Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

not sure what i'm infected with coolwebserach possible??


  • Please log in to reply
3 replies to this topic

#1 jburnsrupp

jburnsrupp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 24 June 2009 - 06:51 PM

Hi,

Earlier today my avira scan caught something called a SWF virus I think. I deleted it. Afterwards firefox stopped working (said it was running but not responding and had to be shutdown). But the process firefox.exe didn't show up and restarting didn't solve the problem. I uninstalled and reinstalled firefox and now it works. But did a hijack scan and then had it analysed and it said i had some problems in red. Not sure at all what the problems are or how to fix them. Would appreciate any help. Thanks!


DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 19:38:44.57 on Wed 06/24/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.5.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2180 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CF13863.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_14\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [TpShocks] TpShocks.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_14\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\tls5tk3s.default\
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJPI150_14.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-6 64160]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-5-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-1 11608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-6-1 198224]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-6-1 31824]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-6-1 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-1 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-1 185089]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-5-10 1160440]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-1 55640]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-5-10 102400]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-6-1 361672]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-6-1 3052744]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-5-31 2058776]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-5-31 475136]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-5-31 244368]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S2 SessionLauncher;SessionLauncher;c:\docume~1\admini~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\admini~1\locals~1\temp\dx9\SessionLauncher.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]

=============== Created Last 30 ================

2009-06-24 19:13 101,131 a------- C:\MGlogs.zip
2009-06-24 19:13 <DIR> --d----- C:\MGtools
2009-06-24 18:02 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-06-24 17:57 <DIR> a-dshr-- C:\cmdcons
2009-06-24 17:55 161,792 a------- c:\windows\SWREG.exe
2009-06-24 17:55 155,136 a------- c:\windows\PEV.exe
2009-06-24 17:55 98,816 a------- c:\windows\sed.exe
2009-06-24 17:55 <DIR> --ds---- C:\ComboFix
2009-06-24 17:44 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-06-24 17:43 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 17:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-24 17:43 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-24 17:43 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-24 17:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-24 17:09 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-24 17:09 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-06-24 17:08 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-24 16:53 1,343,190 a------- C:\MGtools.exe
2009-06-24 16:48 <DIR> --d----- c:\program files\CCleaner
2009-06-24 03:39 <DIR> --d----- c:\program files\DivX
2009-06-24 03:39 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-18 13:47 <DIR> --d----- c:\program files\UPHClean
2009-06-15 14:33 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-06-11 14:27 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-06-11 14:27 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-06-11 14:26 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-06-11 14:26 10,368 a------- c:\windows\system32\dllcache\hidusb.sys
2009-06-09 19:01 <DIR> --d----- c:\program files\Microsoft Games
2009-06-09 18:35 <DIR> --d----- c:\program files\PowerISO
2009-06-09 16:49 <DIR> --d----- c:\docume~1\owner\applic~1\DAEMON Tools Lite
2009-06-07 12:46 <DIR> --d----- c:\program files\DVD Shrink
2009-06-07 10:47 <DIR> --d----- c:\program files\DVD Decrypter
2009-06-06 14:54 <DIR> --d----- c:\program files\Trend Micro
2009-06-06 13:41 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-06 13:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-06 12:59 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-06 12:59 <DIR> --d----- c:\program files\Lavasoft
2009-06-05 19:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCDr
2009-06-05 19:15 <DIR> --d----- c:\windows\pss
2009-06-05 18:45 <DIR> --d----- c:\program files\Project64 1.6
2009-06-05 18:44 <DIR> --d----- C:\ROM
2009-06-04 20:03 <DIR> --d----- c:\program files\VirtualDJ
2009-06-04 12:10 <DIR> --d----- c:\program files\uTorrent
