Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown applications running


  • Please log in to reply
1 reply to this topic

#1 vbevan

vbevan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 21 March 2009 - 04:05 AM

I'm fairly certain I have a trojan, as my anti-virus (Nod32) seems to pick it up then crashes/freezes instead of deleting it. I don't get to see the name, but in my list of running processes I see 1712362702.exe and rbgw8.exe, which are unusual as I don't know what they are. Any help would be greatly appreciated.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 17:36:56.16 on Sat 03/21/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1203 [GMT 9:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\regx32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rbgw8.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rbgw8.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1712362702.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [<NO NAME>] c:\docume~1\admini~1\locals~1\temp\rbgw8.exe
uRun: [Windows Resurections] c:\docume~1\admini~1\locals~1\temp\rbgw8.exe
uRun: [Diagnostic Manager] c:\docume~1\admini~1\locals~1\temp\1712362702.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CTHelper] CTHELPER.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [TrialReset] c:\windows\regx32.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Qsece] rundll32.exe "c:\windows\Jqeyoyucegaq.dll",e
mRun: [Bmabugahopirano] rundll32.exe "c:\windows\itikicilucip.dll",e
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nokian~1.lnk - c:\program files\nokia\nnpcs\RunLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\rtl8187 wireless lan utility\RtWLan.exe
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235749579984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235751439578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\zk7rr5jl.default\
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: XUL Cache: {4E2BE17D-0AAD-432A-B024-FD1CC6AC0343} - c:\documents and settings\administrator\local settings\application data\{4e2be17d-0aad-432a-b024-fd1cc6ac0343}\

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-10-24 34824]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-3-1 38144]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-10-24 468224]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-1 38496]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-3-1 269824]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2009-2-28 26144]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-2-28 1684736]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-28 33752]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-3-7 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-3-7 8320]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]

