Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Spyware.Passwords and Dialer


  • Please log in to reply
3 replies to this topic

#1 Srinu_27

Srinu_27

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 29 May 2009 - 10:44 AM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Ruby at 11:30:12.85 on Fri 05/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.342 [GMT -4:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Ruby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ruby\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ruby\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Plugin Class: {56cd20f0-7c09-11d5-a768-0050042307ce} - c:\program files\sap\sap tutor\PlayerIE.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\ruby\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [<NO NAME>]
mRun: [DetectorApp] c:\program files\sonic\digitalmedia plus v7\mydvd plus\DetectorApp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program

files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_09-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ruby\applic~1\mozilla\firefox\profiles\p5hysz6v.default\
FF - plugin: c:\documents and settings\ruby\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ruby\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava12.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava131_09.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npoji600.dll

============= SERVICES / DRIVERS ===============

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-17 191848]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-9-17 202088]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-17 169320]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-10-7 139888]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-4-10 1251720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090526.004\NAVENG.Sys [2009-5-27 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090526.004\NavEx15.Sys [2009-5-27 876144]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984]
S3 Gentran Integration Suite at port 20000;Gentran Integration Suite at port 20000;c:\sterlingcommerce\si\bin\si.exe [2009-5-19 77824]
S3 Gentran Integration Suite Noapps at port 20000;Gentran Integration Suite Noapps at port 20000;c:\sterlingcommerce\si\bin\noapp.exe [2009-5-19 77824]
S3 Gentran Integration Suite Opsserver at port 20000;Gentran Integration Suite Opsserver at port 20000;c:\sterlingcommerce\si\bin\ops.exe [2009-5-19 77824]
S3 Gentran_Integration_Suite_MySql_at_port_20000;Gentran_Integration_Suite_MySql_at_port_20000;c:\sterlingcommerce\si\mysql\bin\mysqld-nt --defaults-

file=c:/sterlingcommerce/si/mysql/data/my.cnf gentran_integration_suite_mysql_at_port_20000 --> c:\sterlingcommerce\si\mysql\bin\mysqld-nt --defaults-

file=C:/SterlingCommerce/SI/mysql/data/my.cnf Gentran_Integration_Suite_MySql_at_port_20000 [?]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368]

