Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

(Inappropriate) Pop-Up Website every 15 minutes (believed to be Trojan from a download)


  • This topic is locked This topic is locked
4 replies to this topic

#1 virtualds

virtualds

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 23 May 2009 - 08:40 PM

I downloaded a file using Torrent. After I finished downloading, there is a pop-up that comes out every 15 or so minutes. The address of the pop-up is <hxxp://85.114.141.207/meds/> (if it will help you). I tried CCleaner, but the results are the same. How can I fix this?

DDS (Ver_09-05-14.01) - NTFSx86
Run by Louis at 18:27:05.32 on 2009-05-23
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vistaâ„¢ Home Premium K 6.0.6000.0.949.82.1042.18.2038.853 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Louis\AppData\Local\Temp\VRTAB7D.tmp
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\sopidkc.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Louis\Desktop\O2Mania English 1.0.1\O2Mania English.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Louis\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://85.114.141.207/meds/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - c:\progra~1\yrefre~1\YREFRE~1.DLL
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} - hxxp://bgweb.nowcdn.co.kr/bin/DownStarter.cab
DPF: {4F88CAC1-30A3-48DD-9606-2172BF23A940} - hxxp://www.ebsi.co.kr/ebs/ActiveX/EBSiPlayer.cab
DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} - hxxp://ebsi.co.kr/ebs/ActiveX/eGEBS.cab
DPF: {AC6D4501-1A42-4E5D-91AF-395406EF4303} - hxxp://o2jam.nopp.co.kr/ActiveX/NowSmartLauncher.cab
DPF: {C16D796C-337C-11DB-8C7F-0003FF053800} - hxxp://www.ebsi.co.kr/ebs/ActiveX/megabrain/BrainPower_EBSi.CAB
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D272260F-D335-4198-B0E5-B22F61141D79} - hxxp://www.ebsi.co.kr/ebs/ActiveX/EBSiPlayer_hd.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F30E6BE6-F620-4DD7-B67C-47920AEC2F4E} - hxxp://o2jam.nopp.co.kr/ActiveX/systeminfo.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\louis\appdata\roaming\mozilla\firefox\profiles\vezx407h.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=13920&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
FF - plugin: c:\programdata\nexon\ngm\npNxGame.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2006-11-2 22016]
R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2006-11-2 125952]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-5-3 234888]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-5-23 1527900]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-5-2 33176]