=============== Created Last 30 ================

2009-03-21 16:30 <DIR> --d----- c:\program files\Babylon
2009-03-21 16:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Babylon
2009-03-21 16:30 <DIR> --d----- c:\docume~1\admini~1\applic~1\Babylon
2009-03-21 11:04 135,168 a------- c:\windows\itikicilucip.dll
2009-03-21 10:53 <DIR> --d----- c:\program files\Steinberg
2009-03-21 10:53 <DIR> --d----- c:\program files\common files\Digidesign
2009-03-21 10:52 7,168 a------- C:\fgkajmnk.exe
2009-03-21 10:52 41,984 a------- c:\windows\Jqeyoyucegaq.dll
2009-03-21 10:52 41,984 a------- C:\icqvkrpb.exe
2009-03-21 10:52 10,240 a------- C:\sqquql.exe
2009-03-21 10:52 30,720 a------- C:\pcogir.exe
2009-03-21 10:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DFX
2009-03-21 10:51 <DIR> --d----- c:\program files\DFX
2009-03-21 10:51 <DIR> --d----- c:\program files\common files\DFX
2009-03-21 10:50 <DIR> --d----- c:\program files\Winamp3
2009-03-21 10:50 <DIR> --d----- c:\program files\iZotope
2009-03-21 10:46 13,835,680 a------- C:\winamp5551_pro_all.exe
2009-03-21 10:02 144,896 -------- c:\windows\system32\dllcache\schannel.dll
2009-03-20 18:58 <DIR> --d----- c:\docume~1\admini~1\applic~1\SPORE
2009-03-20 18:50 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-20 18:34 <DIR> --d----- c:\program files\QuickSFV
2009-03-20 18:33 <DIR> --d----- c:\program files\Traction Software
2009-03-18 18:05 <DIR> --d----- c:\docume~1\admini~1\applic~1\NeatImage SL
2009-03-18 18:05 <DIR> --d----- c:\program files\Neat Image
2009-03-18 18:04 4,711,281 a------- C:\Lil Wayne ft. Birdman & Yo Gotti - I Got Them.mp3
2009-03-18 18:04 7,114 a------- C:\fosi.nfo
2009-03-18 18:04 2,165,204 a------- C:\fo-nim60.exe
2009-03-18 18:04 388 a------- C:\file_id.diz
2009-03-14 19:17 230 a------- C:\config.xml
2009-03-14 18:45 <DIR> --d----- c:\program files\Microsoft Research
2009-03-11 22:46 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-03-11 22:46 57,344 a------- c:\windows\system32\QuickTime.qts
2009-03-11 22:46 <DIR> --d----- c:\program files\QuickTime Alternative
2009-03-07 00:59 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-07 00:59 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-07 00:59 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-03-07 00:26 8,064 a------- c:\windows\system32\usbser_lowerfltj.sys
2009-03-07 00:26 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys
2009-03-07 00:26 8,064 a------- c:\windows\system32\usbser_lowerflt.sys
2009-03-07 00:26 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-03-07 00:26 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
2009-03-07 00:26 8,320 a------- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-03-07 00:26 138,112 a------- c:\windows\system32\drivers\nmwcdnsu.sys
2009-03-06 07:45 815,104 a------- c:\windows\system32\xvidcore.dll
2009-03-06 07:45 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-03-06 07:45 77,824 a------- c:\windows\system32\xvid.ax
2009-03-06 07:45 <DIR> --d----- c:\program files\Xvid
2009-03-02 06:36 <DIR> --d----- c:\program files\Fraps
2009-03-02 05:37 <DIR> --d----- c:\windows\system32\xlive
2009-03-02 01:57 <DIR> --d----- c:\program files\VideoLAN
2009-03-02 01:56 262,144 a------- c:\windows\system32\gfbaksm.dll
2009-03-02 01:55 262,144 a------- c:\windows\system32\gfbaksm.dat
2009-03-02 01:55 <DIR> --d----- c:\program files\GetFLV
2009-03-02 01:48 50,688 a------- c:\windows\system32\ff_acm.acm
2009-03-02 01:33 <DIR> --d----- C:\flvrecorder
2009-03-02 01:19 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2009-03-02 01:19 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2009-03-02 01:18 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-03-02 01:18 <DIR> --d----- c:\windows\Replay Media Catcher
2009-03-02 01:17 <DIR> --d----- c:\program files\Replay Media Catcher
2009-03-02 01:00 <DIR> --d----- C:\downloads
2009-03-02 01:00 <DIR> --d----- c:\docume~1\admini~1\applic~1\GrabPro
2009-03-02 01:00 <DIR> --d----- c:\program files\Orbitdownloader
2009-03-02 00:58 <DIR> --dsh--- c:\documents and settings\administrator\IECompatCache
2009-03-01 22:48 <DIR> --d----- C:\ConvertTemp
2009-03-01 22:39 38,144 a------- c:\windows\system32\drivers\EAPPkt.sys
2009-03-01 22:39 21,035 a------- c:\windows\system32\drivers\AegisP.sys
2009-03-01 22:38 269,824 a------- c:\windows\system32\drivers\RTL8187.sys
2009-03-01 22:38 269,824 a------- c:\windows\system\rtl8187.sys
2009-03-01 22:38 <DIR> --d----- c:\windows\OPTIONS
2009-03-01 22:38 <DIR> --d----- c:\windows\system32\REALTEK RTL8187 Wireless LAN Driver and Utility