2009-06-04 12:10 <DIR> --d----- c:\docume~1\owner\applic~1\uTorrent
2009-06-03 01:40 <DIR> --d----- c:\windows\system32\appmgmt
2009-06-03 01:22 552 a------- c:\windows\system32\d3d8caps.dat
2009-06-01 21:57 <DIR> --d----- c:\docume~1\owner\applic~1\foobar2000
2009-06-01 21:57 <DIR> --d----- c:\program files\foobar2000
2009-06-01 21:34 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-06-01 21:31 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-06-01 21:30 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-01 21:30 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-06-01 21:30 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-06-01 21:30 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-06-01 21:27 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-06-01 21:27 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-06-01 21:27 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-06-01 21:26 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-06-01 21:26 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-06-01 21:26 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-01 21:20 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-01 19:39 <DIR> --d--r-- c:\program files\Skype
2009-06-01 19:37 <DIR> --d----- c:\program files\VideoLAN
2009-06-01 18:25 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-01 18:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-01 17:51 <DIR> --d----- c:\docume~1\owner\applic~1\OnlineArmor
2009-06-01 17:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OnlineArmor
2009-06-01 17:51 198,224 a------- c:\windows\system32\drivers\OADriver.sys
2009-06-01 17:51 31,824 a------- c:\windows\system32\drivers\OAmon.sys
2009-06-01 17:51 29,776 a------- c:\windows\system32\drivers\OAnet.sys
2009-06-01 17:51 <DIR> --d----- c:\program files\Tall Emu
2009-06-01 17:43 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-01 17:43 <DIR> --d----- c:\program files\Avira
2009-06-01 17:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-01 14:59 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-01 14:44 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-01 14:42 19,569 a------- c:\windows\002819_.tmp
2009-06-01 14:11 32,592 a------- c:\windows\system32\msonpmon.dll
2009-06-01 14:08 <DIR> --d----- c:\windows\SHELLNEW
2009-05-31 23:02 2,080 a------- c:\windows\system32\ICAutoUpdate.log.bak
2009-05-31 23:01 221,184 a------- c:\windows\system32\wmpns.dll
2009-05-31 23:01 50 a------- c:\windows\system32\drivers\LENOVO_6473_RZ8.MRK
2009-05-31 23:01 <DIR> --d----- c:\program files\Windows Live Toolbar
2009-05-31 23:01 10 a------- c:\windows\system32\firstboot.lgl
2009-05-31 23:01 <DIR> --d----- c:\documents and settings\owner\Bluetooth Software
2009-05-31 23:01 <DIR> --d----- c:\docume~1\owner\applic~1\Lenovo
2009-05-31 23:01 <DIR> --d----- c:\docume~1\owner\applic~1\Intel
2009-05-31 23:01 <DIR> --d----- c:\docume~1\owner\applic~1\CachedFiles
2009-05-31 23:01 <DIR> --d----- c:\documents and settings\Owner
2009-05-31 22:56 8,192 a------- c:\windows\REGLOCS.OLD
2009-05-31 22:54 61 a------- c:\windows\smscfg.ini
2009-05-31 22:48 7,012 a------- c:\windows\system32\drivers\pmemnt.sys
2009-05-31 22:47 <DIR> --d----- c:\windows\Downloaded Installations
2009-05-31 22:47 582,968 a------- c:\windows\system32\tvt_gina.dll
2009-05-31 22:47 292,152 a------- c:\windows\system32\tvt_gina_api.dll
2009-05-31 22:47 0 a------- c:\windows\system32\AccConnAdvanced.html
2009-05-31 22:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC-Doctor
2009-05-31 22:43 <DIR> --d----- c:\program files\Sonic Icons for Lenovo
2009-05-31 22:43 99,848 a------- c:\windows\system32\drivers\DRVMCDB.SYS
2009-05-31 22:43 92,920 a------- c:\windows\DLA.EXE
2009-05-31 22:43 56,056 a------- c:\windows\system32\DLAAPI_W.DLL
2009-05-31 22:43 51,768 a------- c:\windows\system32\drivers\DRVNDDM.SYS
2009-05-31 22:43 28,120 a------- c:\windows\system32\drivers\DLARTL_M.SYS
2009-05-31 22:43 12,856 a------- c:\windows\system32\drivers\DLACDBHM.SYS
2009-05-31 22:43 120 a------- c:\windows\wininit.ini
2009-05-31 22:43 <DIR> --d----- c:\windows\system32\DLA
2009-05-31 22:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Uninstall
2009-05-31 22:42 <DIR> --d----- c:\program files\Roxio
2009-05-31 22:42 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-05-31 22:42 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-05-31 22:41 <DIR> --d----- c:\program files\Lenovo Registration
2009-05-31 22:41 <DIR> --d----- c:\program files\InterVideo
2009-05-31 22:41 <DIR> --d----- c:\program files\common files\InterVideo
2009-05-31 22:40 922,920 a------- c:\windows\system32\ahlprun.exe
2009-05-31 22:40 44,544 a------- c:\windows\system32\msxml4a.dll
2009-05-31 22:40 9,679 a------- c:\windows\system32\msxml4r.cat
2009-05-31 22:40 9,675 a------- c:\windows\system32\msxml4.cat
2009-05-31 22:40 3,489 a------- c:\windows\system32\msxml4.Manifest
2009-05-31 22:40 500 a------- c:\windows\system32\msxml4r.Manifest
2009-05-31 22:40 1,060,864 a------- c:\windows\system32\MFC71.DLL
2009-05-31 22:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lenovo
2009-05-31 22:39 <DIR> --d----- c:\windows\system32\(null)
2009-05-31 22:39 <DIR> --d----- c:\program files\common files\Lenovo
