Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Downloader


  • Please log in to reply
1 reply to this topic

#1 cschwilling

cschwilling

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 07 July 2009 - 03:35 PM

After some curious events (slow downs, random audio playing, and recently random pop ups) I began working on trying to find and remove the cause of these issues.
I've used Malwarebyte's Anti-Malware, Trojan Hunter, and SpyHunter in order to solve the problem. And while it seems that I've removed some of the problems,
the downloader is not being removed.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Chas at 15:24:49.82 on Tue 07/07/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1803 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Stardock\MyColors\VistaSrv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Stardock\MyColors\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ld12.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Chas\AppData\Local\Temp\taskmgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\DllHost.exe
C:\Users\Chas\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.com
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: c:\windows\system32\grffr83hn.dll: {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - c:\windows\system32\grffr83hn.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Aim6]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [RGSC] d:\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
uRun: [DBISQL9] "c:\program files\sybase\sql anywhere 9\win32\dbisqlg.exe" -preload
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Windows System Recover!] c:\users\chas\appdata\local\temp\taskmgr.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\SoundMAX.exe" /tray
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTunerWrapper.exe" /S
mRun: [THGuard] "c:\program files\trojanhunter 5.0\THGuard.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [pp] c:\windows\pp10.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [SpyHunter3 BatchedRemoval] c:\program files\enigma software group\spyhunter\br.exe
dRun: [<NO NAME>] c:\windows\temp\lsar8ll.exe
dRun: [hsf7husjnfg98gi498aejhiugjkdg4] c:\windows\temp\lsar8ll.exe
dRun: [Windows System Recover!] c:\windows\temp\spoolsv.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
TCP: {C38F8F75-62AF-44D1-8F71-8A2B5A2FD001} = 64.7.11.2,205.171.3.65
STS: c:\windows\system32\grffr83hn.dll: {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - c:\windows\system32\grffr83hn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\chas\appdata\roaming\mozilla\firefox\profiles\0wdfl3er.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\chas\appdata\roaming\mozilla\firefox\profiles\0wdfl3er.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-3 64160]
R1 sfxdrv;sfxdrv;c:\program files\sfx\sfx.sys [2009-7-7 9472]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-7-1 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\system32\nvSCPAPISvr.exe [2009-6-10 232960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-18 24652]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-6-18 802176]
S2 sfx;sfx;c:\windows\system32\svchost.exe -k sfx [2009-6-19 21504]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-6-19 100864]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-6-18 100864]

