Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have an infected Userinit.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 mrfoxx

mrfoxx

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 06 July 2009 - 04:17 PM

I have an infected Userinit.exe, ive been using trojan remover but sicne i dont have a method of replacing the userinit.exe the virus just comes back after a reset. if anyone could give me some advice id really appreciate it. Here is my hyjack this.

-------------------------------------------


DDS (Ver_09-06-26.01) - NTFSx86
Run by MrFoxx at 17:21:04.31 on 06/07/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.2.1033.18.3070.1728 [GMT -4:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Windows\Explorer.EXE
C:\Program Files\nHancer\nHancerService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\nvSCPAPISvr.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\nHancer\nHancer.exe
C:\Program Files\NCSoft\Launcher\NCLauncher.exe
C:\Users\MrFoxx\AppData\Local\Temp\mdm.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\EVGA Precision\EVGAPrecision.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Program Files\EVGA Precision\Bundle\OSDServer\RTSS.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Combined Community Codec Pack\MPC\mplayerc.exe
C:\Windows\system32\SearchFilterHost.exe
X:\Net Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.torrentleech.org/login.php?returnto=%2Fbrowse.php%3Fsearch%3D%26cat%3D0
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [RatioFaker] c:\program files\ratio faker\RatioFaker.exe /hide
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" -autorun
uRun: [nHancer] "c:\program files\nhancer\nHancer.exe" /tray
uRun: [NCsoft Launcher] c:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
uRun: [Windows System Recover!] c:\users\mrfoxx\appdata\local\temp\mdm.exe
uRun: [HijackThis startup scan] c:\program files\trend micro\hijackthis\HijackThis.exe /startupscan
mRun: [Launch LgDevAgt] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecisionWrapper.exe" /s
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [<NO NAME>] c:\windows\temp\utwrk133.exe
dRun: [hsf7husjnfg98gi498aejhiugjkdg4] c:\windows\temp\utwrk133.exe
dRun: [Windows System Recover!] c:\windows\temp\setup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logitech g-series key profiler.lnk - c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpointii.lnk - c:\program files\logitech\setpoint ii\SetpointII.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{cc15a5fc-b6d3-4a2d-8a26-d8f2702a3c00}\IcoUltraMon.ico
uPolicies-explorer: TaskbarNoNotification = 1 (0x1)
uPolicies-explorer: NoTrayItemsDisplay = 00000000
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: gscdn.com\rfonline-full
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mrfoxx\appdata\roaming\mozilla\firefox\profiles\81mba5gj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.torrentleech.org/browse.php?search=&cat=0|http://www.mmorpg.com/|http://www.battleforge.com/portal/site/BattleForge/landingpage|http://preview.champions-online.com/frontpage|http://www.swtor.com/community/|http://www.aionsource.com/
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.tabs.closeButtons - 0
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-28 130936]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-28 348752]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\system32\nvSCPAPISvr.exe [2009-6-10 252928]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-6-10 604416]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-9-14 10496]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2009-5-2 2048]
R3 RTCore32;RTCore32;c:\program files\evga precision\RTCore32.sys [2005-5-25 4608]
S2 drv;drv;c:\windows\system32\svchost.exe -k drv [2008-1-20 21504]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-5-6 12672]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-6-14 99328]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-6-10 99328]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [2005-12-26 6656]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2009-6-6 18912]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2009-5-14 121744]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-5-13 33792]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-8-29 935208]