2009-05-31 22:39 30,144 a------- c:\windows\system32\drivers\psadd.sys
2009-05-31 22:36 <DIR> --d----- C:\AuthLog
2009-05-31 22:34 333 a------- c:\windows\system32\$ncsp$.inf
2009-05-31 22:32 754,176 a------- c:\windows\system32\drivers\CHDAU32.sys
2009-05-31 22:32 237,568 a------- c:\windows\system32\UCI32A30.dll
2009-05-31 22:32 <DIR> --d----- c:\program files\Digital Line Detect
2009-05-31 22:32 <DIR> --d----- c:\program files\NetWaiting
2009-05-31 22:32 <DIR> --d----- c:\program files\CONEXANT
2009-05-31 22:31 985,472 a------- c:\windows\system32\drivers\HSF_DPV.sys
2009-05-31 22:31 731,264 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-05-31 22:31 229,376 a------- c:\windows\system32\UCI32M27.dll
2009-05-31 22:31 210,560 a------- c:\windows\system32\drivers\HSFHWAZL.sys
2009-05-31 22:31 146,036 a------- c:\windows\system32\drivers\HSFProf.cty
2009-05-31 22:31 94,208 a------- c:\windows\system32\mdmxsdk.dll
2009-05-31 22:31 12,672 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-05-31 22:30 9,598,080 a------- c:\windows\system32\drivers\snp2uvc.sys
2009-05-31 22:30 569,344 a------- c:\windows\vsnp2uvc.exe
2009-05-31 22:30 299,008 a------- c:\windows\system32\vsnp2uvc.dll
2009-05-31 22:30 53,248 a------- c:\windows\system32\csnp2uvc.dll
2009-05-31 22:30 27,904 a------- c:\windows\system32\drivers\sncduvc.sys
2009-05-31 22:30 15,497 a------- c:\windows\snp2uvc.ini
2009-05-31 22:30 13,022 a------- c:\windows\snp2uvc.src
2009-05-31 22:30 167,936 a------- c:\windows\system32\rsnp2uvc.dll
2009-05-31 22:30 <DIR> --d----- c:\program files\common files\SNP2UVC
2009-05-31 22:29 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ATSwpWDF_01005.Wdf
2009-05-31 22:29 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-31 22:28 1,419,232 a------- c:\windows\system32\WdfCoinstaller01005.dll
2009-05-31 22:28 475,136 a------- c:\windows\system32\drivers\ATSwpWDF.sys
2009-05-31 22:28 <DIR> --d----- c:\program files\Fingerprint Sensor
2009-05-31 22:28 <DIR> --d----- c:\program files\Lenovo Fingerprint Software
2009-05-31 22:27 <DIR> --d----- c:\program files\Lenovo
2009-05-31 22:27 989,720 a------- c:\windows\system32\heciudlg.exe
2009-05-31 22:27 40,832 a------- c:\windows\system32\drivers\HECI.sys
2009-05-31 22:27 1,002,008 a------- c:\windows\system32\mesoludlg.exe
2009-05-31 22:27 <DIR> --d----- c:\program files\common files\postureAgent
2009-05-31 22:23 3,627,776 a------- c:\windows\system32\drivers\NETw5x32.sys
2009-05-31 22:23 2,756,608 a------- c:\windows\system32\NETw5r32.dll
2009-05-31 22:23 659,456 a------- c:\windows\system32\NETw5c32.dll
2009-05-31 22:22 <DIR> --d----- c:\program files\common files\Intel
2009-05-31 22:21 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-05-31 22:21 177,664 a------- c:\windows\system32\drivers\SynTP.sys
2009-05-31 22:21 110,592 a------- c:\windows\system32\SynTPAPI.dll
2009-05-31 22:21 110,592 a------- c:\windows\system32\SynCtrl.dll
2009-05-31 22:21 77,824 a------- c:\windows\system32\SynTPCoI.dll
2009-05-31 22:21 73,728 a------- c:\windows\system32\SynCOM.dll
2009-05-31 22:21 65,536 a------- c:\windows\system32\SynTPFcs.dll
2009-05-31 22:21 <DIR> --d----- c:\program files\Synaptics
2009-05-31 22:20 106,557 a------- c:\windows\system32\btw_ci.dll
2009-05-31 22:20 89,896 a------- c:\windows\system32\drivers\btwsecfl.sys
2009-05-31 22:20 47,272 a------- c:\windows\system32\drivers\btwusb.sys
2009-05-31 22:20 990,632 a------- c:\windows\system32\drivers\btkrnl.sys
2009-05-31 22:20 156,392 a------- c:\windows\system32\drivers\btwdndis.sys
2009-05-31 22:20 37,160 a------- c:\windows\system32\drivers\btport.sys
2009-05-31 22:20 534,312 a------- c:\windows\system32\drivers\btaudio.sys
2009-05-31 22:20 <DIR> --d----- c:\program files\ThinkPad
2009-05-31 22:19 993,816 a------- c:\windows\system32\ITPMudlg.exe
2009-05-31 22:19 319,456 a------- c:\windows\system32\difxapi.dll
2009-05-31 22:19 13,824 a------- c:\windows\system32\drivers\tpm.sys
2009-05-31 22:19 10,752 a------- c:\windows\system32\TDDL.dll
2009-05-31 22:19 <DIR> --d----- c:\windows\system32\Lang
2009-05-31 22:19 <DIR> --d----- C:\Intel
2009-05-31 22:19 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-31 22:16 28,672 a------- c:\windows\system32\verclsid.exe
2009-05-31 22:16 144,128 -------- c:\windows\system32\dllcache\usbport.sys
2009-05-31 22:12 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-05-31 22:12 138 a------- c:\windows\system32\Softkbd.exe.config
2009-05-31 22:08 <DIR> --d----- c:\windows\RegisteredPackages
2009-05-31 22:06 10,240 a------- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-31 22:05 248,448 a------- c:\windows\system32\PROUnstl.exe
2009-05-31 22:03 30,208 a------- c:\windows\system32\drivers\usbehci.sys
2009-05-31 22:03 7,168 a------- c:\windows\system32\hccoin.dll
2009-05-31 22:03 61,696 a------- c:\windows\system32\drivers\ohci1394.sys
2009-05-31 22:03 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-05-31 22:03 53,376 a------- c:\windows\system32\drivers\1394bus.sys
2009-05-31 22:03 8,832 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-05-31 22:01 <DIR> a-d----- C:\drivers
2009-05-31 22:01 93 a------- C:\syslevel.lgl
2009-05-31 21:51 <DIR> a-d----- C:\SWTOOLS
2009-05-31 21:49 <DIR> a-d----- C:\I386