=============== Created Last 30 ================

2009-07-07 15:24 <DIR> --d----- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2009-07-07 15:05 <DIR> --d----- c:\program files\Trend Micro
2009-07-07 14:24 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-07 14:15 128 a------- c:\windows\system32\batchrem.job
2009-07-07 13:41 <DIR> --d----- c:\program files\Enigma Software Group
2009-07-07 12:28 <DIR> --d----- c:\program files\sfx
2009-07-07 12:28 2 a------- c:\windows\0101120101464849.dat
2009-07-07 12:28 2 a------- c:\windows\010112010146118114.dat
2009-07-07 12:28 15,000 a------- c:\windows\system32\grffr83hn.dll
2009-07-07 12:28 42,496 -------- c:\windows\ld12.exe
2009-07-05 23:11 <DIR> --d----- c:\program files\EA Games
2009-07-04 16:26 31,776 a------- c:\programdata\nvModes.dat
2009-07-04 16:26 31,776 a------- c:\progra~2\nvModes.dat
2009-07-04 16:07 <DIR> --d----- c:\program files\Mount&Blade
2009-07-04 10:40 <DIR> --d----- c:\program files\HT NETWORKS
2009-07-03 20:43 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-03 20:38 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-03 20:35 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-03 20:35 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-03 20:35 <DIR> --d----- c:\programdata\Lavasoft
2009-07-03 20:35 <DIR> --d----- c:\program files\Lavasoft
2009-07-02 08:36 <DIR> --d----- c:\users\chas\appdata\roaming\TrojanHunter
2009-07-02 08:13 <DIR> --d----- c:\program files\TrojanHunter 5.0
2009-07-01 20:41 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-07-01 20:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-01 20:41 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-07-01 20:24 <DIR> --d----- c:\windows\Profiles
2009-06-30 22:00 <DIR> --d----- c:\users\chas\appdata\roaming\Malwarebytes
2009-06-30 22:00 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-30 22:00 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-30 22:00 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-30 22:00 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-30 22:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 16:08 139,152 a------- c:\users\chas\appdata\roaming\PnkBstrK.sys
2009-06-29 16:07 794,408 a------- c:\windows\system32\pbsvc.exe
2009-06-25 10:29 <DIR> --d----- c:\programdata\Apple Computer
2009-06-25 10:29 <DIR> --d----- c:\programdata\Apple
2009-06-24 15:12 <DIR> --d----- C:\Sshock2
2009-06-23 12:11 139,016 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-23 12:11 189,488 a------- c:\windows\system32\PnkBstrB.exe
2009-06-23 12:11 189,488 a------- c:\windows\system32\PnkBstrB.xtr
2009-06-23 12:11 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-23 09:20 <DIR> --d----- c:\windows\system32\Royanagi_Royal,_Kiyoshi_Penalty_Gakuen_Goku_(www.hentairules.net)_(English)
2009-06-22 12:23 <DIR> --d----- c:\program files\Ventrilo
2009-06-22 12:23 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-06-21 13:17 <DIR> --d----- c:\programdata\Media Center Programs
2009-06-21 13:17 <DIR> --d----- c:\progra~2\Media Center Programs
2009-06-21 08:00 4,194,322 a------- C:\memory_map.tga
2009-06-21 08:00 <DIR> --d----- c:\users\chas\appdata\roaming\The Creative Assembly
2009-06-20 23:26 <DIR> --d----- c:\programdata\DAEMON Tools Lite
2009-06-20 23:26 <DIR> --d----- c:\progra~2\DAEMON Tools Lite
2009-06-20 23:26 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-06-20 23:26 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-06-20 23:20 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-20 23:08 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-20 23:08 <DIR> --d----- c:\users\chas\appdata\roaming\DAEMON Tools Lite
2009-06-20 13:34 <DIR> --d----- c:\users\chas\appdata\roaming\Turbine
2009-06-20 13:30 <DIR> --d----- c:\windows\system32\URTTEMP
2009-06-20 09:10 <DIR> --d----- c:\program files\Imaging
2009-06-20 09:10 348,672 a------- c:\windows\IsUninst.exe
2009-06-20 09:04 <DIR> --d----- C:\Lexco
2009-06-20 09:01 161 a------- c:\windows\ODBC.INI
2009-06-20 08:54 82,432 a------- c:\windows\system32\msxml4r.dll
2009-06-20 08:54 44,544 a------- c:\windows\system32\msxml4a.dll
2009-06-20 08:54 <DIR> --d----- c:\program files\Sybase
2009-06-19 23:37 <DIR> --d----- c:\users\chas\appdata\roaming\uTorrent
2009-06-19 22:55 168,448 a------- c:\windows\system32\unrar.dll
2009-06-19 22:55 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-06-19 19:09 1,905 a------- c:\windows\diagwrn.xml
2009-06-19 19:09 1,905 a------- c:\windows\diagerr.xml
2009-06-19 18:54 <DIR> --d----- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-06-19 18:03 <DIR> --d----- c:\windows\system32\vi-VN