=============== Created Last 30 ================

2009-07-06 17:11 <DIR> --d----- c:\program files\Trend Micro
2009-07-06 16:07 <DIR> --d----- c:\program files\drv
2009-07-06 16:07 38,400 a------- c:\windows\pp10.exe.vir
2009-07-06 16:07 2 a------- c:\windows\0101120101464849.dat
2009-07-06 16:07 1 a------- c:\windows\934fdfg34fgjf23
2009-07-06 16:07 2 a------- c:\windows\010112010146118114.dat
2009-07-06 16:07 15,000 a------- c:\windows\system32\grffr83hn.dll.vir
2009-07-06 16:07 17,920 a------- c:\windows\ld12.exe.vir
2009-07-06 16:06 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-07-06 16:06 108,336 a------- c:\windows\system32\mswinsck.ocx
2009-07-06 16:06 184,320 a------- c:\windows\system32\Updater.exe
2009-07-06 16:06 62,813 a------- c:\program files\Uninstall.exe
2009-06-29 18:26 82,899 a------- C:\fraglist.luar
2009-06-27 08:59 <DIR> --d----- c:\program files\Atari
2009-06-25 22:20 <DIR> --d----- c:\windows\system32\Jade Dynasty Installer
2009-06-23 09:14 7,062 a------- c:\windows\system32\audiopid.vxd
2009-06-21 15:39 1,970,176 a------- c:\windows\system32\d3dx9.dll
2009-06-21 15:39 679,936 a------- c:\windows\system32\D3DX81ab.dll
2009-06-21 15:39 <DIR> --d----- c:\program files\Cheat Engine
2009-06-20 14:04 <DIR> --d----- c:\program files\BitPim
2009-06-20 14:00 39,672 a------- c:\windows\system32\drivers\lgusbmodem.sys
2009-06-20 14:00 39,328 a------- c:\windows\system32\drivers\lgusbdiag.sys
2009-06-20 14:00 20,156 a------- c:\windows\system32\drivers\lgusbbus.sys
2009-06-20 14:00 <DIR> --d----- c:\program files\LG Electronics
2009-06-20 10:10 <DIR> --d----- c:\users\mrfoxx\appdata\roaming\nHancer
2009-06-20 10:09 <DIR> --d----- c:\programdata\nHancer
2009-06-20 10:09 <DIR> --d----- c:\program files\nHancer
2009-06-20 10:09 <DIR> --d----- c:\progra~2\nHancer
2009-06-19 20:39 77,824 a------- c:\windows\system32\drivers\MSIVXpemcimolbiiyiiqrtvbkbxxwrunbocsi.sys.vir
2009-06-19 20:27 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-06-19 20:27 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-06-19 20:27 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-06-19 20:27 75,264 a------- c:\windows\system32\unacev2.dll
2009-06-19 20:27 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-06-19 20:27 <DIR> --d----- c:\users\mrfoxx\appdata\roaming\Simply Super Software
2009-06-19 20:27 <DIR> --d----- c:\programdata\Simply Super Software
2009-06-19 20:27 <DIR> --d----- c:\progra~2\Simply Super Software
2009-06-19 17:30 4 a------- c:\windows\system32\MSIVXcount
2009-06-18 10:51 <DIR> --d----- c:\programdata\AA3DeployClient
2009-06-18 10:51 <DIR> --d----- c:\progra~2\AA3DeployClient
2009-06-16 13:10 <DIR> --d----- c:\programdata\NOS
2009-06-15 19:03 40,960 a------- c:\windows\system32\nvgpio.dll
2009-06-15 19:03 36,864 a------- c:\windows\system32\nvapi9x.dll
2009-06-15 17:59 <DIR> --d----- c:\program files\MagicTune Premium
2009-06-15 12:45 <DIR> --d----- c:\programdata\PopCap Games
2009-06-15 12:45 <DIR> --d----- c:\progra~2\PopCap Games
2009-06-15 08:39 3,273,512 a------- c:\windows\system32\pbsvc.exe
2009-06-14 23:51 54,304 a------- c:\windows\system32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000005-00311102}.rfx
2009-06-14 23:51 54,304 a------- c:\windows\system32\BMXState-{00000004-00000000-00000002-00001102-00000005-00311102}.rfx
2009-06-14 23:51 788 a------- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000005-00311102}.rfx
2009-06-10 23:42 604,416 a------- c:\windows\system32\TUProgSt.exe
2009-06-10 23:42 28,928 a------- c:\windows\system32\uxtuneup.dll
2009-06-10 23:42 17,152 a------- c:\windows\system32\authuitu.dll
2009-06-10 23:42 361,216 a------- c:\windows\system32\TuneUpDefragService.exe
2009-06-10 11:47 3,461,120 a------- c:\windows\system\Steam.dll
2009-06-10 08:35 1,194,528 a------- c:\windows\system32\nvcplui.exe
2009-06-10 08:35 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-06-10 08:35 1,296,928 a------- c:\windows\system32\nvsvs.dll
2009-06-10 07:38 1,080 a------- c:\windows\system32\settingsbkup.sfm
2009-06-10 07:38 1,080 a------- c:\windows\system32\settings.sfm