2009-03-01 18:51 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-03-01 18:44 <DIR> --d----- c:\windows\Logs
2009-03-01 18:41 <DIR> --d----- c:\windows\system32\directx
2009-03-01 18:11 <DIR> --d----- c:\program files\Fallout 3
2009-03-01 16:24 159,580 a------- c:\windows\Marsu-Fix 2.5 Uninstaller.exe
2009-03-01 16:13 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-03-01 16:12 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-01 16:12 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 16:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-01 16:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-01 16:12 <DIR> --d----- c:\program files\ESET
2009-03-01 15:42 <DIR> --d----- c:\documents and settings\administrator\Tracing
2009-03-01 15:41 <DIR> --d----- c:\program files\Microsoft
2009-03-01 15:41 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-01 15:32 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-01 14:01 <DIR> --d----- c:\docume~1\admini~1\applic~1\NSeries
2009-03-01 13:29 <DIR> --d----- c:\program files\common files\ODBC
2009-03-01 13:27 <DIR> --d----- c:\windows\SHELLNEW
2009-03-01 13:04 <DIR> --d----- c:\docume~1\admini~1\applic~1\Thinstall
2009-03-01 12:43 <DIR> --d----- C:\Shared
2009-02-28 17:42 8,192 a------- c:\windows\REGLOCS.OLD
2009-02-28 17:35 <DIR> --d----- c:\docume~1\admini~1\applic~1\Free Download Manager
2009-02-28 17:35 <DIR> --d----- c:\program files\Free Download Manager
2009-02-28 17:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FreeDownloadManager.ORG
2009-02-28 14:27 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-02-28 13:45 <DIR> --d----- c:\documents and settings\Administrator
2009-02-28 13:31 <DIR> --d----- c:\program files\MSXML 4.0
2009-02-28 13:07 <DIR> --ds---- c:\windows\system32\Microsoft
2009-02-28 13:07 <DIR> --d----- c:\windows\system32\URTTEMP
2009-02-28 13:07 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-02-28 13:06 743 a------- c:\windows\hpbvspst.his
2009-02-28 13:06 402 a------- c:\windows\hpbvspst.ini
2009-02-28 13:06 3,761 a------- c:\windows\hpbvnstp.his
2009-02-28 13:06 1,322 a------- c:\windows\hpbvnstp.ini
2009-02-28 13:06 45,056 a------- c:\windows\system32\HPPAPTS0.DLL
2009-02-28 13:06 36,864 a------- c:\windows\system32\HPPASNM0.DLL
2009-02-28 13:06 36,864 a------- c:\windows\system32\HPPAPML0.DLL
2009-02-28 13:06 36,864 a------- c:\windows\system32\HPPADT40.DLL
2009-02-28 13:06 32,768 a------- c:\windows\system32\HPPAMON0.DLL
2009-02-28 13:06 8,704 a------- c:\windows\system32\drivers\Dot4Scan.sys
2009-02-28 13:05 <DIR> --d----- c:\program files\HP
2009-02-28 13:03 <DIR> --d----- c:\program files\common files\MSSoap
2009-02-28 13:02 <DIR> --d----- c:\program files\Windows NT
2009-02-28 07:47 <DIR> --d----- c:\program files\Bullfrog
2009-02-28 07:46 <DIR> --d----- c:\documents and settings\administrator\WINDOWS
2009-02-28 07:45 <DIR> --d----- c:\docume~1\admini~1\applic~1\DAEMON Tools Pro
2009-02-28 07:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-02-28 07:44 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-02-28 07:41 <DIR> --d----- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite
2009-02-28 07:40 <DIR> --d----- c:\program files\CDisplay
2009-02-28 06:58 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-02-28 04:19 <DIR> --d----- c:\program files\MPC
2009-02-28 04:17 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-02-28 04:16 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-02-28 03:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nokia
2009-02-28 03:49 <DIR> --d----- c:\program files\common files\muvee Technologies
2009-02-28 03:42 <DIR> --d----- c:\program files\common files\Nokia
2009-02-28 03:37 <DIR> --d----- c:\program files\common files\PCSuite
2009-02-28 03:35 <DIR> --d----- c:\program files\Nokia
2009-02-28 03:26 <DIR> --d----- c:\program files\Creative
2009-02-28 02:38 <DIR> --d----- c:\program files\ffdshow
2009-02-28 02:32 <DIR> --d----- c:\program files\Real Alternative
2009-02-28 02:32 <DIR> --d----- c:\program files\The FilmMachine
2009-02-28 02:31 <DIR> --d----- c:\program files\GordianKnot
2009-02-28 01:51 <DIR> --d----- c:\program files\ASUS
2009-02-28 01:35 <DIR> --dsh--- c:\documents and settings\administrator\IETldCache
2009-02-28 00:55 <DIR> --d----- c:\program files\Realtek
2009-02-27 23:31 <DIR> --d----- c:\program files\Marvell
2009-02-27 23:02 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-02-27 22:59 <DIR> --dsh--- c:\documents and settings\administrator\PrivacIE