=============== Created Last 30 ================

2009-05-23 17:48 <DIR> --d----- c:\users\louis\appdata\roaming\MAGIX
2009-05-23 11:17 <DIR> --d----- c:\programdata\MAGIX
2009-05-23 11:17 <DIR> --d----- c:\progra~2\MAGIX
2009-05-23 11:17 158,208 a------- c:\windows\system32\tpsaxyd.exe
2009-05-23 11:17 36,864 a------- c:\windows\system32\dpcxool64.sys
2009-05-23 11:17 8 a------- c:\windows\system32\comsa32.sys
2009-05-23 11:16 120,200 a------- c:\windows\system32\DLLDEV32i.dll
2009-05-23 11:16 <DIR> --d----- c:\program files\MAGIX
2009-05-23 11:16 700,416 a------- c:\windows\system32\mgxoschk.dll
2009-05-23 11:16 5,937 a------- c:\windows\mgxoschk.ini
2009-05-23 11:16 <DIR> --d----- c:\windows\system32\MAGIX
2009-05-23 10:09 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-05-21 22:44 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-05-21 22:44 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-21 22:43 <DIR> --d----- c:\program files\iPod
2009-05-21 22:43 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-21 22:43 <DIR> --d----- c:\program files\iTunes
2009-05-21 22:43 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-21 22:42 <DIR> --d----- c:\program files\Bonjour
2009-05-21 22:41 <DIR> --d----- c:\programdata\Apple Computer
2009-05-21 22:39 <DIR> --d----- c:\programdata\Apple
2009-05-21 17:01 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-21 16:48 <DIR> --d----- c:\users\louis\appdata\roaming\MozillaControl
2009-05-21 16:46 <DIR> --d----- c:\windows\'Full Speed' Internet Booster + Performance Tests
2009-05-21 16:46 <DIR> --d----- c:\program files\'Full Speed' Internet Booster + Performance Tests
2009-05-20 18:28 <DIR> --d----- c:\program files\CodeGazer
2009-05-17 13:09 <DIR> --d----- c:\program files\Datel
2009-05-15 21:42 <DIR> --d----- c:\program files\HyCam2
2009-05-12 16:43 <DIR> --d----- c:\users\louis\appdata\roaming\PCenter
2009-05-06 21:05 <DIR> --d----- C:\Nexon
2009-05-06 21:05 <DIR> --d----- c:\programdata\Nexon
2009-05-06 21:05 <DIR> --d----- c:\progra~2\Nexon
2009-05-06 19:17 <DIR> --d----- c:\programdata\Starware347
2009-05-06 19:17 <DIR> --d----- c:\program files\Starware347
2009-05-06 19:17 <DIR> --d----- c:\progra~2\Starware347
2009-05-05 21:53 1,970,176 a------- c:\windows\system32\d3dx9.dll
2009-05-05 21:53 679,936 a------- c:\windows\system32\D3DX81ab.dll
2009-05-05 21:53 <DIR> --d----- c:\program files\Cheat Engine
2009-05-04 22:37 <DIR> --d----- c:\program files\YRefresher
2009-05-04 21:38 <DIR> a-d----- c:\programdata\TEMP
2009-05-04 21:38 <DIR> --d----- C:\Fraps
2009-05-04 21:37 376 a------- c:\windows\ODBC.INI
2009-05-04 21:37 28,040 a------- c:\windows\system32\mdimon.dll
2009-05-04 21:35 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-05-04 21:21 <DIR> --d----- c:\users\louis\appdata\roaming\GetRightToGo
2009-05-03 18:32 273 a------- c:\windows\option.ini
2009-05-03 18:29 <DIR> --d----- c:\program files\Vstplugins
2009-05-03 18:29 <DIR> --d----- c:\programdata\Sony
2009-05-03 18:29 <DIR> --d----- c:\program files\Sony
2009-05-03 18:26 <DIR> --d----- c:\program files\Sony Setup
2009-05-03 18:08 <DIR> --d----- c:\program files\AskBarDis
2009-05-03 18:08 <DIR> --d----- c:\program files\uTorrent
2009-05-03 18:08 <DIR> --d----- c:\users\louis\appdata\roaming\uTorrent
2009-05-03 17:38 <DIR> --d----- c:\program files\NOWCOM
2009-05-03 17:22 <DIR> --d----- c:\windows\system32\mgrlist
2009-05-03 17:19 <DIR> --d----- C:\Download
2009-05-03 15:19 <DIR> --d----- c:\program files\Hide Window Hotkey
2009-05-03 00:04 268,800 a------- c:\windows\system32\es.dll
2009-05-02 23:57 <DIR> --d----- c:\program files\CCleaner
2009-05-02 22:02 <DIR> --d----- c:\programdata\Adobe
2009-05-02 21:58 <DIR> --d----- c:\programdata\NOS
2009-05-02 09:23 <DIR> --d----- c:\programdata\Messenger Plus!
2009-05-02 09:23 <DIR> --d----- c:\progra~2\Messenger Plus!
2009-05-02 09:12 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-02 09:12 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-02 09:12 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-05-02 09:12 272,896 a------- c:\windows\system32\polstore.dll
2009-05-02 09:11 205,824 a------- c:\windows\system32\msoeacct.dll
2009-05-02 09:11 87,040 a------- c:\windows\system32\msoert2.dll
2009-05-02 09:11 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-05-02 09:09 194,560 a------- c:\windows\system32\WebClnt.dll
2009-05-02 09:09 110,080 a------- c:\windows\system32\drivers\mrxdav.sys
2009-05-02 09:08 376,320 a------- c:\windows\system32\winsrv.dll
2009-05-02 09:08 49,664 a------- c:\windows\system32\csrsrv.dll
2009-05-02 09:04 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-02 09:03 297,472 a------- c:\windows\system32\gdi32.dll
2009-05-02 09:02 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-02 09:01 374,456 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-05-02 08:59 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-05-02 08:59 30,208 a------- c:\windows\system32\xolehlp.dll
2009-05-02 08:58 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-02 08:58 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-02 08:58 1,687,040 a------- c:\windows\system32\gameux.dll
2009-05-02 08:57 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-02 08:55 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-05-02 08:55 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-02 08:54 414,208 a------- c:\windows\system32\msscp.dll
2009-05-02 08:53 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-05-02 08:53 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-05-02 08:53 86,016 a------- c:\windows\system32\icfupgd.dll
2009-05-02 08:53 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-05-02 08:53 61,952 a------- c:\windows\system32\cmifw.dll
2009-05-02 08:53 16,896 a------- c:\windows\system32\wfapigp.dll
2009-05-02 08:53 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-05-02 08:53 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-05-02 08:53 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-05-02 08:50 2,048 a------- c:\windows\system32\tzres.dll
2009-05-02 08:49 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-05-02 08:49 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-02 08:49 4,096 a------- c:\windows\system32\msdxm.ocx
2009-05-02 08:49 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-02 08:44 104,448 a------- c:\windows\system32\DWWIN.EXE