2009-06-19 18:03 <DIR> --d----- c:\windows\system32\eu-ES
2009-06-19 18:03 <DIR> --d----- c:\windows\system32\ca-ES
2009-06-19 18:01 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-19 18:01 <DIR> --d----- c:\windows\system32\SPReview
2009-06-19 17:55 928,768 a------- c:\windows\system32\scavenge.dll
2009-06-19 17:55 79,360 a------- c:\windows\system32\compcln.exe
2009-06-19 17:33 <DIR> --d----- C:\PerfLogs
2009-06-19 17:16 214,528 a------- c:\windows\system32\recdisc.exe
2009-06-19 17:16 6,656 a------- c:\windows\system32\sdspres.dll
2009-06-19 17:16 28,160 a------- c:\windows\system32\sxproxy.dll
2009-06-19 17:13 196,608 a------- c:\windows\SPInstall.etl
2009-06-19 17:02 <DIR> --d----- c:\windows\system32\EventProviders
2009-06-19 16:42 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-06-19 16:41 <DIR> --d----- c:\windows\system32\xlive
2009-06-19 16:41 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-06-19 14:54 <DIR> --d----- c:\programdata\Electronic Arts
2009-06-19 14:54 <DIR> --d----- c:\progra~2\Electronic Arts
2009-06-19 14:21 447,752 a----r-- c:\windows\system32\vp6vfw.dll
2009-06-19 14:21 <DIR> --d----- c:\program files\Microsoft WSE
2009-06-19 14:13 1,495,040 -------- c:\windows\system32\adi_oal.dll
2009-06-19 14:13 <DIR> --d----- c:\programdata\SonicFocus
2009-06-19 14:13 <DIR> --d----- c:\progra~2\SonicFocus
2009-06-19 13:40 <DIR> --d----- c:\program files\RivaTuner v2.24
2009-06-19 11:39 <DIR> --d----- c:\programdata\Blizzard
2009-06-19 11:39 <DIR> --d----- c:\progra~2\Blizzard
2009-06-19 11:15 <DIR> --d----- c:\programdata\Stardock
2009-06-19 11:15 <DIR> --d----- c:\progra~2\Stardock
2009-06-19 11:15 5,292,054 a------- c:\windows\Invader1680.bmp
2009-06-19 11:15 <DIR> --d----- c:\program files\common files\Stardock
2009-06-19 11:15 <DIR> --d-h--- c:\programdata\{F0297D39-7A45-442F-AFF5-271488E85934}
2009-06-19 11:15 <DIR> --d-h--- c:\progra~2\{F0297D39-7A45-442F-AFF5-271488E85934}
2009-06-19 11:15 <DIR> --d----- c:\program files\Stardock
2009-06-19 11:06 <DIR> --d-h--- c:\program files\Creative Installation Information
2009-06-19 11:06 <DIR> --d----- c:\program files\common files\Creative
2009-06-19 10:51 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-06-19 10:50 4,984 a------- c:\windows\system32\drivers\nvphy.bin
2009-06-19 10:46 <DIR> --d----- c:\windows\system32\AGEIA
2009-06-19 10:46 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-19 09:29 <DIR> --d----- C:\NVIDIA
2009-06-19 09:13 <DIR> --d----- c:\programdata\LogiShrd
2009-06-19 09:12 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-06-19 09:12 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-06-19 09:11 301,656 a------- c:\windows\system32\BtCoreIf.dll
2009-06-19 09:11 170,512 a------- c:\windows\system32\kemutb.dll
2009-06-19 09:11 145,936 a------- c:\windows\system32\KemUtil.dll
2009-06-19 09:11 117,264 a------- c:\windows\system32\KemWnd.dll
2009-06-19 09:11 84,496 a------- c:\windows\system32\KemXML.dll
2009-06-19 09:11 <DIR> --d----- c:\programdata\Logitech
2009-06-19 08:49 <DIR> --d----- c:\programdata\PC Drivers HeadQuarters
2009-06-19 08:49 <DIR> --d----- c:\progra~2\PC Drivers HeadQuarters
2009-06-19 08:49 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-06-19 08:33 <DIR> --d----- c:\programdata\Creative
2009-06-19 08:33 <DIR> --d----- c:\programdata\NVIDIA
2009-06-19 00:24 61,440 a------- c:\windows\system32\winipsec.dll
2009-06-19 00:24 272,896 a------- c:\windows\system32\polstore.dll
2009-06-19 00:23 1,820 a------- c:\windows\system32\rasctrnm.h
2009-06-19 00:21 69,632 a------- c:\windows\system32\Mpeg2Data.ax
2009-06-19 00:19 12,880 a------- c:\windows\system32\wbem\wlan.mof
2009-06-19 00:17 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-19 00:07 2,048 a------- c:\windows\system32\msxml3r.dll
2009-06-19 00:06 1,108,512 a------- c:\windows\system32\nvcpluir.dll
2009-06-18 23:59 623,616 a------- c:\windows\system32\localspl.dll
2009-06-18 23:53 343,552 a------- c:\windows\system32\drivers\ADIHdAud.sys
2009-06-18 23:53 30,720 a------- c:\windows\system32\SmaxCo.dll
2009-06-18 23:53 <DIR> --d----- c:\program files\Analog Devices
2009-06-18 23:53 7,680 a------- c:\windows\system32\drivers\ASACPI.sys
2009-06-18 23:53 18,828 a------- c:\windows\Ascd_tmp.ini
2009-06-18 23:53 10,288 a------- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-06-18 23:52 <DIR> --d----- c:\windows\system32\directx
2009-06-18 23:51 114,688 -------- c:\windows\Updreg.EXE
2009-06-18 23:49 3,104,768 a------- c:\windows\system32\NlsData004e.dll