=============== Created Last 30 ================

2009-05-29 10:58 <DIR> --d----- c:\program files\Trend Micro
2009-05-27 13:43 <DIR> --d----- c:\program files\SAP
2009-05-22 18:55 <DIR> --d----- c:\docume~1\ruby\applic~1\Malwarebytes
2009-05-22 18:54 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-22 18:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-22 18:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-22 18:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-21 15:48 <DIR> --d----- c:\documents and settings\ruby\.java
2009-05-20 23:10 <DIR> --d----- c:\program files\common files\L&H
2009-05-19 18:03 <DIR> --d----- c:\documents and settings\ruby\WINDOWS
2009-05-19 18:02 <DIR> --d----- c:\program files\Sterling Commerce
2009-05-19 18:01 <DIR> --d----- c:\documents and settings\ruby\.pmodeler
2009-05-19 17:19 <DIR> --d----- C:\SterlingCommerce
2009-05-19 17:18 45,175 -------- c:\windows\system32\plugincpl131_09.cpl
2009-05-19 17:18 <DIR> --d----- c:\program files\JavaSoft
2009-05-19 17:18 36,972 -------- c:\windows\system32\ActPanel.dll
2009-05-19 17:17 <DIR> --d----- C:\jdk1.3.1_09
2009-05-19 17:16 <DIR> --d----- C:\GIS_Installation
2009-05-17 11:27 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-05-17 11:27 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-05-17 11:27 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-05-17 11:27 9,600 a------- c:\windows\system32\dllcache\hidusb.sys
2009-05-16 13:18 0 a------- c:\windows\JDSecure31.INI
2009-05-16 13:18 249,856 a------- c:\windows\system32\LxrJD31.dll
2009-05-16 13:18 163,840 a------- c:\windows\system32\LxrJD31c.exe
2009-05-16 13:18 146,432 a------- c:\windows\system32\LxrJD31p.exe
2009-05-16 13:18 71,168 a------- c:\windows\system32\LxrJD31s.exe
2009-05-16 13:18 69,824 a------- c:\windows\system32\drivers\LxrJD31d.sys
2009-05-16 13:18 61,440 a------- c:\windows\system32\LxrJD20Sat.dll
2009-05-16 13:18 21,289 a------- c:\windows\system32\JDSecure30.hlp
2009-05-14 23:27 <DIR> -cd-h--- c:\windows\ie8
2009-05-14 10:34 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-14 10:34 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-12 14:52 764,868 -------- c:\windows\system32\dllcache\apph_sp.sdb
2009-05-12 14:52 217,118 -------- c:\windows\system32\dllcache\apphelp.sdb
2009-05-12 14:52 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-05-12 14:43 <DIR> --d----- c:\program files\Netflix
2009-05-10 18:29 25 a------- c:\windows\cdplayer.ini
2009-05-10 18:29 <DIR> --d----- c:\program files\common files\xing shared
2009-05-10 18:28 <DIR> --d----- c:\program files\common files\Real
2009-05-10 12:09 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-05-09 12:02 <DIR> --d----- c:\documents and settings\ruby\LocalLow
2009-05-09 12:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-05-08 14:13 <DIR> --dsh--- c:\documents and settings\ruby\IECompatCache
2009-05-08 14:11 <DIR> --dsh--- c:\documents and settings\ruby\PrivacIE
2009-05-08 14:10 <DIR> --dsh--- c:\documents and settings\ruby\IETldCache
2009-05-08 14:07 <DIR> --d----- c:\windows\ie8updates
2009-05-08 14:04 102,400 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-07 01:56 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLck.DAT
2009-05-07 01:55 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
2009-05-07 01:51 <DIR> --d----- c:\program files\common files\Nikon
2009-05-07 01:51 <DIR> --d----- c:\program files\Nikon
2009-05-02 11:56 <DIR> --d----- c:\windows\system32\LogFiles
2009-05-02 09:59 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-05-02 09:54 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-05-01 09:59 <DIR> --d--r-- c:\program files\Skype
2009-05-01 09:58 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-05-01 09:58 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-05-01 09:58 138,368 -------- c:\windows\system32\dllcache\afd.sys
2009-05-01 09:48 202,752 -------- c:\windows\system32\dllcache\rmcast.sys
2009-05-01 09:48 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-01 09:47 333,184 -------- c:\windows\system32\dllcache\srv.sys
2009-05-01 09:47 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-05-01 09:47 683,520 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-05-01 09:47 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-05-01 09:47 332,800 a------- c:\windows\system32\SET3EC1.tmp
2009-05-01 09:47 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2009-05-01 09:47 1,106,944 a------- c:\windows\system32\SET3EBA.tmp
2009-05-01 09:47 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-05-01 09:47 <DIR> --d----- c:\program files\Yahoo!
2009-05-01 09:44 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-05-01 09:44 351,744 a------- c:\windows\system32\SET3E30.tmp
2009-05-01 09:44 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-05-01 09:43 <DIR> --d----- c:\windows\system32\PreInstall
2009-05-01 00:49 588,272 a------- c:\windows\system32\px.dl~
2009-05-01 00:49 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-04-30 23:53 <DIR> --d----- c:\program files\Western Digital
2009-04-30 23:51 26,496 a------- c:\windows\system32\dllcache\usbstor.sys
2009-04-30 23:23 8,454,656 a------- c:\windows\system32\SET3F02.tmp
2009-04-30 23:23 8,454,656 -------- c:\windows\system32\dllcache\shell32.dll
2009-04-30 23:19 <DIR> --dsh--- c:\documents and settings\ruby\UserData
2009-04-30 23:14 644 a------- c:\windows\ODBC.INI
2009-04-30 23:14 17,920 a------- c:\windows\system32\mdimon.dll
2009-04-30 23:13 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-04-30 23:13 <DIR> --d----- c:\windows\SHELLNEW
2009-04-30 23:12 <DIR> --d----- c:\program files\TDC
2009-04-30 22:51 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-04-30 22:45 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-30 22:45 1,785 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv1000 (ET732UA#ABA)

_YN_0Pavi_QCNF6230NF2_E396559002_46_I30A0_SQuanta_V55.10_BF.11_T060410_WXH2_L409_M1015_J80_7Intel_8T2300_91.66_#060410_N80861092_(ET732UA#ABA)