2009-05-02 08:43 2,923,520 a------- c:\windows\explorer.exe
2009-05-02 08:40 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2009-05-02 08:40 216,632 a------- c:\windows\system32\drivers\netio.sys
2009-05-02 08:40 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-05-02 08:40 24,064 a------- c:\windows\system32\netcfg.exe
2009-05-02 08:40 22,016 a------- c:\windows\system32\netiougc.exe
2009-05-02 08:38 4,493,312 a------- c:\windows\system32\NlsData0816.dll
2009-05-02 08:38 1,963,520 a------- c:\windows\system32\NlsData081a.dll
2009-05-02 08:38 797,696 a------- c:\windows\system32\NaturalLanguage6.dll
2009-05-02 08:38 6,917,120 a------- c:\windows\system32\NlsLexicons0c1a.dll
2009-05-02 08:38 1,963,520 a------- c:\windows\system32\NlsData0c1a.dll
2009-05-02 08:32 549,888 a------- c:\windows\system32\rpcss.dll
2009-05-02 08:32 3,503,584 a------- c:\windows\system32\ntkrnlpa.exe
2009-05-02 08:32 3,469,280 a------- c:\windows\system32\ntoskrnl.exe
2009-05-02 08:32 24,576 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-05-02 08:32 654,336 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-05-02 08:32 158,720 a------- c:\windows\system32\sdohlp.dll
2009-05-02 08:32 97,280 a------- c:\windows\system32\iasrecst.dll
2009-05-02 08:32 53,248 a------- c:\windows\system32\iasads.dll
2009-05-02 08:32 37,888 a------- c:\windows\system32\iasdatastore.dll
2009-05-02 08:29 223,232 a------- c:\windows\system32\WMASF.DLL
2009-05-02 08:29 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-05-02 08:29 2,048 a------- c:\windows\system32\asferror.dll
2009-05-02 08:28 72,704 a------- c:\windows\system32\secur32.dll
2009-05-02 08:28 1,233,408 a------- c:\windows\system32\lsasrv.dll
2009-05-02 08:28 25,600 a------- c:\windows\system32\amxread.dll
2009-05-02 08:28 14,848 a------- c:\windows\system32\apilogen.dll
2009-05-02 08:28 7,680 a------- c:\windows\system32\lsass.exe
2009-05-02 08:27 441,856 a------- c:\windows\system32\win32spl.dll
2009-05-02 08:27 37,376 a------- c:\windows\system32\printcom.dll
2009-05-02 08:26 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-05-02 08:26 14,848 a------- c:\windows\system32\wshrm.dll
2009-05-02 08:25 11,776 a------- c:\windows\system32\sbunattend.exe
2009-05-02 08:23 290,304 a------- c:\windows\system32\drivers\srv.sys
2009-05-02 08:22 83,968 a------- c:\windows\system32\dnsrslvr.dll
2009-05-02 08:22 24,576 a------- c:\windows\system32\dnscacheugc.exe
2009-05-02 08:22 269,824 a------- c:\windows\system32\schannel.dll
2009-05-01 22:49 <DIR> --d----- c:\program files\Messenger Plus! Live
2009-05-01 22:43 622,080 a------- c:\windows\system32\icardagt.exe
2009-05-01 22:43 97,800 a------- c:\windows\system32\infocardapi.dll
2009-05-01 22:43 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-05-01 22:43 11,264 a------- c:\windows\system32\icardres.dll
2009-05-01 22:43 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-01 22:43 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-05-01 22:43 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-05-01 22:43 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-05-01 22:27 15,400,960 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-05-01 22:27 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-05-01 22:27 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-05-01 22:23 96,760 a------- c:\windows\system32\dfshim.dll
2009-05-01 22:23 41,984 a------- c:\windows\system32\netfxperf.dll
2009-05-01 22:23 282,112 a------- c:\windows\system32\mscoree.dll
2009-05-01 22:23 158,720 a------- c:\windows\system32\mscorier.dll
2009-05-01 22:23 83,968 a------- c:\windows\system32\mscories.dll
2009-05-01 22:07 2,855,424 a------- c:\windows\system32\mf.dll
2009-05-01 22:07 98,816 a------- c:\windows\system32\mfps.dll
2009-05-01 22:07 52,736 a------- c:\windows\system32\rrinstaller.exe
2009-05-01 22:07 24,576 a------- c:\windows\system32\mfpmp.exe
2009-05-01 22:07 2,048 a------- c:\windows\system32\mferror.dll
2009-05-01 22:07 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-05-01 22:07 94,720 a------- c:\windows\system32\logagent.exe
2009-05-01 22:06 130,048 a------- c:\windows\system32\drivers\srv2.sys
2009-05-01 22:06 101,888 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-05-01 22:06 84,992 a------- c:\windows\system32\drivers\srvnet.sys
2009-05-01 22:06 58,368 a------- c:\windows\system32\drivers\mrxsmb20.sys
2009-05-01 22:06 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-05-01 22:05 737,792 a------- c:\windows\system32\inetcomm.dll
2009-05-01 22:05 84,480 a------- c:\windows\system32\INETRES.dll
2009-05-01 22:04 152,576 a------- c:\windows\system32\imagehlp.dll
2009-05-01 22:04 12,800 a------- c:\windows\system32\drivers\fs_rec.sys
2009-05-01 22:04 5,120 a------- c:\windows\system32\wmi.dll
2009-05-01 22:04 1,327,104 a------- c:\windows\system32\quartz.dll
2009-05-01 22:03 2,028,032 a------- c:\windows\system32\win32k.sys
2009-05-01 22:03 633,856 a------- c:\windows\system32\user32.dll
2009-05-01 22:02 1,341,440 a------- c:\windows\system32\msxml6.dll
2009-05-01 22:02 2,048 a------- c:\windows\system32\msxml6r.dll
2009-05-01 21:59 750,080 a------- c:\windows\system32\qmgr.dll
2009-05-01 21:31 <DIR> --d----- c:\users\louis\appdata\roaming\Flock
2009-05-01 21:30 <DIR> --d----- c:\users\louis\Tracing
2009-05-01 21:29 <DIR> --d----- c:\program files\Microsoft
2009-05-01 21:29 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-05-01 21:28 <DIR> --d----- c:\windows\PCHEALTH
2009-05-01 21:28 <DIR> --dsh--- c:\windows\Installer
2009-05-01 21:26 <DIR> --d----- c:\program files\Flock
2009-05-01 21:25 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-05-01 21:24 <DIR> --d----- c:\program files\common files\Windows Live
2009-05-01 21:24 83,456 a------- c:\windows\system32\wudriver.dll
2009-05-01 21:24 162,064 a------- c:\windows\system32\wuwebv.dll
2009-05-01 21:24 31,232 a------- c:\windows\system32\wuapp.exe
2009-05-01 21:21 <DIR> --dsh--- c:\users\louis\시작 메뉴
2009-05-01 21:21 <DIR> --d----- c:\users\Louis
2009-05-01 20:56 <DIR> --dsh--- c:\programdata\시작 메뉴
2009-05-01 20:56 <DIR> --dsh--- c:\programdata\바탕 화면
2009-05-01 20:56 <DIR> --dsh--- c:\progra~2\시작 메뉴
2009-05-01 20:56 <DIR> --dsh--- c:\progra~2\바탕 화면
2009-05-01 04:48 80 a------- c:\windows\winresetup.cmd

