Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden iexplorer.exe, 10 instances, "chinaontv.com"


  • This topic is locked This topic is locked
2 replies to this topic

#1 ryanlicious

ryanlicious

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 27 June 2009 - 10:40 AM

Hello, my infection constantly tries to open iexplorer and go to chinaontv.com, findology.com, abcjmp.com.

Thanks in advance for your help.


below is my dds scan log file:



DDS (Ver_09-06-26.01) - NTFSx86
Run by RyRy at 8:20:34.70 on Sat 06/27/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2823 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
svchost.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\uTorrent\uTorrent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\RyRy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246111076250
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ryry\applic~1\mozilla\firefox\profiles\hlkvxjd8.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\ryry\application data\mozilla\firefox\profiles\hlkvxjd8.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFExternalAlert.dll

============= SERVICES / DRIVERS ===============

R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2009-6-3 133152]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-6-26 28544]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-6-5 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-5 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-5 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-5 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-5 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-5 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-5 40488]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-6-5 39456]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-5 33832]

=============== Created Last 30 ================

2009-06-27 08:04 <DIR> -cd-h--- c:\windows\ie8
2009-06-27 07:10 <DIR> --dsh--- c:\documents and settings\ryry\IECompatCache
2009-06-26 11:25 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-06-26 11:25 <DIR> --d----- c:\program files\Panda Security
2009-06-26 11:12 <DIR> --d----- C:\HiJackThis
2009-06-26 11:11 318,369 a------- C:\HiJackThis.zip
2009-06-24 16:06 <DIR> --d----- C:\work_jams_mirror
2009-06-23 21:47 4,681,422,848 a------- C:\HISTORY_OF_ROCK_N_ROLL_DISC_1.ISO
2009-06-23 21:26 <DIR> --d----- C:\HISTORY_OF_ROCK_N_ROLL_DISC_1
2009-06-23 20:26 <DIR> --d----- c:\program files\CDex_150
2009-06-23 20:07 <DIR> --d----- c:\program files\coolpro2
2009-06-23 20:07 996,067 a------- C:\CEP2REG.EXE
2009-06-23 20:07 <DIR> --d----- C:\Cep2.1
2009-06-23 20:07 <DIR> --d----- C:\Cep 2.0
2009-06-23 17:29 <DIR> --d----- C:\My Music
2009-06-23 17:28 2,513 a------- c:\windows\cdplayer.ini
2009-06-23 17:28 <DIR> --d----- c:\docume~1\ryry\applic~1\FairStars CD Ripper
2009-06-23 17:28 <DIR> --d----- c:\program files\FairStars CD Ripper
2009-06-23 17:19 516,173 a------- c:\windows\system32\MSVCP60D.DLL
2009-06-23 17:19 385,100 a------- c:\windows\system32\MSVCRTD.DLL
2009-06-23 17:14 1,843,200 a------- c:\windows\system32\NCTAudioFile2.dll
2009-06-23 17:14 1,040,384 a------- c:\windows\system32\NCTAudioInformation2.dll
2009-06-23 17:14 450,560 a------- c:\windows\system32\NCTAudioTransform2.dll
2009-06-23 17:14 335,872 a------- c:\windows\system32\NCTAudioVisualization2.dll
2009-06-23 17:14 315,392 a------- c:\windows\system32\NCTAudioPlayer2.dll
2009-06-23 17:14 311,296 a------- c:\windows\system32\NCTAudioRecord2.dll
2009-06-23 17:14 196,608 a------- c:\windows\system32\NCTWMAFile2.dll
2009-06-23 17:14 4,057,200 a------- c:\windows\system32\wmfdist.exe
2009-06-23 17:14 835,584 a------- c:\windows\system32\NCTAudioCDGrabber2.dll
2009-06-23 17:14 270,336 a------- c:\windows\system32\NCTAudioDisplay2.dll
2009-06-23 17:14 237,568 a------- c:\windows\system32\lame_enc.dll
2009-06-23 17:14 <DIR> --d----- c:\program files\FreeCDRipper
2009-06-23 17:09 <DIR> --d----- C:\FoxDnld
2009-06-23 17:09 <DIR> --d----- c:\program files\MP3Gain
2009-06-22 17:41 <DIR> --d----- c:\windows\system32\appmgmt
2009-06-22 17:34 <DIR> --dsh--- c:\docume~1\ryry\applic~1\.#
2009-06-22 17:34 266,828 a------- c:\windows\system32\drivers\LVAFT.cfg
2009-06-22 17:33 199,192 a------- c:\windows\system32\lvci1201278.dll
2009-06-22 17:16 <DIR> a-dshr-- C:\SystemInfomationsIpemVolume.{21EC2020-3AEA-1069-A2DD-08002B30309D}
2009-06-22 17:13 415,504 a------- c:\windows\system32\MSREPL35.DLL
2009-06-22 17:13 252,176 a------- c:\windows\system32\MSRD2X35.DLL
