Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP INFEDTED WITH TROJANS!! ertfor,dropper,rogue.registry defender 5,koobface,vundo, swizzor....


  • Please log in to reply
1 reply to this topic

#1 knsmith

knsmith

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 09 May 2009 - 10:22 PM

have a giant mess going on here!! my son clicked a pop up that said it was virus remover 2009.

i can't get online, don't really think i want to. i removed the wireless adapter so it can't now. i did get an email from my isp telling me i have been reported for possible spamming??? i have been running avira, adaware, superantispyware, malwarebytes, avg, trojan remover-fast scan, windows defender, hijack this, ccleaner, atf, sdfix. some find them and say they have deleted them but when i reboot and run again it still is finding ertfor. i found it in regedit but i can't delete it. i am stuck. i can't update anything although i am pretty sure that has all been done fairly recently. i have ran these multiple times in safe mode and without. i was going to just reinstall windows but i don't have a install disk. this is windows xp home edition, it was hooked to my network, but i removed the adapter. i don't know what to do. i am using a laptop and flash drive because i can't get online with this infected machine, please help me!

my pc reboots when i am running superantispyware in normal mode, it will never let me complete the scan.

thank you!!



DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 22:12:54.85 on Sat 05/09/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.196 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\OCCD\OCCD.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uDefault_Page_URL = hxxp://us9.hpwis.com/
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
mSearch Page = hxxp://ie.search.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [LTMSG] LTMSG.exe 7
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\occd.lnk - c:\program files\occd\OCCD.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - hxxp://zone.msn.com/bingame/pacz/default/pandaonline.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188406348390
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188406280781
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://messenger.zone.msn.com/binary/ZAxRcMgr.cab
DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - hxxp://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/default/gf.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {EEA3945F-2702-45A0-BBE1-BC88E252AED1} - hxxp://www.lifetimetv.com/games/dinerdash/DDPrilosec.1.0.0.30.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido\security suite\shellhook.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-25 64160]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2006-10-4 3968]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-8 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-8 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-8 185089]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-8 55640]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido\security suite\ewidoctrl.exe [2004-11-11 16448]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-24 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 windefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 mrtRate;mrtRate; [x]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-1-29 272128]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-7 44928]
S4 BQGWLMVYOZT;BQGWLMVYOZT;c:\docume~1\owner\locals~1\temp\bqgwlmvyozt.exe --> c:\docume~1\owner\locals~1\temp\BQGWLMVYOZT.exe [?]
S4 FreezeScreenSaver;FreezeScreenSaver;c:\windows\system32\freezescreensaver.exe --> c:\windows\system32\FreezeScreenSaver.exe [?]

=============== Created Last 30 ================

2009-05-08 20:20 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-08 20:19 <DIR> --d----- c:\program files\Avira
2009-05-08 20:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-05-08 09:32 <DIR> --d----- C:\SDFix
2009-05-07 20:50 401,720 a------- c:\program files\HiJackThis.exe
2009-05-07 20:38 401,720 a------- C:\HiJackThis.exe
2009-05-07 19:57 <DIR> --d----- c:\program files\Exterminate It!
2009-05-07 14:10 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-05-07 14:10 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-05-07 14:10 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-05-07 14:10 75,264 a------- c:\windows\system32\unacev2.dll
2009-05-07 14:10 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-05-07 14:10 <DIR> --d----- c:\program files\Trojan Remover
2009-05-07 14:10 <DIR> --d----- c:\docume~1\owner\applic~1\Simply Super Software
2009-05-07 14:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-05-06 19:21 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-05-06 19:21 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-06 19:21 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 19:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-06 19:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-06 19:16 578,560 a------- c:\windows\system32\dtviho
2009-05-06 19:00 578,560 a------- c:\windows\system32\bjon
2009-05-06 19:00 32,256 a------- C:\umbk.exe
2009-05-06 18:39 578,560 a------- c:\windows\system32\ehyphmtmo
2009-05-06 15:36 578,560 a------- c:\windows\system32\confn
2009-05-06 15:35 104 a------- C:\xcrashdump.dat
2009-05-06 14:54 578,560 a------- c:\windows\system32\yhcxdppk
2009-05-06 14:53 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-05-06 13:44 1,407,020 ---sh--- c:\windows\system32\cepdobec.ini
2009-05-06 13:42 1,657 a--sh--- c:\windows\system32\XwxIRXbc.ini2
2009-05-06 13:42 1,657 a--sh--- c:\windows\system32\XwxIRXbc.ini
2009-05-06 13:38 578,560 a------- c:\windows\system32\xwsezjp
2009-05-06 13:37 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-05-06 13:37 32,256 a------- C:\iqure.exe
2009-05-06 09:59 <DIR> --d----- c:\program files\Jufsoft
2009-04-14 16:06 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-14 16:06 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-14 16:06 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-14 16:06 35,328 -c------ c:\windows\system32\dllcache\sc.exe
2009-04-14 16:05 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 16:05 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-14 16:05 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 16:05 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 16:05 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-14 16:05 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-14 16:04 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-14 16:04 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 16:04 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-09 13:17 12,291 a------- c:\program files\hijackthis.log
2009-05-06 21:38 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-06 21:37 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-06 14:53 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-05-06 13:37 578,560 a------- c:\windows\system32\user32.DLL
2009-04-06 17:09 750,984 a------- c:\windows\system32\Magentic Screensaver.scr
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 13:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2007-07-25 11:52 110 a------- c:\docume~1\alluse~1\applic~1\MostFunGameId.bin
2007-05-18 18:39 774,144 ac------ c:\program files\RngInterstitial.dll
2007-03-06 15:58 237,320 ac------ c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2004-01-25 04:48 1,004,712 a------- c:\documents and settings\owner\wrar330.exe

============= FINISH: 22:13:13.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:32 PM

Posted 17 May 2009 - 07:35 AM

log is several days old. If you still need help, post back and we will get a download or two to run. I should tell you that some malware can spread from one computer to the other via usb flash drives.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users