Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan generic 11zne and generic arly


  • This topic is locked This topic is locked
7 replies to this topic

#1 harmank70

harmank70

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 06 July 2009 - 11:53 AM

My wife downloaded a file through bearshare and now the computer is lagging bad and avg keeps picking up these 2 trojans. I navigated to and deleted the file that the generic arly was in. I have tried to run malware bytes,trend micro housecall and they lock up before finishing as avg also locks up before finishing. I have run spybot and it removed several things. Also if possible i would like to remove any garbage programs i dont need. Plese let me know what else you will need.

Thanks a lot

1. DDS LOG


DDS (Ver_09-06-26.01) - NTFSx86
Run by Jamion at 12:40:26.86 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3034.1773 [GMT -4:00]

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Users\Jamion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUTTY06X\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; FunWebProducts; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; MDDC; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=29"
mRun: [<NO NAME>]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [CPMonitor] "c:\program files\roxio creator 2009\5.0\CPMonitor.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-6 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-14 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-14 108552]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-4-17 81920]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-14 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-14 298776]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-3-3 1122304]

=============== Created Last 30 ================

2009-07-06 07:01 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-06 06:37 <DIR> --d----- c:\programdata\Lavasoft
2009-07-06 06:37 <DIR> --d----- c:\program files\Lavasoft
2009-07-05 22:11 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-05 22:11 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-05 18:47 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-07-05 18:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-05 18:47 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-07-05 18:38 <DIR> --d----- c:\program files\CCleaner
2009-07-05 17:45 <DIR> --d----- c:\windows\pss
2009-07-05 17:41 <DIR> --d----- c:\users\jamion\.housecall6.6
2009-07-05 17:02 <DIR> --d----- c:\users\jamion\appdata\roaming\Malwarebytes
2009-07-05 17:02 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 17:02 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-05 17:02 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-05 17:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 17:02 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-05 13:06 <DIR> --d----- c:\program files\runit
2009-07-05 13:06 69,697 a------- c:\windows\jsat04405.exe
2009-07-05 13:06 <DIR> --d----- c:\program files\IEToolbar
2009-07-05 13:02 889,078 a------- c:\windows\wwvar62447.exe
2009-07-05 13:01 93,696 a------- c:\windows\xwjtg2457.exe
2009-07-05 00:10 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-07-05 00:10 <DIR> --d----- c:\program files\Roxio Creator 2009
2009-07-05 00:10 <DIR> --d----- c:\programdata\eSellerate
2009-07-05 00:10 <DIR> --d----- c:\progra~2\eSellerate
2009-07-05 00:10 <DIR> --d----- c:\programdata\SmartSound Software Inc
2009-07-05 00:10 <DIR> --d----- c:\program files\SmartSound Software
2009-07-05 00:10 <DIR> --d----- c:\progra~2\SmartSound Software Inc
2009-07-04 17:57 <DIR> --d----- c:\users\jamion\appdata\roaming\GetRightToGo
2009-07-03 23:29 <DIR> --d----- c:\users\jamion\appdata\roaming\MusicNet
2009-07-03 23:29 <DIR> --d----- c:\programdata\F265
2009-07-03 23:29 <DIR> --d----- c:\progra~2\F265
2009-07-03 23:29 <DIR> --d----- c:\program files\BearShare Applications
2009-07-03 23:09 <DIR> --d----- C:\My Downloads
2009-07-03 23:09 483,328 a------- c:\windows\system32\actskn45.ocx
2009-07-03 15:20 <DIR> --d----- c:\programdata\Elaborate Bytes
2009-07-03 15:20 <DIR> --d----- c:\progra~2\Elaborate Bytes