2009-06-22 17:13 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2009-06-22 17:13 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-06-22 17:13 24,848 a------- c:\windows\system32\MSJTER35.DLL
2009-06-22 17:13 1,046,288 a------- c:\windows\system32\MSJET35.DLL
2009-06-22 17:13 440,352 a------- c:\windows\system32\MSHFLXGD.OCX
2009-06-22 17:13 152,848 a------- c:\windows\system32\COMDLG32.OCX
2009-06-22 17:13 123,664 a------- c:\windows\system32\MSJINT35.DLL
2009-06-21 08:16 <DIR> --d----- C:\Warui
2009-06-21 08:16 <DIR> --d----- C:\SuperShare
2009-06-19 15:25 385,024 a------- c:\windows\system32\xa27751593.exe
2009-06-19 15:25 385,024 a------- c:\windows\system32\xa27751296.exe
2009-06-19 15:25 204,800 a------- c:\windows\system32\xwr59281.dll
2009-06-19 15:25 204,800 a------- c:\windows\system32\wr59281.dll
2009-06-17 17:36 <DIR> --d----- c:\docume~1\ryry\applic~1\DVD Flick
2009-06-17 17:36 40,960 a------- c:\windows\system32\ssubtmr6.dll
2009-06-17 17:36 36,864 a------- c:\windows\system32\trayicon_handler.ocx
2009-06-17 17:36 662,288 a------- c:\windows\system32\mscomct2.ocx
2009-06-17 17:36 212,240 a------- c:\windows\system32\richtx32.ocx
2009-06-17 17:36 164,144 a------- c:\windows\system32\comct232.ocx
2009-06-17 17:36 28,672 a------- c:\windows\system32\mousewheel.ocx
2009-06-17 17:36 <DIR> --d----- c:\program files\DVD Flick
2009-06-17 16:53 <DIR> --d----- c:\program files\DivX
2009-06-17 16:53 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-11 11:11 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-11 11:11 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 11:11 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-11 11:11 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-10 22:32 195,096 a------- c:\windows\system32\lvci11901262.dll
2009-06-08 22:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-06-08 22:28 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-06-08 22:28 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-06-08 22:24 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-08 22:24 <DIR> --d----- c:\docume~1\ryry\applic~1\DAEMON Tools Lite
2009-06-08 21:36 <DIR> --d----- c:\program files\avi_gain_v07
2009-06-08 17:47 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-08 17:46 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-06-08 17:46 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-06-08 17:46 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-06-08 17:46 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-08 17:13 419 a------- c:\windows\MAXLINK.INI
2009-06-08 17:12 <DIR> --d----- c:\program files\common files\ScanSoft Shared
2009-06-08 17:12 <DIR> --d----- c:\program files\ScanSoft
2009-06-08 17:11 212,480 a------- c:\windows\PCDLIB32.DLL
2009-06-08 17:11 <DIR> --d----- c:\program files\common files\CANON
2009-06-08 17:10 306,688 a------- c:\windows\IsUninst.exe
2009-06-08 17:09 198,656 a------- c:\windows\system32\CNMLM81.DLL
2009-06-08 17:09 106,496 a------- c:\windows\system32\cnco460.dll
2009-06-08 17:09 1,134,592 a------- c:\windows\system32\CNCC460.DLL
2009-06-08 17:09 135,168 a------- c:\windows\system32\CNCL460.DLL
2009-06-08 17:09 57,344 a------- c:\windows\system32\CNCI460.DLL
2009-06-08 17:08 <DIR> --d----- c:\program files\Canon
2009-06-07 21:35 <DIR> --d----- c:\program files\AviSynth 2.5
2009-06-07 21:35 <DIR> --d----- c:\program files\eRightSoft
2009-06-07 21:15 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-06-07 20:54 215,465 a------- c:\windows\system32\nvapps.nvb
2009-06-07 20:54 <DIR> --d----- c:\windows\NV38003264.TMP
2009-06-07 20:51 <DIR> --d----- c:\windows\system32\XPSViewer
2009-06-07 20:51 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-06-07 20:51 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-07 20:51 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-07 20:51 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-07 20:51 <DIR> --d----- C:\fde932a8dcbe10dac8e4cbd64810
2009-06-07 20:51 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-06-07 20:51 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-06-07 20:51 117,760 -------- c:\windows\system32\prntvpt.dll
2009-06-07 20:49 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-06-07 20:48 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-06-07 20:48 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-06-07 20:47 <DIR> --d----- C:\185ae0bf634b3aba79
2009-06-07 20:47 <DIR> --d----- c:\windows\system32\LogFiles