==================== Find3M ====================

2009-06-01 14:47 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-13 17:54 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-13 17:54 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-13 17:54 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-13 17:54 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-13 17:54 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-13 17:54 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-13 17:54 685,056 a------- c:\windows\system32\DivX.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-04-29 00:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll

============= FINISH: 19:39:38.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:49 AM

Posted 28 June 2009 - 06:49 AM

hi jburnsrupp,

sorry for delay, no shortage of posters. I see you have Adaware, Spybot, MBAM and SAS, are they updated and coming up clean after a scan? i dont recognize any malware in the log.

How Can I Reduce My Risk to Malware?


#3 jburnsrupp

jburnsrupp
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 29 June 2009 - 09:19 AM

Hi,

S'ok, thankyou for responding. I've run all of them updated and they all come up clean. I haven't had any problems really in the past couple days so I'm guessing I was worried about it for nothing. But thanks again for looking at it!

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:49 AM

Posted 29 June 2009 - 03:53 PM

ok then, Here are some tips for reducing your risk to malware:

10 Tips for Reducing Your Risk To Malware:
The Short Version:

1) It is essential to Keep your OS,(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. This is also true for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. Scanning frequency is a function of your computer habits.

4) Refrain from clicking on links or attachments you receive via E-Mail, IM, IRC, Chat Rooms or Social Networking Sites, no matter how tempting or legitimate the message may seem.

5) Don't click on ads/pop ups or offers from websites requesting that you need to install software, media players or codecs to your computer--for any reason.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing.*

8) Install and understand the limitations of a software firewall.

9) Consider using an alternate browser and E-mail client. Internet Explorer and OutLook Express are popular targets for malicious code because they are widely used. See also: Hardening or Securing Internet Explorer.

10) Warez, cracks etc are very popular for carrying malware payloads. Avoid. If you install files via p2p networks then you are much more likely to encounter malicious code. Do you trust the source? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users