2009-07-03 12:51 <DIR> --d----- c:\program files\BearShare
2009-06-27 16:05 51,768 a------- c:\windows\system32\drivers\DRVNDDM.SYS
2009-06-27 16:05 12,856 a------- c:\windows\system32\drivers\DLACDBHM.SYS
2009-06-27 16:04 <DIR> --d----- C:\temp
2009-06-26 20:17 <DIR> --d----- c:\programdata\Media Center Programs
2009-06-26 20:17 <DIR> --d----- c:\progra~2\Media Center Programs
2009-06-26 20:17 <DIR> --d----- c:\program files\Guild Wars
2009-06-26 13:55 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-06-24 21:58 <DIR> --d----- c:\windows\system32\eu-ES
2009-06-24 21:58 <DIR> --d----- c:\windows\system32\ca-ES
2009-06-24 21:58 <DIR> --d----- c:\windows\system32\vi-VN
2009-06-24 21:40 <DIR> --d----- c:\windows\system32\EventProviders
2009-06-24 21:38 897,000 a------- c:\windows\system32\drivers\tcpip.sys
2009-06-24 21:37 704,512 a------- c:\windows\system32\PhotoScreensaver.scr
2009-06-24 21:36 93,696 a------- c:\windows\system32\drivers\bridge.sys
2009-06-24 18:43 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-06-24 18:43 17,212 a------t c:\windows\system32\SIntf32.dll
2009-06-24 18:43 12,067 a------t c:\windows\system32\SIntf16.dll
2009-06-24 18:24 <DIR> --d----- c:\program files\Diablo II
2009-06-24 17:33 <DIR> --d----- c:\users\jamion\Tracing
2009-06-24 14:00 <DIR> --d----- c:\programdata\Yahoo! Companion
2009-06-24 13:58 <DIR> --d----- c:\programdata\Yahoo!
2009-06-24 13:58 <DIR> --d----- c:\program files\Yahoo!
2009-06-16 19:49 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-06-15 19:18 <DIR> --d----- c:\program files\VideoLAN
2009-06-15 15:38 0 a------- c:\windows\iPlayer.INI
2009-06-15 15:36 <DIR> --d----- c:\program files\InterActual
2009-06-15 15:06 <DIR> --d----- c:\programdata\CyberLink
2009-06-15 13:21 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-15 08:09 <DIR> --d----- c:\programdata\Google
2009-06-15 08:08 <DIR> --d----- c:\windows\system32\Adobe
2009-06-14 23:48 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-14 23:48 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-14 23:47 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-14 23:47 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-14 23:47 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-14 23:47 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-06-14 23:47 <DIR> --d----- c:\program files\AVG
2009-06-14 23:47 <DIR> --d----- c:\programdata\avg8
2009-06-14 23:47 <DIR> --d----- c:\progra~2\avg8
2009-06-14 23:29 72,704 a------- c:\windows\system32\admparse.dll
2009-06-14 23:24 <DIR> --d----- c:\programdata\SlySoft
2009-06-14 23:14 <DIR> --d----- c:\program files\SlySoft
2009-06-14 23:13 <DIR> --d----- c:\program files\Elaborate Bytes
2009-06-14 23:04 41,984 a------- c:\windows\system32\netfxperf.dll
2009-06-14 23:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-14 17:36 99,816 a------- c:\windows\system32\drivers\DRVMCDB.SYS
2009-06-14 17:36 92,920 a------- c:\windows\DLA.EXE
2009-06-14 17:36 56,056 a------- c:\windows\system32\DLAAPI_W.DLL
2009-06-14 17:36 28,184 a------- c:\windows\system32\drivers\DLARTL_M.SYS
2009-06-14 17:36 212 a------- c:\windows\wininit.ini
2009-06-14 17:36 <DIR> --d----- c:\windows\system32\DLA
2009-06-14 17:35 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-06-14 17:27 <DIR> --d----- c:\windows\system32\URTTEMP
2009-06-14 15:45 <DIR> --d----- c:\programdata\Roxio
2009-06-14 14:57 623,616 a------- c:\windows\system32\localspl.dll
2009-06-14 14:55 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-14 14:55 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-14 14:48 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-06-14 14:48 83,456 a------- c:\windows\system32\wudriver.dll
2009-06-14 14:48 162,064 a------- c:\windows\system32\wuwebv.dll
2009-06-14 14:48 31,232 a------- c:\windows\system32\wuapp.exe
2009-06-14 14:16 <DIR> --d----- c:\users\jamion\appdata\roaming\Dell
2009-06-14 14:15 <DIR> --d----- c:\users\Jamion
2009-06-14 14:12 <DIR> --dsh--- c:\programdata\Documents
2009-06-14 14:12 <DIR> --dsh--- C:\Documents and Settings
2009-06-11 16:33 104,512 a------- c:\windows\system32\drivers\AnyDVD.sys