2009-06-07 20:46 <DIR> --d----- C:\843388ac717365c8347fe12e5d
2009-06-07 20:46 <DIR> --d----- c:\windows\system32\URTTemp
2009-06-07 20:19 <DIR> --d----- c:\program files\VideoLAN
2009-06-07 20:18 <DIR> --dsh--- c:\documents and settings\ryry\PrivacIE
2009-06-07 20:07 32,592 a------- c:\windows\system32\msonpmon.dll
2009-06-07 20:04 <DIR> --d----- c:\windows\SHELLNEW
2009-06-07 19:44 <DIR> --d----- c:\documents and settings\ryry\.dvdcss
2009-06-07 18:34 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-06-07 18:34 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-06-07 18:34 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-06-07 18:34 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-06-07 18:34 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-06-07 18:34 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-06-07 18:34 8,192 a------- c:\windows\system32\kbdkor.dll
2009-06-07 18:34 6,144 a------- c:\windows\system32\kbd101c.dll
2009-06-07 18:34 6,144 a------- c:\windows\system32\kbd101b.dll
2009-06-07 18:34 5,632 a------- c:\windows\system32\kbd103.dll
2009-06-07 18:34 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-06-07 18:34 6,144 a------- c:\windows\system32\kbd106.dll
2009-06-07 18:22 <DIR> --d----- c:\program files\steeper12
2009-06-07 15:09 <DIR> --d----- c:\docume~1\ryry\applic~1\RipIt4Me
2009-06-07 15:07 <DIR> --d----- c:\program files\DivFix++_v0.31
2009-06-07 15:04 <DIR> --d----- c:\program files\VDM
2009-06-07 15:00 <DIR> --d----- C:\utorrent
2009-06-07 14:59 229 a------- c:\windows\NeroDigital.ini
2009-06-07 14:52 <DIR> --d----- c:\documents and settings\ryry\.smplayer
2009-06-07 14:51 <DIR> --d----- c:\program files\Ripit4me
2009-06-07 14:51 <DIR> --d----- c:\program files\DVD Shrink
2009-06-07 14:51 <DIR> --d----- c:\program files\DVD Decrypter
2009-06-07 14:39 <DIR> --dsh--- c:\documents and settings\ryry\IETldCache
2009-06-07 14:37 <DIR> --d----- c:\windows\ie8updates
2009-06-07 14:37 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-06 12:57 56,832 -c------ c:\windows\system32\dllcache\secur32.dll
2009-06-06 12:57 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll
2009-06-06 12:57 286,720 -c------ c:\windows\system32\dllcache\gdi32.dll
2009-06-06 03:01 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-06-06 03:01 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-06 03:01 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-06 03:01 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-05 23:04 1,288,192 -c------ c:\windows\system32\dllcache\quartz.dll
2009-06-05 23:03 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-05 23:03 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-06-05 23:03 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-05 21:37 <DIR> --d----- c:\program files\Nero
2009-06-05 21:33 <DIR> --d----- c:\program files\SMPlayer
2009-06-05 21:32 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-06-05 21:32 <DIR> --d----- c:\program files\MagicDisc
2009-06-05 21:31 <DIR> --d----- c:\program files\uTorrent
2009-06-05 21:30 <DIR> --d----- c:\docume~1\ryry\applic~1\uTorrent
2009-06-05 21:19 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-06-05 21:18 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-06-05 21:18 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-06-05 21:18 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-06-05 21:18 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-06-05 21:18 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-06-05 21:18 <DIR> --d----- c:\program files\McAfee.com
2009-06-05 21:18 <DIR> --d----- c:\program files\common files\McAfee
2009-06-05 21:18 <DIR> --d----- c:\program files\McAfee
2009-06-05 18:16 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-06-05 17:52 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-05 17:45 354,304 -c------ c:\windows\system32\dllcache\winhttp.dll
2009-06-05 17:39 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-06-05 17:38 122,880 a----r-- c:\windows\system32\nvcohda.dll
2009-06-05 17:38 39,456 a----r-- c:\windows\system32\drivers\nvhda32.sys
2009-06-05 17:38 453,152 a------- c:\windows\system32\nvuhda.exe
2009-06-05 17:38 351 a------- c:\windows\system32\nvhda.nvu
2009-06-05 17:38 <DIR> --d----- c:\windows\system32\AGEIA
2009-06-05 17:38 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-05 17:38 208,040 a------- c:\windows\system32\nvapps.xml
2009-06-05 17:38 <DIR> --d----- c:\windows\nview
2009-06-05 17:38 453,152 a------- c:\windows\system32\nvudisp.exe
