Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with trojan


  • This topic is locked This topic is locked
4 replies to this topic

#1 eet

eet

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 09 February 2009 - 01:39 PM

So, I've had this virus for awhile, and cant seem to make it go away. I used Malwarbytes and Avira is safemode, and it detected a couple of things, but the virus remains. Heres my log.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:27 PM, on 2/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Eric Blanchard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC0B9731-9C93-4C26-BE62-6F5EEEDE17F1}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe

--
End of file - 6716 bytes

BC AdBot (Login to Remove)

 


#2 eet

eet
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 09 February 2009 - 03:00 PM

dds





DDS (Ver_09-02-01.01) - NTFSx86
Run by Eric Blanchard at 13:59:10.48 on Mon 02/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.396 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
"C:\WINDOWS\system32\svchost.exe" 92869
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Eric Blanchard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eric Blanchard\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.39,85.255.112.40
TCP: {CC0B9731-9C93-4C26-BE62-6F5EEEDE17F1} = 85.255.112.39,85.255.112.40
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ericbl~1\applic~1\mozilla\firefox\profiles\2zs2a9wi.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\minefield\components\iamfamous.dll
FF - plugin: c:\documents and settings\eric blanchard\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\minefield\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "");
c:\program files\minefield\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "");
c:\program files\minefield\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-f-CN", "");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-2-8 11840]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-5 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-5 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-5 107272]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-2-8 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-2-8 151297]
R2 UnoInstallerService;Uno Installer;c:\program files\m-audio uno\UnoInst.exe [2009-1-14 106496]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-2-8 52032]
S2 RPCHE;Remote Procedure Call (RPCE);c:\program files\common files\microsoft shared\speech\csvd.exe [2009-1-6 11573248]
S3 EVOLUSB;%EVOL_USB_SvcDesc%;c:\windows\system32\drivers\evolusb.sys [2009-1-14 21984]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-2 38496]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-8-5 903960]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-5 298264]