==================== Find3M ====================

2009-05-23 10:48 265,828 a------- c:\windows\system32\perfh012.dat
2009-05-23 10:48 70,524 a------- c:\windows\system32\perfc012.dat
2009-05-21 22:40 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-21 22:40 86,016 a------- c:\windows\inf\infstor.dat
2009-05-21 22:40 51,200 a------- c:\windows\inf\infpub.dat
2009-05-02 09:22 174 a--sh--- c:\program files\desktop.ini
2009-05-02 09:14 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-02 08:58 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-02 08:58 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2009-05-02 08:58 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-05-02 08:58 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-02 08:58 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-02 08:34 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-05-02 08:28 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-05-01 22:01 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 04:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 04:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 04:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 04:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 04:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2006-11-06 23:32 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-06 23:32 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-06 23:32 155,890 a------- c:\windows\inf\perflib\0412\perfi.dat
2006-11-06 23:32 155,890 a------- c:\windows\inf\perflib\0412\perfh.dat
2006-11-06 23:32 30,674 a------- c:\windows\inf\perflib\0412\perfd.dat
2006-11-06 23:32 30,674 a------- c:\windows\inf\perflib\0412\perfc.dat
2006-11-06 23:32 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-06 23:32 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:29:06.57 ===============

Attached Files


Edited by Orange Blossom, 11 February 2013 - 04:54 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 24 May 2009 - 09:00 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

------------------------------------------------------------------------------------------------------------------

NOTE: IMPORTANT! To other lurkers who see this topic, if you ever want to use ComboFix, please have a look at below tutorial.. You have been warned!

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.


Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 virtualds

virtualds
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 24 May 2009 - 06:48 PM

ComboFix 09-05-24.03 - Louis 2009-05-24 16:33.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium K 6.0.6001.1.949.82.1042.18.2037.1172 [GMT -7:00]
Running from: c:\users\Louis\Documents\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Starware347
c:\program files\Starware347\bin\dlls\jokester.dll
c:\program files\Starware347\bin\IELauncher.exe
c:\program files\Starware347\icons\star_16.ico
c:\program files\Starware347\Starware347Config.xml
c:\program files\Starware347\Starware347Uninstall.exe
c:\programdata\Starware347
c:\programdata\Starware347\buttons\672_button_1b_def.bmp
c:\programdata\Starware347\buttons\672_button_1b_over.bmp
c:\programdata\Starware347\buttons\674_button_1b_def.bmp
c:\programdata\Starware347\buttons\674_button_1b_over.bmp
c:\programdata\Starware347\buttons\FindIt.bmp
c:\programdata\Starware347\buttons\FindItHot.bmp
c:\programdata\Starware347\buttons\findithotxp.png
c:\programdata\Starware347\buttons\finditxp.png
c:\programdata\Starware347\buttons\logo.bmp
c:\programdata\Starware347\buttons\logoxp.bmp
c:\programdata\Starware347\contexts\error.xml
c:\programdata\Starware347\contexts\related.xml
c:\programdata\Starware347\contexts\travel.xml
c:\users\Louis\AppData\Roaming\PCenter
c:\users\Louis\AppData\Roaming\PCenter\dbases\cg.dat
c:\users\Louis\AppData\Roaming\PCenter\dbases\mw.dat
c:\users\Louis\AppData\Roaming\PCenter\dbases\rd.dat
c:\users\Louis\AppData\Roaming\PCenter\dbases\sc.dat
c:\users\Louis\AppData\Roaming\PCenter\dbases\sm.dat
c:\users\Louis\AppData\Roaming\PCenter\dbases\sp.dat
c:\users\Louis\AppData\Roaming\PCenter\keys\cg.key
c:\users\Louis\AppData\Roaming\PCenter\keys\rd.key
c:\users\Louis\AppData\Roaming\PCenter\keys\sc.key
c:\users\Louis\AppData\Roaming\PCenter\keys\sp.key
c:\users\Louis\AppData\Roaming\PCenter\temp\settings.ini
c:\users\Louis\AppData\Roaming\PCenter\temp\spfilter
c:\windows\Install.txt
c:\windows\system32\comsa32.sys
c:\windows\system32\dncyool64.sys
c:\windows\system32\dpcxool64.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\msncache.dll
c:\windows\system32\sopidkc.exe
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\wtukd32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_msncache
-------\Service_sopidkc