2009-06-05 17:38 19,054 a------- c:\windows\system32\nvdisp.nvu
2009-06-05 17:38 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-05 17:35 553 -----r-- c:\windows\USetup.iss
2009-06-05 17:35 <DIR> --d----- c:\program files\Realtek
2009-06-05 17:33 <DIR> --d----- c:\windows\ASUSInstAll
2009-06-05 17:32 33,792 a------- c:\windows\system32\drivers\AmdPPM.sys
2009-06-05 17:32 <DIR> --d----- c:\program files\AMD
2009-06-05 17:32 30,343 a------- c:\windows\Ascd_log.ini
2009-06-05 17:30 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-06-05 17:30 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-06-05 17:30 316,640 a------- c:\windows\WMSysPr9.prx
2009-06-05 17:30 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-06-05 17:19 <DIR> --ds---- c:\windows\system32\Microsoft
2009-06-05 17:17 7,168 ac------ c:\windows\system32\dllcache\f3ahvoas.dll
2009-06-05 17:16 <DIR> --d----- c:\windows\EHome
2009-06-05 17:13 <DIR> --dsh--- c:\windows\Installer
2009-06-05 17:13 <DIR> --d----- c:\documents and settings\RyRy
2009-06-05 17:12 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-05 17:10 31,744 ac------ c:\windows\system32\dllcache\fxsroute.dll
2009-06-05 17:09 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-06-05 17:09 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-06-05 17:08 <DIR> --d----- c:\program files\common files\MSSoap
2009-06-05 17:08 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-06-05 17:08 <DIR> --d----- c:\program files\Online Services
2009-06-05 17:08 <DIR> --d----- c:\program files\Messenger
2009-06-05 17:08 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-06-05 17:07 <DIR> --d----- c:\program files\Windows NT
2009-06-05 11:04 <DIR> --d----- c:\program files\common files\ODBC
2009-06-05 11:04 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-06-05 11:03 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-06-05 17:18 106,916 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-06-05 17:18 80,007 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-05 17:08 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-12 23:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 23:15 9,216 a------- c:\windows\system32\ctfmon_su.exe
2009-05-08 10:13 13,584 a------- c:\windows\system32\drivers\iKeyLFT2.dll
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 15:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 15:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 15:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 15:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 15:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 15:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 15:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-30 17:03 23,832 a------- c:\windows\system32\drivers\lvuvcflt.sys
2009-04-30 17:03 6,754,712 a------- c:\windows\system32\drivers\lvuvc.sys
2009-04-30 17:02 539,160 a------- c:\windows\system32\LVUI2RC.dll
2009-04-30 17:02 539,160 a------- c:\windows\system32\LVUI2.dll
2009-04-30 17:01 265,496 a------- c:\windows\system32\drivers\lvrs.sys
2009-04-30 16:57 416,280 a------- c:\windows\system32\lvcodec2.dll
2009-04-30 16:39 34,068 a------- c:\windows\system32\Repository.reg
2009-04-30 16:00 25,624 a------- c:\windows\system32\drivers\LVPr2Mon.sys
2009-04-30 15:40 227,172 a------- c:\windows\system32\drivers\LVFeL100.cfg
2009-04-30 15:40 146,680 a------- c:\windows\system32\drivers\LVFeL101.cfg
2009-04-30 15:40 85,302 a------- c:\windows\system32\drivers\LVFeL102.cfg
2009-04-30 15:40 69,592 a------- c:\windows\system32\drivers\LVFaL100.cfg
2009-04-17 06:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 08:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2006-05-03 04:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 05:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 07:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 8:21:26.51 ===============

BC AdBot (Login to Remove)

 


#2 ryanlicious

ryanlicious
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 28 June 2009 - 02:13 PM

SOLVED.

virus was caught at startup and cleand using Avast. Virus installed itself to the system32 directory as ctfmon_su.exe

Avast is the only thing that saw it. Panda, Mcafee, Spybot all failed to catch it.

Edited by ryanlicious, 28 June 2009 - 02:13 PM.


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:18 PM

Posted 01 July 2009 - 06:43 PM

Hello

Thank you for posting back. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users