=============== Created Last 30 ================

2009-02-09 12:31 <DIR> --d----- c:\program files\Trend Micro
2009-02-08 07:22 <DIR> --d----- c:\program files\Avira
2009-02-08 07:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-02-07 15:55 <DIR> --d----- c:\documents and settings\eric blanchard\.SunDownloadManager
2009-02-03 07:09 0 a------- c:\windows\system32\(null)cp_2.gzip
2009-02-02 11:22 <DIR> --d----- c:\docume~1\ericbl~1\applic~1\Malwarebytes
2009-02-02 11:22 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-02 11:22 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 11:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 11:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-02 11:17 <DIR> --d----- C:\Lop SD
2009-02-02 09:32 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-02 09:32 <DIR> --d----- c:\documents and settings\eric blanchard\.housecall6.6
2009-01-29 20:31 329 ---shr-- C:\autorun.inf
2009-01-29 20:23 <DIR> --d----- c:\program files\SoundSpectrum
2009-01-26 17:23 <DIR> --d----- c:\program files\iPod
2009-01-26 17:23 <DIR> --d----- c:\program files\iTunes
2009-01-26 17:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-25 14:33 8,192 a------- C:\wubildr.mbr
2009-01-25 14:33 192,307 a------- C:\wubildr
2009-01-25 14:07 <DIR> --d----- C:\ubuntu
2009-01-25 02:37 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-01-25 02:37 <DIR> --d----- c:\program files\Xvid
2009-01-25 02:11 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-01-25 02:11 8,192 a------- c:\windows\system32\kbdkor.dll
2009-01-25 02:11 6,144 a------- c:\windows\system32\kbd106.dll
2009-01-25 02:11 6,144 a------- c:\windows\system32\kbd101c.dll
2009-01-25 02:11 6,144 a------- c:\windows\system32\kbd101b.dll
2009-01-25 02:11 5,632 a------- c:\windows\system32\kbd103.dll
2009-01-18 00:26 <DIR> --d----- c:\docume~1\ericbl~1\applic~1\Processing
2009-01-17 01:19 368,640 a------- c:\windows\system32\ReWire.dll
2009-01-17 01:19 233,472 a------- c:\windows\system32\REX Shared Library.dll
2009-01-17 01:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Propellerhead Software
2009-01-17 01:06 <DIR> --d----- c:\docume~1\ericbl~1\applic~1\Propellerhead Software
2009-01-17 01:03 <DIR> --d----- c:\program files\Propellerhead
2009-01-16 12:48 754 a------- c:\windows\WORDPAD.INI
2009-01-16 12:45 <DIR> --d----- c:\program files\common files\Steinberg
2009-01-15 19:08 147,425 a------- c:\windows\system32\SYNSOACC-Aide.chm
2009-01-15 19:08 120,468 a------- c:\windows\system32\SYNSOACC-Hilfe.chm
2009-01-15 19:08 114,279 a------- c:\windows\system32\SYNSOACC-Help.chm
2009-01-15 19:08 16,896 a------- c:\windows\system32\drivers\synasUSB.sys
2009-01-15 19:07 45,056 a------- c:\windows\system32\Synsopos.exe
2009-01-15 19:07 700,416 a------- c:\windows\system32\SYNSOACC.dll
2009-01-15 19:07 147,456 a------- c:\windows\system32\SynsoLChk.dll
2009-01-15 19:07 <DIR> --d----- c:\program files\Syncrosoft
2009-01-15 10:58 109,056 a------- c:\windows\SF97UNIN.EXE
2009-01-15 10:58 <DIR> --d----- c:\program files\Sonic Foundry Plug-Ins
2009-01-15 10:57 <DIR> --d----- c:\program files\DashSynthesis
2009-01-15 10:56 <DIR> --d----- C:\VolksZampler
2009-01-15 10:52 520,267 a------- c:\windows\system32\libmmd.dll
2009-01-15 10:19 <DIR> --d----- c:\windows\system32\Temp
2009-01-15 10:18 <DIR> --d----- c:\docume~1\ericbl~1\applic~1\SynthFont
2009-01-15 10:18 <DIR> --d----- c:\program files\SynthFont
2009-01-14 20:04 <DIR> --d----- C:\SOUNDLIB
2009-01-14 20:04 156,544 -------- c:\windows\system\BWCC.DLL
2009-01-14 19:31 <DIR> --d----- c:\program files\Steinberg
2009-01-14 19:31 <DIR> --d----- c:\docume~1\ericbl~1\applic~1\Steinberg
2009-01-14 19:29 <DIR> --d----- c:\program files\common files\Adobe Systems Shared
2009-01-14 18:53 85,504 a------- c:\windows\system32\evolusbn.dll
2009-01-14 18:53 21,984 a------- c:\windows\system32\drivers\evolusb.sys
2009-01-14 18:52 <DIR> --d----- c:\program files\M-Audio Uno
2009-01-14 18:12 <DIR> --d----- c:\program files\M-Audio Midisport 4x4
2009-01-14 17:28 <DIR> --d----- c:\program files\M-Audio Midisport 2x2
2009-01-14 17:26 724,992 a------- c:\windows\iun6002.exe
2009-01-14 17:26 <DIR> --d----- c:\program files\M-Audio Midisport 1x1
2009-01-14 17:25 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-01-14 17:25 32,128 a------- c:\windows\system32\drivers\usbccgp.sys

==================== Find3M ====================

2009-02-07 16:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-01 23:36 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-01 23:36 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-01 23:36 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-06 10:56 77,646 a------- c:\windows\War3Unin.dat
2009-01-06 10:37 139,264 a------- c:\windows\War3Unin.exe
2009-01-06 10:37 2,829 a------- c:\windows\War3Unin.pif
2009-01-06 10:35 4,224 a------- c:\windows\system32\drivers\beep.sys
2008-12-13 00:26 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-04 21:42 815,104 a------- c:\windows\system32\xvidcore.dll
2008-12-04 16:52 2,131,968 a------- c:\windows\system32\python26.dll
2008-12-03 20:15 2,030,080 a------- c:\windows\system32\python30.dll
2008-08-04 14:26 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2008-08-04 14:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-08-04 14:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080420080805\index.dat
2008-08-04 14:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 13:59:37.67 ===============

#3 eet

eet
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 10 February 2009 - 01:13 PM

BUMP.

#4 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 20 February 2009 - 02:13 PM

Hello eet,

I apologise for the delay the forum is busy.

I will be assisting you with your malware issues.
  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
  • If you fail to reply in 5 days period from now, this thread will close, and you will have to open another topic, and wait for another helper.
----------------------------------------------
Please post a new HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#5 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 25 February 2009 - 01:27 PM

Due to the lack of feedback, this Topic is now closed and will not be reopened.
If you still need help, begin a new topic.

Applies only to the original poster, anyone else with similar problems please start a new topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users