((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-24 03:12 . 2009-05-24 03:12 -------- d-----w C:\PerfLogs
2009-05-24 02:18 . 2009-05-24 02:18 -------- d-----w c:\users\Louis\AppData\Local\Google
2009-05-24 00:48 . 2009-05-24 00:48 -------- d-----w c:\users\Louis\AppData\Roaming\MAGIX
2009-05-23 18:17 . 2009-05-23 18:20 -------- d-----w c:\programdata\MAGIX
2009-05-23 18:16 . 2009-05-23 18:20 -------- d-----w c:\program files\MAGIX
2009-05-23 18:16 . 2007-04-27 17:43 120200 ----a-w c:\windows\system32\DLLDEV32i.dll
2009-05-23 18:16 . 2009-05-23 18:20 -------- d-----w c:\windows\system32\MAGIX
2009-05-23 18:16 . 2008-04-15 23:14 700416 ----a-w c:\windows\system32\mgxoschk.dll
2009-05-22 05:44 . 2009-05-22 05:44 -------- d-----w c:\users\Louis\AppData\Roaming\Apple Computer
2009-05-22 05:44 . 2009-05-22 05:44 -------- d-----w c:\users\Louis\AppData\Local\Apple Computer
2009-05-22 05:44 . 2009-03-19 23:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-22 05:44 . 2008-04-17 19:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-22 05:44 . 2009-05-22 05:44 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-22 05:43 . 2009-05-22 05:43 -------- d-----w c:\program files\iPod
2009-05-22 05:43 . 2009-05-22 05:44 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-22 05:43 . 2009-05-22 05:44 -------- d-----w c:\program files\iTunes
2009-05-22 05:42 . 2009-05-22 05:42 -------- d-----w c:\program files\Bonjour
2009-05-22 05:41 . 2009-05-22 05:42 -------- d-----w c:\program files\QuickTime
2009-05-22 05:41 . 2009-05-22 05:43 -------- d-----w c:\programdata\Apple Computer
2009-05-22 05:40 . 2009-05-22 05:40 -------- d-----w c:\users\Louis\AppData\Local\Apple
2009-05-22 05:40 . 2009-05-22 05:40 -------- d-----w c:\program files\Apple Software Update
2009-05-22 05:39 . 2009-05-22 05:43 -------- d-----w c:\program files\Common Files\Apple
2009-05-22 05:39 . 2009-05-22 05:39 -------- d-----w c:\programdata\Apple
2009-05-22 00:01 . 2009-05-22 00:01 -------- d-----w c:\program files\MSXML 4.0
2009-05-21 23:48 . 2009-05-21 23:48 -------- d-----w c:\users\Louis\AppData\Roaming\MozillaControl
2009-05-21 23:46 . 2009-05-21 23:46 -------- d-----w c:\windows\'Full Speed' Internet Booster + Performance Tests
2009-05-21 23:46 . 2009-05-22 23:18 -------- d-----w c:\program files\'Full Speed' Internet Booster + Performance Tests
2009-05-21 23:28 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D4CCD1C-FFEB-4C15-A578-1D14770296BA}\mpengine.dll
2009-05-21 01:28 . 2009-05-21 01:28 -------- d-----w c:\program files\CodeGazer
2009-05-17 20:09 . 2009-05-17 20:09 -------- d-----w c:\program files\Datel
2009-05-17 05:58 . 2009-05-23 02:20 680 ----a-w c:\users\Louis\AppData\Local\d3d9caps.dat
2009-05-16 04:42 . 2009-05-16 04:42 -------- d-----w c:\program files\HyCam2
2009-05-07 05:07 . 2009-05-07 05:07 258352 ----a-w c:\programdata\Nexon\Common\unicows.dll
2009-05-07 05:07 . 2009-05-07 05:07 894464 ----a-w c:\programdata\Nexon\Common\dbghelp.dll
2009-05-07 05:07 . 2009-05-14 22:35 1503976 ----a-w c:\programdata\Nexon\Common\nmconew.dll
2009-05-07 04:05 . 2009-05-24 22:02 -------- d-----w C:\Nexon
2009-05-07 04:05 . 2009-05-14 22:35 1618656 ----a-w c:\programdata\Nexon\Common\NMService.exe
2009-05-07 04:05 . 2009-05-24 22:02 299752 ----a-w c:\programdata\Nexon\Common\nmcogame.dll
2009-05-07 04:05 . 2009-05-24 22:02 103144 ----a-w c:\programdata\Nexon\NGM\nxgame.dll
2009-05-07 04:05 . 2009-05-20 00:31 426736 ----a-w c:\programdata\Nexon\NGM\NGMResource.dll
2009-05-07 04:05 . 2009-05-20 00:30 565992 ----a-w c:\programdata\Nexon\NGM\NGMDll.dll
2009-05-07 04:05 . 2009-05-07 04:05 86760 ----a-w c:\programdata\Nexon\NGM\npNxGame.dll
2009-05-07 04:05 . 2009-05-24 22:02 172768 ----a-w c:\programdata\Nexon\NGM\NGM.exe
2009-05-07 04:05 . 2009-05-07 04:05 -------- d-----w c:\programdata\Nexon
2009-05-06 04:53 . 2007-12-27 00:30 679936 ----a-w c:\windows\system32\D3DX81ab.dll
2009-05-06 04:53 . 2007-12-27 00:30 1970176 ----a-w c:\windows\system32\d3dx9.dll
2009-05-06 04:53 . 2009-05-06 23:47 -------- d-----w c:\program files\Cheat Engine
2009-05-05 05:37 . 2009-05-05 05:37 -------- d-----w c:\program files\YRefresher
2009-05-05 05:07 . 2009-05-05 05:07 -------- d-----w c:\users\Louis\AppData\Roaming\Publish Providers
2009-05-05 05:06 . 2009-05-05 05:13 -------- d-----w c:\users\Louis\AppData\Roaming\Sony
2009-05-05 05:06 . 2009-05-05 05:06 -------- d-----w c:\users\Louis\AppData\Local\Sony