==================== Find3M ====================

2009-02-28 14:16 128,757 a------- c:\windows\hppins02.dat
2009-02-28 13:03 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-28 07:41 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-02-28 03:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-28 03:25 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-02-28 03:25 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-02-28 01:51 5,810 a------- c:\windows\system32\drivers\ASACPI.sys
2009-02-18 18:31 5,028,352 a------- c:\windows\system32\drivers\RtkHDAud.sys
2009-02-17 15:50 17,508,864 a------- c:\windows\RTHDCPL.EXE
2009-02-09 20:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 20:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:34 35,840 a------- c:\windows\system32\RtkCoInstXP.dll
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-05 10:54 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-02-01 16:35 666,624 a------- c:\windows\system32\OGACheckControl.dll
2009-01-21 15:54 1,206,816 a------- c:\windows\RtlUpd.exe
2009-01-15 02:17 636,264 -------- c:\windows\system32\dllcache\iexplore.exe
2009-01-15 02:17 392,040 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 02:13 5,888,512 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-15 02:06 1,182,720 -------- c:\windows\system32\dllcache\urlmon.dll
2009-01-15 02:06 236,544 -------- c:\windows\system32\dllcache\webcheck.dll
2009-01-15 02:06 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-01-15 02:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 02:05 911,872 -------- c:\windows\system32\dllcache\wininet.dll
2009-01-15 02:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 02:05 193,536 -------- c:\windows\system32\dllcache\msrating.dll
2009-01-15 02:05 109,056 -------- c:\windows\system32\dllcache\occache.dll
2009-01-15 02:05 43,008 -------- c:\windows\system32\dllcache\licmgr10.dll
2009-01-15 02:04 755,200 -------- c:\windows\system32\dllcache\VGX.dll
2009-01-15 02:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 02:04 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-01-15 02:04 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-01-15 02:02 611,840 -------- c:\windows\system32\dllcache\mstime.dll
2009-01-15 02:01 183,808 -------- c:\windows\system32\dllcache\iepeers.dll
2009-01-15 02:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 02:01 34,304 -------- c:\windows\system32\dllcache\imgutil.dll
2009-01-15 02:01 348,160 -------- c:\windows\system32\dllcache\dxtmsft.dll
2009-01-15 02:01 46,592 -------- c:\windows\system32\dllcache\pngfilt.dll
2009-01-15 02:01 216,064 -------- c:\windows\system32\dllcache\dxtrans.dll
2009-01-15 02:01 66,560 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-01-15 02:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 02:00 48,128 -------- c:\windows\system32\dllcache\mshtmler.dll
2009-01-15 02:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 02:00 45,568 -------- c:\windows\system32\dllcache\mshta.exe
2009-01-15 01:53 68,608 -------- c:\windows\system32\dllcache\hmmapi.dll
2009-01-15 01:50 156,160 a------- c:\windows\system32\msls31.dll
2009-01-15 01:50 156,160 -------- c:\windows\system32\dllcache\msls31.dll
2009-01-11 14:00 79,360 -------- c:\windows\system32\dllcache\iecompat.dll
2009-01-03 17:07 81,920 a------- c:\windows\system32\frapsvid.dll
2008-12-31 17:04 528,744 a------- c:\windows\system32\OGAVerify.exe
2008-12-31 17:04 502,120 a------- c:\windows\system32\OGAAddin.dll

============= FINISH: 17:37:08.69 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:02 AM

Posted 24 March 2009 - 04:59 PM

Hello Vbevan and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

If ComboFix does run it's full circle, the please try to install Avira Antivir as well, update and run a full system scan.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users