==================== Find3M ====================

2009-06-24 22:09 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-24 22:09 143,360 a------- c:\windows\inf\infstor.dat
2009-06-24 22:09 51,200 a------- c:\windows\inf\infpub.dat
2009-06-24 21:58 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-25 08:01 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-17 10:12 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-04-17 09:54 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-17 09:52 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-17 07:45 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-11 02:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 02:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 02:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 02:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-11 02:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-11 02:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-11 02:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-11 02:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-11 02:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-11 02:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-11 02:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-11 02:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-11 02:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-11 02:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 02:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 02:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 01:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 01:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 00:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-11 00:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-11 00:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-11 00:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-11 00:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-11 00:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 21:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:41:32.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:14 AM

Posted 13 July 2009 - 03:32 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 harmank70

harmank70
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 17 July 2009 - 07:28 PM

Here is the updated logs that were requested. I believe i have fixed the problem. I ran combofix and malwarebytes. It found a few trojans, and i also removed system security 2009. Please review logs and let me know if i need to do anything further.


Thank You

DDS (Ver_09-06-26.01) - NTFSx86
Run by Jamion at 20:19:20.64 on Fri 07/17/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3034.1734 [GMT -4:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jamion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDXC1U3N\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
mRun: [CPMonitor] "c:\program files\roxio creator 2009\5.0\CPMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll,avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-7 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-8 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-8 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-4-17 81920]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-8 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-8 298776]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

=============== Created Last 30 ================

2009-07-15 19:02 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 19:02 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 19:02 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 19:02 23,552 a------- c:\windows\system32\lpk.dll
2009-07-15 19:02 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-10 03:24 <DIR> --d----- c:\programdata\Apple Computer
2009-07-10 03:23 <DIR> --d----- c:\programdata\Apple
2009-07-09 07:38 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-07-09 07:36 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-07-09 07:34 <DIR> --d----- c:\programdata\Google
2009-07-08 19:56 <DIR> --d----- c:\program files\common files\MSSoap
2009-07-08 19:56 <DIR> --d----- C:\Binaries
2009-07-08 19:56 <DIR> --d----- c:\program files\BIAS
2009-07-08 17:27 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-08 15:31 15,688 -------- c:\windows\system32\lsdelete.exe
2009-07-08 12:52 11,952 -------- c:\windows\system32\avgrsstx.dll
2009-07-08 12:52 108,552 -------- c:\windows\system32\drivers\avgtdix.sys
2009-07-08 12:52 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-08 12:52 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-08 12:52 <DIR> --d----- c:\programdata\avg8
2009-07-08 12:52 <DIR> --d----- c:\progra~2\avg8
2009-07-07 18:52 <DIR> --d----- C:\SDFix
2009-07-07 18:37 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-07 18:11 161,792 a------- c:\windows\SWREG.exe
2009-07-07 18:11 98,816 a------- c:\windows\sed.exe
2009-07-07 17:49 691 a------- c:\users\jamion\appdata\roaming\GetValue.vbs
2009-07-07 17:49 35 a------- c:\users\jamion\appdata\roaming\SetValue.bat
2009-07-07 14:05 64,160 -------- c:\windows\system32\drivers\Lbd.sys
2009-07-06 20:39 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-07-06 20:39 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-07-06 20:29 <DIR> --d----- c:\users\jamion\appdata\roaming\SUPERAntiSpyware.com
2009-07-06 20:29 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-06 20:20 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-06 06:37 <DIR> --d----- c:\programdata\Lavasoft
2009-07-06 06:37 <DIR> --d----- c:\program files\Lavasoft
2009-07-05 22:11 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-05 22:11 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-05 18:47 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-07-05 18:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-05 18:47 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-07-05 18:38 <DIR> --d----- c:\program files\CCleaner
2009-07-05 17:45 <DIR> --d----- c:\windows\pss
2009-07-05 17:41 <DIR> --d----- c:\users\jamion\.housecall6.6
2009-07-05 17:02 <DIR> --d----- c:\users\jamion\appdata\roaming\Malwarebytes
2009-07-05 17:02 38,160 -------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 17:02 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-05 17:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 17:02 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-05 17:02 19,096 -------- c:\windows\system32\drivers\mbam.sys
2009-07-05 00:10 <DIR> --d----- c:\program files\Roxio Creator 2009
2009-07-05 00:10 <DIR> --d----- c:\programdata\eSellerate
2009-07-05 00:10 <DIR> --d----- c:\progra~2\eSellerate
2009-07-05 00:10 <DIR> --d----- c:\programdata\SmartSound Software Inc
2009-07-05 00:10 <DIR> --d----- c:\program files\SmartSound Software
2009-07-05 00:10 <DIR> --d----- c:\progra~2\SmartSound Software Inc
2009-07-04 17:57 <DIR> --d----- c:\users\jamion\appdata\roaming\GetRightToGo
2009-07-03 23:29 <DIR> --d----- c:\users\jamion\appdata\roaming\MusicNet
2009-07-03 23:29 <DIR> --d----- c:\programdata\F265
2009-07-03 23:29 <DIR> --d----- c:\progra~2\F265
2009-07-03 23:29 <DIR> --d----- c:\program files\BearShare Applications
2009-07-03 23:09 <DIR> --d----- C:\My Downloads
2009-07-03 23:09 483,328 -------- c:\windows\system32\actskn45.ocx
2009-07-03 15:20 <DIR> --d----- c:\programdata\Elaborate Bytes
2009-07-03 15:20 <DIR> --d----- c:\progra~2\Elaborate Bytes
2009-07-03 12:51 <DIR> --d----- c:\program files\BearShare
2009-06-27 16:04 <DIR> --d----- C:\temp
2009-06-26 20:17 <DIR> --d----- c:\programdata\Media Center Programs
2009-06-26 20:17 <DIR> --d----- c:\progra~2\Media Center Programs
2009-06-26 20:17 <DIR> --d----- c:\program files\Guild Wars
2009-06-24 21:58 <DIR> --d----- c:\windows\system32\eu-ES
2009-06-24 21:58 <DIR> --d----- c:\windows\system32\ca-ES
2009-06-24 21:58 <DIR> --d----- c:\windows\system32\vi-VN
2009-06-24 21:40 <DIR> --d----- c:\windows\system32\EventProviders
2009-06-24 21:38 897,000 a------- c:\windows\system32\drivers\tcpip.sys
2009-06-24 21:37 704,512 a------- c:\windows\system32\PhotoScreensaver.scr
2009-06-24 21:36 93,696 a------- c:\windows\system32\drivers\bridge.sys
2009-06-24 18:43 21,840 -------- c:\windows\system32\SIntfNT.dll
2009-06-24 18:43 17,212 -------- c:\windows\system32\SIntf32.dll
2009-06-24 18:43 12,067 -------- c:\windows\system32\SIntf16.dll
2009-06-24 18:24 <DIR> --d----- c:\program files\Diablo II
2009-06-24 17:33 <DIR> --d----- c:\users\jamion\Tracing
2009-06-24 14:00 <DIR> --d----- c:\programdata\Yahoo! Companion
2009-06-24 13:58 <DIR> --d----- c:\programdata\Yahoo!
2009-06-24 13:58 <DIR> --d----- c:\program files\Yahoo!