2009-05-05 04:38 . 2009-05-17 08:17 -------- d-----w C:\Fraps
2009-05-05 04:37 . 2007-04-09 20:23 28040 ----a-w c:\windows\system32\mdimon.dll
2009-05-05 04:35 . 2009-05-05 04:35 -------- d-----w c:\program files\Microsoft ActiveSync
2009-05-05 04:33 . 2009-05-05 04:33 -------- d-----w c:\program files\Microsoft.NET
2009-05-05 04:31 . 2009-05-05 04:31 -------- d--h--r C:\MSOCache
2009-05-05 04:21 . 2009-05-05 04:27 -------- d-----w c:\users\Louis\AppData\Roaming\GetRightToGo
2009-05-04 01:29 . 2009-05-04 01:29 -------- d-----w c:\program files\Vstplugins
2009-05-04 01:29 . 2009-05-04 01:29 -------- d-----w c:\programdata\Sony
2009-05-04 01:29 . 2009-05-04 01:29 -------- d-----w c:\program files\Sony
2009-05-04 01:26 . 2009-05-04 01:26 -------- d-----w c:\program files\Sony Setup
2009-05-04 01:08 . 2009-05-04 01:08 -------- d-----w c:\program files\AskBarDis
2009-05-04 01:08 . 2009-05-04 01:08 -------- d-----w c:\program files\uTorrent
2009-05-04 01:08 . 2009-05-24 22:37 -------- d-----w c:\users\Louis\AppData\Roaming\uTorrent
2009-05-04 00:38 . 2009-05-07 02:40 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-04 00:38 . 2009-05-07 02:33 -------- d-----w c:\program files\NOWCOM
2009-05-04 00:38 . 2009-05-04 00:38 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-04 00:22 . 2009-05-06 06:28 -------- d-----w c:\windows\system32\mgrlist
2009-05-04 00:19 . 2009-05-06 06:28 -------- d-----w C:\Download
2009-05-03 22:19 . 2009-05-03 22:19 -------- d-----w c:\program files\Hide Window Hotkey
2009-05-03 18:55 . 2008-01-19 07:36 876032 ----a-w c:\windows\system32\wer.dll
2009-05-03 18:54 . 2008-01-19 07:36 340992 ----a-w c:\windows\system32\RelMon.dll
2009-05-03 18:53 . 2008-01-19 07:36 41472 ----a-w c:\windows\system32\WlanMmHC.dll
2009-05-03 18:52 . 2008-01-19 07:36 357888 ----a-w c:\windows\system32\wbemcomn.dll
2009-05-03 18:52 . 2008-01-19 07:36 129536 ----a-w c:\windows\system32\sqmapi.dll
2009-05-03 18:52 . 2008-01-19 07:36 704512 ----a-w c:\windows\system32\SmiEngine.dll
2009-05-03 18:52 . 2008-01-19 07:36 139264 ----a-w c:\windows\system32\SmiInstaller.dll
2009-05-03 18:51 . 2008-01-19 07:36 218624 ----a-w c:\windows\system32\wdscore.dll
2009-05-03 18:51 . 2008-01-19 07:33 130560 ----a-w c:\windows\system32\PkgMgr.exe
2009-05-03 18:50 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll
2009-05-03 18:50 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll
2009-05-03 18:50 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll
2009-05-03 18:50 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll
2009-05-03 07:04 . 2009-05-03 07:04 269312 ----a-w c:\windows\system32\es.dll
2009-05-03 06:57 . 2009-05-03 06:57 -------- d-----w c:\program files\CCleaner
2009-05-03 05:03 . 2009-05-03 05:03 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-03 05:01 . 2009-05-03 05:02 -------- d-----w c:\program files\Common Files\Adobe
2009-05-03 04:58 . 2009-05-03 05:04 -------- d-----w c:\users\Louis\AppData\Local\Adobe
2009-05-03 04:58 . 2009-05-03 05:03 -------- d-----w c:\programdata\NOS
2009-05-03 04:58 . 2009-05-03 04:58 -------- d-----w c:\program files\NOS
2009-05-03 04:58 . 2009-03-03 21:53 17464 ----a-w c:\users\Louis\AppData\Roaming\Flock\Browser\Profiles\qr189l7g.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg.exe
2009-05-03 04:58 . 2009-03-03 21:53 12792 ----a-w c:\users\Louis\AppData\Roaming\Flock\Browser\Profiles\qr189l7g.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg_bootstrap.exe
2009-05-03 04:58 . 2009-03-03 21:53 109420 ----a-w c:\users\Louis\AppData\Roaming\Flock\Browser\Profiles\qr189l7g.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
2009-05-02 16:23 . 2009-05-02 16:23 -------- d-----w c:\programdata\Messenger Plus!
2009-05-02 16:12 . 2009-05-02 16:12 61440 ----a-w c:\windows\system32\winipsec.dll
2009-05-02 16:12 . 2009-05-02 16:12 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-05-02 16:12 . 2009-05-02 16:12 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-05-02 16:12 . 2009-05-02 16:12 272896 ----a-w c:\windows\system32\polstore.dll
2009-05-02 16:04 . 2009-05-02 16:04 376832 ----a-w c:\windows\system32\winhttp.dll
2009-05-02 16:03 . 2009-05-02 16:03 296960 ----a-w c:\windows\system32\gdi32.dll
