mozilla\firefox\profiles\8sg99gnf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\documents and settings\joe\application data\mozilla\firefox\profiles\8sg99gnf.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\joe\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: x:\audio\divx\divx content uploader\npUpload.dll
FF - plugin: x:\audio\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: x:\audio\divx\divx web player\npdivx32.dll
FF - plugin: x:\audio\quicktime\plugins\npqtplugin.dll
FF - plugin: x:\audio\quicktime\plugins\npqtplugin2.dll
FF - plugin: x:\audio\quicktime\plugins\npqtplugin3.dll
FF - plugin: x:\audio\quicktime\plugins\npqtplugin4.dll
FF - plugin: x:\audio\quicktime\plugins\npqtplugin5.dll
FF - plugin: x:\audio\quicktime\plugins\npqtplugin6.dll
FF - plugin: x:\audio\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: XUL Cache: {C23BC6E5-DD16-4190-8416-79EE32D6849E} - c:\documents and settings\joe\local settings\application data\{C23BC6E5-DD16-4190-8416-79EE32D6849E}

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-1-21 21512]
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-1-14 41864]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-1 111184]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2008-1-15 3968]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-1-14 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-1-14 81288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-1 20560]
R2 avast! Antivirus;avast! Antivirus;x:\security\avast!\ashServ.exe [2008-1-2 155160]
R3 avast! Mail Scanner;avast! Mail Scanner;x:\security\avast!\ashMaiSv.exe [2008-1-2 254040]
R3 avast! Web Scanner;avast! Web Scanner;x:\security\avast!\ashWebSv.exe [2008-1-2 352920]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-1-21 26248]
R3 PD100VID;Video Blaster WebCam 5 (WDM);c:\windows\system32\drivers\PD100Vid.sys [2007-12-30 374200]
S2 gupdate1c90c5898b37590;Google Update Service (gupdate1c90c5898b37590);c:\program files\google\update\GoogleUpdate.exe [2008-9-1 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-1-23 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-1-14 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-1-14 3072]
S4 aawservice;Ad-Aware 2007 Service;x:\security\ad-aware\aawservice.exe [2007-10-29 587096]
SUnknown GVTDrv;GVTDrv; [x]

=============== Created Last 30 ================

2009-02-02 16:41 5,658 a------- c:\windows\system32\PerfStringBackup.TMP
2009-02-02 07:39 <DIR> --d----- C:\WTablet
2009-02-01 23:44 135,168 a------- c:\windows\inugepukog.dll
2009-02-01 23:32 40,448 a------- c:\windows\system32\chert11-303350.exe
2009-02-01 23:17 26,112 a------- c:\windows\system32\303350.exe
2009-02-01 01:06 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-01 01:06 1,409 a------- c:\windows\QTFont.for
2009-01-29 21:25 4,757 a------- c:\windows\Irremote.ini
2009-01-26 07:38 588 a------- c:\windows\system32\settingsbkup.sfm
2009-01-26 07:38 588 a------- c:\windows\system32\settings.sfm
2009-01-23 02:43 55,468 a------- c:\windows\system32\BMXState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
2009-01-23 02:43 788 a------- c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
2009-01-23 02:40 102,400 a------- c:\windows\system32\cttele32.dll
2009-01-23 02:33 20,888,640 a------- c:\windows\system32\AppSetup.exe
2009-01-23 02:26 <DIR> --d----- c:\program files\common files\Creative Labs Shared
2009-01-23 01:33 45,392 a----r-- c:\windows\system32\AdobePDF.dll
2009-01-23 01:33 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-01-20 23:40 35,365 a------- c:\windows\system32\uninstHelixYUV.exe
2009-01-20 22:12 0 a---h--- c:\windows\SwSys2.bmp
2009-01-20 22:12 0 a---h--- c:\windows\SwSys1.bmp
2009-01-20 22:05 <DIR> --d----- c:\program files\Game_Maker7
2009-01-19 19:17 <DIR> --d----- c:\docume~1\joe\applic~1\Windows Search
2009-01-19 18:59 <DIR> --d----- c:\docume~1\joe\applic~1\Windows Desktop Search
2009-01-18 20:14 <DIR> --d----- c:\program files\Windows Desktop Search
2009-01-18 20:14 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-01-18 20:14 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-01-18 20:14 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-01-18 20:11 <DIR> --d----- c:\windows\system32\URTTEMP
2009-01-18 12:43 54,784 ---shr-- c:\windows\system32\RLAPEDec.ax
2009-01-18 12:43 37,888 ---shr-- c:\windows\system32\RLMPCDec.ax
2009-01-18 12:43 216,064 ---shr-- c:\windows\system32\nbDX.dll
2009-01-18 12:43 31,232 ---shr-- c:\windows\system32\msfDX.dll
2009-01-18 12:43 227,328 ---shr-- c:\windows\system32\ac3DX.ax
2009-01-18 12:43 163,328 ---shr-- c:\windows\system32\flvDX.dll
2009-01-18 12:43 123,904 ---shr-- c:\windows\system32\AVCDX.ax
2009-01-18 12:42 <DIR> --d----- c:\program files\eRightSoft
2009-01-15 01:40 8,192 a--shr-- C:\BOOTSECT.BAK
2009-01-15 01:40 377,151 a--shr-- C:\bootmgr
2009-01-15 01:40 <DIR> --dsh--- C:\Boot
2009-01-15 01:08 507,400 a------- c:\windows\system32\XAudio2_1.dll
2009-01-15 01:08 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
2009-01-15 01:08 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
2009-01-15 01:08 <DIR> --d----- c:\windows\Logs
2009-01-15 01:07 <DIR> --d----- c:\windows\system32\xlive
2009-01-15 01:07 <DIR> --d----- c:\program files\Microsoft XNA
2009-01-14 00:24 1,190 a---hr-- c:\windows\EPMBatch.ept
2009-01-14 00:21 <DIR> --d----- c:\program files\EASEUS
2009-01-13 22:51 114,048 a------- c:\windows\system32\drivers\snapman.sys
2009-01-10 19:38 <DIR> --d----- c:\program files\DVD Decrypter
2009-01-10 19:32 <DIR> --d----- c:\docume~1\joe\applic~1\GetRightToGo
2009-01-10 02:03 <DIR> --d----- c:\docume~1\joe\applic~1\Crayon Physics Deluxe
2009-01-10 01:35 <DIR> --d----- c:\program files\Crayon Physics Deluxe Demo