==================== Find3M ====================

2009-06-24 22:09 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-24 22:09 143,360 a------- c:\windows\inf\infstor.dat
2009-06-24 22:09 51,200 a------- c:\windows\inf\infpub.dat
2009-06-24 21:58 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-11 16:33 104,512 -------- c:\windows\system32\drivers\AnyDVD.sys
2009-05-25 08:01 89,256 -------- c:\windows\system32\ElbyCDIO.dll
2009-05-21 11:33 410,984 -------- c:\windows\system32\deploytk.dll
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-23 08:15 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:14 623,616 a------- c:\windows\system32\localspl.dll
2009-04-21 07:39 2,034,688 a------- c:\windows\system32\win32k.sys
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:19:58.13 ===============

Attached Files



#4 harmank70

harmank70
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 27 July 2009 - 05:35 PM

anyone?

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 PM

Posted 29 July 2009 - 05:58 PM

Hi harmank70,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

I will be back soon with the first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 PM

Posted 29 July 2009 - 06:19 PM

Firstly, harmank70. You must install an antivirus.

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

I have had a look at your log and it does look clean.

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Could you post the Combofix log for the run that you did manage.

Please go to Start >Run > and copy/paste the following, then press Enter

C:\QooBox\ComboFix-quarantined-files.txt

A log file should open. Please post that in your next reply.

I am going to take a look at that before I can be happy to say that you are clean. Let me know if you can't find the log.

Edited by m0le, 29 July 2009 - 06:21 PM.

Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 PM

Posted 01 August 2009 - 04:14 PM

Hi harmank70,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 PM

Posted 02 August 2009 - 08:03 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users