2009-06-10 07:27 53,608 a------- c:\windows\system32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2009-06-10 07:27 53,608 a------- c:\windows\system32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2009-06-10 07:27 788 a------- c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2009-06-10 07:25 102,400 a------- c:\windows\system32\cttele32.dll
2009-06-10 07:24 <DIR> --d----- c:\windows\system32\Data
2009-06-10 07:24 <DIR> --d----- c:\program files\common files\Creative Labs Shared
2009-06-10 07:23 <DIR> --d----- c:\program files\Creative
2009-06-10 06:33 264,704 a------- c:\windows\system32\nvStInst.exe
2009-06-10 06:33 487,936 a------- c:\windows\system32\nvstlink.exe
2009-06-10 06:33 3,973,120 a------- c:\windows\system32\nvstwiz.exe
2009-06-10 06:33 141,824 a------- c:\windows\system32\nvStereoApiI.dll
2009-06-10 06:33 171,520 a------- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 06:33 252,928 a------- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 06:32 257,536 a------- c:\windows\system32\nvSCPAPI.dll
2009-06-10 06:32 301,568 a------- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 06:32 3,293,184 a------- c:\windows\system32\nvstres.dll
2009-06-10 06:32 5,847 a------- c:\windows\system32\oglstreg.reg
2009-06-10 06:31 187,392 a------- c:\windows\system32\nvstreg.exe
2009-06-10 06:31 1,738,240 a------- c:\windows\system32\nvsttest.exe
2009-06-10 06:31 1,054,720 a------- c:\windows\system32\nvstview.exe
2009-06-10 06:31 89,088 a------- c:\windows\system32\nvimage.dll
2009-06-10 06:29 1,656 a------- c:\windows\system32\nvstdef.reg
2009-06-10 06:03 10,379,264 a------- c:\windows\system32\nvoglv32.dll
2009-06-10 06:03 9,899,296 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 06:03 3,148,288 a------- c:\windows\system32\nvwgf2um.dll
2009-06-10 06:03 1,704,960 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,317,408 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 678,432 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod155.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-10 06:03 10,060 a------- c:\windows\system32\nvdisp.nvu
2009-06-10 06:03 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 05:20 <DIR> --d----- c:\windows\system32\eu-ES
2009-06-10 05:20 <DIR> --d----- c:\windows\system32\ca-ES
2009-06-10 05:20 <DIR> --d----- c:\windows\system32\vi-VN
2009-06-10 05:13 <DIR> --d----- c:\windows\system32\SPReview
2009-06-10 05:01 928,768 a------- c:\windows\system32\scavenge.dll
2009-06-10 05:00 77,824 a------- c:\windows\system32\compcln.exe
2009-06-10 04:58 1,102,848 a------- c:\windows\system32\mmsys.cpl
2009-06-10 04:55 <DIR> --d----- C:\8fcf09cd527ad03b7f94d0375616f0f3
2009-06-10 03:30 <DIR> --d----- c:\windows\system32\EventProviders
2009-06-10 02:24 623,616 a------- c:\windows\system32\localspl.dll
2009-06-10 02:24 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-10 02:24 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-08 18:01 42,496 a------- c:\windows\system32\AdvUninstCPL.cpl
2009-06-08 17:50 56,256 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-06-08 17:50 263,396 a------- c:\programdata\nvModes.dat
2009-06-08 17:50 263,396 a------- c:\progra~2\nvModes.dat
2009-06-08 17:50 <DIR> --d----- c:\programdata\NVIDIA
2009-06-08 17:33 <DIR> --d----- C:\NVIDIA(506)
2009-06-08 15:57 <DIR> --d----- c:\programdata\Innovative Solutions
2009-06-08 15:57 <DIR> --d----- c:\progra~2\Innovative Solutions
2009-06-08 15:57 <DIR> --d----- c:\program files\Innovative Solutions
2009-06-08 15:37 <DIR> --d----- c:\program files\Driver Sweeper
2009-06-08 12:36 <DIR> --d----- c:\program files\BitLocker
2009-06-06 22:31 18,912 a------- c:\windows\system32\drivers\lmvac.sys
2009-06-06 22:20 <DIR> --d----- c:\program files\WMA-MP3.com
2009-06-06 22:15 <DIR> --d----- C:\Converted Music
2009-06-06 22:14 <DIR> --d----- c:\program files\SoftwarePile.com
2009-06-06 22:04 55 a------- c:\windows\videotoaudio.ini
2009-06-06 21:59 5 a------- c:\windows\system32\SySmtm.dat
2009-06-06 21:58 <DIR> --d----- c:\program files\Crystal Software