_XMOBILE_CN10_Z_2Rev 1.MRK
2009-04-30 22:45 <DIR> --d----- c:\docume~1\ruby\applic~1\Symantec
2009-04-30 22:45 <DIR> --d----- c:\docume~1\ruby\applic~1\Intuit
2009-04-30 22:45 <DIR> --d----- c:\documents and settings\Ruby
2009-04-30 22:41 185,344 a------- c:\windows\system32\Thawbrkr.dll
2009-04-30 22:41 66,594 a------- c:\windows\system32\c_864.nls
2009-04-30 22:41 66,594 a------- c:\windows\system32\c_862.nls
2009-04-30 22:41 66,594 a------- c:\windows\system32\c_720.nls
2009-04-30 22:41 66,082 a------- c:\windows\system32\c_708.nls
2009-04-30 22:41 66,082 a------- c:\windows\system32\C_28596.NLS
2009-04-30 22:41 66,082 a------- c:\windows\system32\c_10005.nls
2009-04-30 22:41 66,082 a------- c:\windows\system32\c_10004.nls
2009-04-30 22:41 10,752 a------- c:\windows\system32\c_iscii.dll
2009-04-30 22:41 5,632 a------- c:\windows\system32\kbdusa.dll
2009-04-30 22:41 66,082 a------- c:\windows\system32\c_10021.nls
2009-04-30 22:41 6,144 a------- c:\windows\system32\ftlx041e.dll

==================== Find3M ====================

2009-05-14 10:34 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-14 10:34 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-27 03:09 1,193,414 a------- c:\windows\apppatch\SET3E2D.tmp
2009-03-21 10:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-08 17:09 638,816 -------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 17:09 391,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 07:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 07:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 07:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 07:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 07:34 236,544 -------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 07:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 07:34 43,008 -------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 07:34 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-03-08 07:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 07:34 109,568 -------- c:\windows\system32\dllcache\occache.dll
2009-03-08 07:33 759,296 -------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 07:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 07:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 07:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 07:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 07:33 229,376 -------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 07:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 07:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 07:33 125,952 -------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 07:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 07:32 72,704 -------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 07:32 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 07:32 163,840 -------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 07:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 07:32 71,680 -------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 07:32 55,808 -------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 07:32 128,512 -------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 07:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 07:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 07:31 183,808 a------- c:\windows\system32\dllcache\iepeers.dll
2009-03-08 07:31 348,160 a------- c:\windows\system32\dllcache\dxtmsft.dll
2009-03-08 07:31 216,064 a------- c:\windows\system32\dllcache\dxtrans.dll
2009-03-08 07:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 07:31 34,816 -------- c:\windows\system32\dllcache\imgutil.dll
2009-03-08 07:31 46,592 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-03-08 07:31 66,560 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-03-08 07:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 07:31 48,128 -------- c:\windows\system32\dllcache\mshtmler.dll
2009-03-08 07:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 07:31 45,568 -------- c:\windows\system32\dllcache\mshta.exe
2009-03-08 07:24 68,608 -------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 07:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 07:22 156,160 -------- c:\windows\system32\dllcache\msls31.dll
2009-03-06 10:00 284,160 a------- c:\windows\system32\SET3FFA.tmp
2009-03-06 10:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:00 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 19:52 1,495,552 a------- c:\windows\system32\SET3E4F.tmp
2009-03-02 19:52 1,495,552 -------- c:\windows\system32\dllcache\shdocvw.dll
2006-09-30 17:49 0 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 11:30:36.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:59 PM

Posted 06 June 2009 - 07:17 AM

hi,

sorry for delay, no shortage of posters. If you still need help reply to my post.

How Can I Reduce My Risk to Malware?


#3 Srinu_27

Srinu_27
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 06 June 2009 - 10:44 AM

Hi,

Yes, I still need some help. Could you go through the logs and let me know if you see any infections?

Thanks,
Srini.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:59 PM

Posted 07 June 2009 - 07:52 AM

ok. I see you have Malwarebytes. check MBAM for updates then do a full scan and post the log:

Once the program has loaded, check for updates then select Perform a FULL SCAN, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.


Be sure that everything is checked, and click **Remove Selected.**

**A restart of your computer most likely will be required to remove some items.**

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

post the MBAM log in your reply.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users