2009-05-02 16:02 . 2009-05-02 16:02 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-05-02 15:59 . 2009-05-02 15:59 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-05-02 15:59 . 2009-05-02 15:59 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-05-02 15:58 . 2009-05-02 15:58 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-05-02 15:58 . 2009-05-02 15:58 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-02 15:58 . 2009-05-02 15:58 1695744 ----a-w c:\windows\system32\gameux.dll
2009-05-02 15:57 . 2009-05-02 15:57 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-05-02 15:55 . 2009-05-02 15:55 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-05-02 15:55 . 2009-05-02 15:55 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-05-02 15:50 . 2009-05-02 15:50 2048 ----a-w c:\windows\system32\tzres.dll
2009-05-02 15:49 . 2009-05-02 15:49 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-05-02 15:49 . 2009-05-02 15:49 7680 ----a-w c:\windows\system32\spwmp.dll
2009-05-02 15:49 . 2009-05-02 15:49 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-05-02 15:43 . 2009-05-02 15:43 2927104 ----a-w c:\windows\explorer.exe
2009-05-02 15:34 . 2009-05-02 15:34 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-05-02 15:34 . 2009-05-02 15:34 988216 ----a-w c:\windows\system32\winload.exe
2009-05-02 15:34 . 2009-05-02 15:34 927288 ----a-w c:\windows\system32\winresume.exe
2009-05-02 15:34 . 2009-05-02 15:34 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-05-02 15:34 . 2009-05-02 15:34 40960 ----a-w c:\windows\system32\srclient.dll
2009-05-02 15:34 . 2009-05-02 15:34 378368 ----a-w c:\windows\system32\srcore.dll
2009-05-02 15:34 . 2009-05-02 15:34 318464 ----a-w c:\windows\system32\rstrui.exe
2009-05-02 15:34 . 2009-05-02 15:34 19000 ----a-w c:\windows\system32\kd1394.dll
2009-05-02 15:34 . 2009-05-02 15:34 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-05-02 15:34 . 2009-05-02 15:34 615992 ----a-w c:\windows\system32\ci.dll
2009-05-02 15:32 . 2009-05-02 15:32 551424 ----a-w c:\windows\system32\rpcss.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 23:40 . 2007-01-07 08:43 12 ----a-w c:\windows\bthservsdp.dat
2009-05-24 22:43 . 2006-11-07 06:35 395106 ----a-w c:\windows\system32\perfh012.dat
2009-05-24 22:43 . 2006-11-07 06:35 101026 ----a-w c:\windows\system32\perfc012.dat
2009-05-24 03:13 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar
2009-05-24 03:13 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-24 03:13 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-05-24 03:13 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery
2009-05-24 03:13 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal
2009-05-24 03:13 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration
2009-05-24 03:13 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender
2009-05-24 03:12 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-05-24 02:57 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-05-24 02:57 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-02 23:29 . 2009-04-02 23:29 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-19 23:32 . 2009-03-19 23:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-08 11:34 . 2009-05-13 23:14 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-13 23:14 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-13 23:14 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-13 23:14 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-13 23:14 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-13 23:14 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-13 23:14 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-13 23:14 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-13 23:14 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-13 23:14 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-13 23:14 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-13 23:14 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-13 23:14 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-13 23:14 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-13 23:14 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-13 23:14 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-13 23:14 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-13 23:14 156160 ----a-w c:\windows\system32\msls31.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 19:47 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"Google Update"="c:\users\Louis\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-24 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"imekrmig7.0"="c:\program files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 25440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8EC7746E-815C-4080-972A-CDC440D8FB17}c:\\users\\louis\\desktop\\o2solo\\o2solo.exe"= UDP:c:\users\louis\desktop\o2solo\o2solo.exe:o2solo.exe