==================== Find3M ====================

2009-02-02 16:40 24,944 a------- c:\windows\system32\drivers\GVTDrv.sys
2009-01-23 02:40 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-01-23 02:40 109,080 a------- c:\windows\system32\OpenAL32.dll
2008-12-25 14:51 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-12-25 14:51 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-12-25 14:50 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-12-17 16:09 119,552 a------- c:\windows\system32\drivers\Rtenicxp.sys
2008-12-17 16:08 27,648 a------- c:\windows\system32\RtNicProp32.dll
2008-12-14 03:15 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-14 03:15 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-27 08:51 225,280 a------- c:\windows\system32\BootMan.exe
2008-11-26 15:58 472,064 a------- c:\windows\system32\NTFSFormat.dll
2008-11-26 15:55 65,536 a------- c:\windows\system32\FatCopy.dll
2008-11-26 15:54 17,920 a------- c:\windows\system32\SectorCopy.dll
2008-11-26 15:54 139,776 a------- c:\windows\system32\NTFSCopy.dll
2008-11-26 15:52 86,016 a------- c:\windows\system32\ResizeNTFS.dll
2008-11-26 15:51 61,952 a------- c:\windows\system32\FatResizeMove.dll
2008-11-26 15:51 45,568 a------- c:\windows\system32\FileSystemCheck.dll
2008-11-26 15:51 93,184 a------- c:\windows\system32\Partition.dll
2008-11-26 15:50 180,736 a------- c:\windows\system32\DeviceManager.dll
2008-11-26 15:49 22,016 a------- c:\windows\system32\FatFormat.dll
2008-11-26 15:49 86,528 a------- c:\windows\system32\NTFSLib.dll
2008-11-26 15:49 31,744 a------- c:\windows\system32\FatLib.dll
2008-11-26 15:48 10,752 a------- c:\windows\system32\DeviceAdapter.dll
2008-11-26 15:48 6,656 a------- c:\windows\system32\CallbackOperator.dll
2008-11-26 15:48 68,096 a------- c:\windows\system32\Device.dll
2008-11-26 15:48 21,504 a------- c:\windows\system32\Fixup.dll
2008-11-26 15:48 14,848 a------- c:\windows\system32\FileSystemAnalyser.dll
2008-11-26 15:48 24,576 a------- c:\windows\system32\NTFSFileSystemAnalyser.dll
2008-11-26 15:47 25,088 a------- c:\windows\system32\FATFileSystemAnalyser.dll
2008-11-25 17:18 8,704 a------- c:\windows\system32\epmntdrv.sys
2008-11-25 17:18 86,408 a------- c:\windows\system32\setupempdrv03.exe
2008-11-25 17:18 3,072 a------- c:\windows\system32\EuGdiDrv.sys
2008-11-25 17:18 14,848 a------- c:\windows\system32\EuEpmGdi.dll
2008-11-12 13:45 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-11-10 12:23 243,840 a------- c:\windows\system32\ZuneWlanCfgSvc.exe
2008-11-10 12:23 60,032 a------- c:\windows\system32\ZuneBusEnum.exe
2008-11-10 12:09 73,728 a------- c:\windows\system32\ZuneUsbTransport.dll
2008-11-10 12:09 18,944 a------- c:\windows\system32\ZuneTcp2Udp.dll
2008-11-10 12:09 57,344 a------- c:\windows\system32\ZuneRegUtil.dll
2008-11-10 12:09 12,800 a------- c:\windows\system32\ZunePTDNS.dll
2008-11-10 12:09 310,272 a------- c:\windows\system32\ZuneNetProxy.dll
2008-11-10 12:09 145,920 a------- c:\windows\system32\ZuneMTPZ.dll
2008-11-10 12:09 70,656 a------- c:\windows\system32\ZuneIPTransport.dll
2008-07-22 21:40 604 a---h--- c:\program files\STLL Notifier
2007-12-31 13:34 22,328 a------- c:\docume~1\joe\applic~1\PnkBstrK.sys
2005-10-06 15:17 280,576 a------- c:\windows\inf\wg311v3\WG311v3XP.sys
2005-10-06 15:17 280,576 a------- c:\windows\inf\wg311v3\WG311v3.sys
2005-03-01 11:16 212,992 a------- c:\windows\inf\wg311v3\CopyWHQLDriver.exe
2006-05-03 10:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
1999-07-06 19:00 1,024 ---sh--- c:\windows\system32\msi32w16.dat
2008-03-16 13:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-05-26 19:29 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052620080527\index.dat

============= FINISH: 17:47:02.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:46 PM

Posted 15 February 2009 - 09:50 AM

Hello dAvik

Welcome to BleepingComputer :thumbup2:
========================
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Avast.
============================================================
After that post an updated dds log and do the following:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users