==================== Find3M ====================

2009-07-03 17:08 388,882 a------- c:\windows\system32\perfh011.dat
2009-07-03 17:08 107,512 a------- c:\windows\system32\perfc011.dat
2009-06-30 14:38 189,480 a------- c:\windows\system32\PnkBstrB.exe
2009-06-30 14:35 137,544 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-23 09:20 51,200 a------- c:\windows\inf\infpub.dat
2009-06-23 09:20 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-23 09:20 143,360 a------- c:\windows\inf\infstor.dat
2009-06-19 02:34 139,152 a------- c:\users\mrfoxx\appdata\roaming\PnkBstrK.sys
2009-06-19 02:33 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-10 08:34 3,123,744 a------- c:\windows\system32\nvwss.dll
2009-06-10 08:34 4,045,344 a------- c:\windows\system32\nvvitvs.dll
2009-06-10 08:34 4,028,960 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:34 3,516,960 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:34 1,288,736 a------- c:\windows\system32\nvmobls.dll
2009-06-10 08:34 211,488 a------- c:\windows\system32\nvvsvc.exe
2009-06-10 08:34 195,104 a------- c:\windows\system32\nvmccss.dll
2009-06-10 08:34 13,785,632 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:34 768,544 a------- c:\windows\system32\nvsvc.dll
2009-06-10 08:34 143,360 a------- c:\windows\system32\nvshext.dll
2009-06-10 08:34 92,704 a------- c:\windows\system32\nvmctray.dll
2009-06-10 07:24 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-06-10 07:24 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-06-10 06:03 7,611,904 a------- c:\windows\system32\nvd3dum.dll
2009-06-10 06:03 989,696 a------- c:\windows\system32\nvapi.dll
2009-06-10 05:19 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-06 00:23 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-06 00:23 10,563 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-06 00:23 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-04 16:39 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-06-03 10:44 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-05-26 17:31 58,800 a------- c:\windows\system32\ijjiProcessRestarter.exe
2009-05-15 23:55 0 a------- C:\PhysX_9.09.048_systemSoftware.exe
2009-05-15 23:43 41,162,008 a------- C:\PhysX_9.09.0408_SystemSoftware.exe
2009-05-14 14:33 83,400 a------- c:\windows\system32\pds.dll
2009-05-14 14:33 83,400 a------- c:\windows\system32\nts.dll
2009-05-14 14:33 46,544 a------- c:\windows\system32\msgsys.dll
2009-05-14 14:33 83,344 a------- c:\windows\system32\loc32vc0.dll
2009-05-14 14:33 34,248 a------- c:\windows\system32\cba.dll
2009-05-12 20:48 710,064 a------- c:\windows\system32\ijjiSetup.exe
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod146.dll
2009-04-22 00:20 14,311,680 a------- c:\windows\system32\xlive.dll
2009-04-22 00:20 13,642,496 a------- c:\windows\system32\xlivefnt.dll
2009-04-21 04:09 282,624 a------- c:\windows\system32\yk60x86.dll
2009-04-10 23:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-10 23:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-10 23:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-10 23:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-10 23:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-10 23:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-10 23:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-10 23:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-10 23:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-10 23:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-10 23:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-10 23:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-10 23:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-10 23:27 546,304 a------- c:\windows\system32\RMActivate_isv.exe
2009-04-10 23:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-10 23:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-10 22:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-10 22:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 21:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-10 21:55 2,048 a------- c:\windows\system32\mferror.dll
2009-04-10 21:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-10 21:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-10 21:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-10 21:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 18:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-03-18 11:59 139,030 a------- c:\windows\inf\perflib\0411\perfi.dat
2009-03-18 11:59 139,030 a------- c:\windows\inf\perflib\0411\perfh.dat
2009-03-18 11:59 30,674 a------- c:\windows\inf\perflib\0411\perfd.dat
2009-03-18 11:59 30,674 a------- c:\windows\inf\perflib\0411\perfc.dat
2008-01-20 22:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-09 19:35 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 17:24:34.95 ===============

Attached Files


Edited by mrfoxx, 06 July 2009 - 04:27 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:36 PM

Posted 14 July 2009 - 08:37 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:36 AM

Posted 19 July 2009 - 12:01 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users