"UDP Query User{6CE0B75F-3598-4351-9718-B28D1E3B15D6}c:\\users\\louis\\desktop\\o2solo\\o2solo.exe"= TCP:c:\users\louis\desktop\o2solo\o2solo.exe:o2solo.exe
"{AB6B1F3D-2B89-4B15-A02F-68E422D5F769}"= UDP:c:\program files\uTorrent\uTorrent.exe:μTorrent (TCP-In)
"{DCECE6FA-98AB-4764-9689-BFA0AD465753}"= TCP:c:\program files\uTorrent\uTorrent.exe:μTorrent (UDP-In)
"{0A82FECD-890C-404C-A87C-80931C583C16}"= UDP:c:\programdata\Nexon\NGM\NGM.exe:Nexon Game Manager
"{BC0FA510-1369-49FD-B36D-A5C1C368C056}"= TCP:c:\programdata\Nexon\NGM\NGM.exe:Nexon Game Manager
"{53F5765F-CB81-40DD-B052-511F96351B32}"= UDP:c:\programdata\Nexon\Common\NMService.exe:Nexon Messenger Service
"{7184BE69-ED5D-4084-A4C9-A1903B801459}"= TCP:c:\programdata\Nexon\Common\NMService.exe:Nexon Messenger Service
"{22327BB1-6A4E-41D5-8779-D093466DCB2D}"= UDP:c:\nexon\Crazy Arcade\NewPatcher.exe:Nexon Game Launcher
"{19A55015-0A17-4F2F-86F7-A3C5B7FBFCCC}"= TCP:c:\nexon\Crazy Arcade\NewPatcher.exe:Nexon Game Launcher
"TCP Query User{594DC571-27DC-41E8-824A-98DA258408CA}c:\\users\\louis\\desktop\\o2solo\\o2solo.exe"= UDP:c:\users\louis\desktop\o2solo\o2solo.exe:o2solo.exe
"UDP Query User{8CBFA502-F774-4971-ADE7-1D75B40550B8}c:\\users\\louis\\desktop\\o2solo\\o2solo.exe"= TCP:c:\users\louis\desktop\o2solo\o2solo.exe:o2solo.exe
"{22926902-726A-4DBC-BCE7-2D8619695617}"= UDP:c:\programdata\Nexon\Common\NMService.exe:Nexon Messenger Core
"{D6349517-66EA-46CB-BA53-003FAD98F85A}"= TCP:c:\programdata\Nexon\Common\NMService.exe:Nexon Messenger Core
"TCP Query User{BB2C1721-5E5A-4C3F-8585-2A67433F5046}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2D196CE2-787A-4631-85B5-95CE6A49C9ED}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{B9B83825-4BB9-405D-AE2A-32E373772778}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3E18E45C-32E1-4ADB-AD3F-EAEA782BCBA0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B8A69792-CED4-4190-AE44-C402DE67F6DE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C2301671-9993-4A8F-8E7D-233542008AB1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{CC9CC03B-CEEA-425A-B7AF-B44004202CA5}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:μTorrent
"UDP Query User{9437AC7B-C60E-473F-968F-D5625774385E}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:μTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-05-03 오후 6:08 234888]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-05-23 오전 11:19 1527900]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-05-02 오후 9:58 33176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1555506173-2958760707-1594856846-1000.job
- c:\users\Louis\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-24 02:18]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} - hxxp://bgweb.nowcdn.co.kr/bin/DownStarter.cab
DPF: {4F88CAC1-30A3-48DD-9606-2172BF23A940} - hxxp://www.ebsi.co.kr/ebs/ActiveX/EBSiPlayer.cab
DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} - hxxp://ebsi.co.kr/ebs/ActiveX/eGEBS.cab
DPF: {AC6D4501-1A42-4E5D-91AF-395406EF4303} - hxxp://o2jam.nopp.co.kr/ActiveX/NowSmartLauncher.cab
DPF: {C16D796C-337C-11DB-8C7F-0003FF053800} - hxxp://www.ebsi.co.kr/ebs/ActiveX/megabrain/BrainPower_EBSi.CAB
DPF: {D272260F-D335-4198-B0E5-B22F61141D79} - hxxp://www.ebsi.co.kr/ebs/ActiveX/EBSiPlayer_hd.cab
DPF: {F30E6BE6-F620-4DD7-B67C-47920AEC2F4E} - hxxp://o2jam.nopp.co.kr/ActiveX/systeminfo.cab
FF - ProfilePath - c:\users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\vezx407h.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=13920&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
FF - plugin: c:\programdata\Nexon\NGM\npNxGame.dll
FF - plugin: c:\users\Louis\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 16:42
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-05-24 16:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-24 23:46

Pre-Run: 117,129,297,920 바이트 남음
Post-Run: 116,780,601,344 바이트 남음

333 --- E O F --- 2009-05-24 10:01

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 24 May 2009 - 10:45 PM

Uninstall Ask Toolbar if you don't use it..


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 31 May 2009 - 12:17 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users