2009-06-18 23:48 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-06-18 23:48 <DIR> --d----- c:\program files\common files\Creative Labs Shared
2009-06-18 23:48 <DIR> --d----- c:\program files\Creative
2009-06-18 23:45 6,656 a------- c:\windows\system32\kbd106n.dll
2009-06-18 23:40 13,780 a------- c:\windows\system32\wbem\lsasrv.mof
2009-06-18 23:40 9,728 a------- c:\windows\system32\lsass.exe
2009-06-18 23:37 37,888 a------- c:\windows\system32\printcom.dll
2009-06-18 23:36 14,848 a------- c:\windows\system32\wshrm.dll
2009-06-18 23:25 <DIR> --d----- c:\windows\Panther
2009-06-18 23:25 <DIR> --d----- c:\program files\World of Warcraft
2009-06-18 23:25 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-06-18 23:21 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-06-18 23:21 <DIR> --d----- c:\programdata\AIM Toolbar
2009-06-18 23:21 <DIR> --d----- c:\program files\AIM Toolbar
2009-06-18 23:21 <DIR> --d----- c:\progra~2\AIM Toolbar
2009-06-18 23:21 <DIR> --d----- c:\programdata\Viewpoint
2009-06-18 23:21 <DIR> --d----- c:\program files\Viewpoint
2009-06-18 23:21 <DIR> --d----- c:\progra~2\Viewpoint
2009-06-18 23:21 <DIR> --d----- c:\programdata\AOL OCP
2009-06-18 23:21 <DIR> --d----- c:\programdata\AOL
2009-06-18 23:20 18,939,904 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-06-18 23:20 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-06-18 23:20 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-06-18 23:20 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-06-18 23:20 <DIR> --d----- c:\program files\DivX
2009-06-18 23:20 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-18 23:19 <DIR> --d----- c:\program files\common files\AOL
2009-06-18 23:19 <DIR> --d----- c:\program files\AIM6
2009-06-18 23:18 347 a---h--- C:\IPH.PH
2009-06-18 23:18 41,984 a------- c:\windows\system32\netfxperf.dll
2009-06-18 23:17 <DIR> --d----- c:\program files\common files\Steam
2009-06-18 23:16 <DIR> --dsh--- c:\windows\Installer
2009-06-18 23:07 84,480 a------- c:\windows\system32\INETRES.dll
2009-06-18 23:07 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-18 23:05 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-06-18 23:05 828,416 a------- c:\windows\system32\wininet.dll
2009-06-18 23:05 72,704 a------- c:\windows\system32\admparse.dll
2009-06-18 23:05 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-18 23:05 48,128 a------- c:\windows\system32\mshtmler.dll
2009-06-18 23:04 2,048 a------- c:\windows\system32\msxml6r.dll
2009-06-18 22:35 <DIR> --d----- c:\users\Chas
2009-06-18 22:34 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-06-18 22:34 83,456 a------- c:\windows\system32\wudriver.dll
2009-06-18 22:33 162,064 a------- c:\windows\system32\wuwebv.dll
2009-06-18 22:33 52,736 a------- c:\windows\system32\wuapp.exe
2009-06-10 08:35 1,194,528 a------- c:\windows\system32\nvcplui.exe
2009-06-10 08:35 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-06-10 08:35 1,296,928 a------- c:\windows\system32\nvsvs.dll
2009-06-10 06:33 266,240 a------- c:\windows\system32\nvStInst.exe
2009-06-10 06:33 489,472 a------- c:\windows\system32\nvstlink.exe
2009-06-10 06:33 3,974,656 a------- c:\windows\system32\nvstwiz.exe
2009-06-10 06:33 141,824 a------- c:\windows\system32\nvStereoApiI.dll
2009-06-10 06:33 171,520 a------- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 06:33 232,960 a------- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 06:32 257,536 a------- c:\windows\system32\nvSCPAPI.dll
2009-06-10 06:32 301,568 a------- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 06:32 3,293,184 a------- c:\windows\system32\nvstres.dll
2009-06-10 06:32 5,847 a------- c:\windows\system32\oglstreg.reg
2009-06-10 06:31 188,928 a------- c:\windows\system32\nvstreg.exe
2009-06-10 06:31 1,739,776 a------- c:\windows\system32\nvsttest.exe
2009-06-10 06:31 1,056,256 a------- c:\windows\system32\nvstview.exe
2009-06-10 06:31 89,088 a------- c:\windows\system32\nvimage.dll
2009-06-10 06:29 1,656 a------- c:\windows\system32\nvstdef.reg
2009-06-10 06:03 10,379,264 a------- c:\windows\system32\nvoglv32.dll
2009-06-10 06:03 9,899,296 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 06:03 3,148,288 a------- c:\windows\system32\nvwgf2um.dll
2009-06-10 06:03 1,704,960 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,317,408 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 989,696 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 678,432 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod155.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-10 06:03 10,060 a------- c:\windows\system32\nvdisp.nvu
2009-06-10 06:03 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd

==================== Find3M ====================

2009-06-21 15:31 4,608 a------- c:\windows\system32\w95inf32.dll
2009-06-21 15:31 2,272 a------- c:\windows\system32\w95inf16.dll
2009-06-19 19:09 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-19 19:09 51,200 a------- c:\windows\inf\infpub.dat
2009-06-19 19:09 86,016 a------- c:\windows\inf\infstor.dat
2009-06-19 18:03 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-19 17:39 174 a--sh--- c:\program files\desktop.ini
2009-06-19 17:28 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-06-19 17:28 82,432 a------- c:\windows\system32\axaltocm.dll
2009-06-19 11:17 15,897,088 a------- c:\windows\system32\imageres.dll
2009-06-19 00:09 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-06-18 23:49 1,965,056 a------- c:\windows\system32\NlsData001a.dll
2009-06-10 08:34 3,123,744 a------- c:\windows\system32\nvwss.dll
2009-06-10 08:34 4,045,344 a------- c:\windows\system32\nvvitvs.dll
2009-06-10 08:34 4,028,960 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:34 3,516,960 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:34 1,288,736 a------- c:\windows\system32\nvmobls.dll
2009-06-10 08:34 211,488 a------- c:\windows\system32\nvvsvc.exe
2009-06-10 08:34 195,104 a------- c:\windows\system32\nvmccss.dll
2009-06-10 08:34 13,785,632 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:34 768,544 a------- c:\windows\system32\nvsvc.dll
2009-06-10 08:34 143,360 a------- c:\windows\system32\nvshext.dll
2009-06-10 08:34 92,704 a------- c:\windows\system32\nvmctray.dll
2009-06-10 06:03 7,611,904 a------- c:\windows\system32\nvd3dum.dll
2009-05-01 16:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 16:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 16:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 16:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 16:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod146.dll
2009-04-28 09:55 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-04-22 00:20 14,311,680 a------- c:\windows\system32\xlive.dll
2009-04-22 00:20 13,642,496 a------- c:\windows\system32\xlivefnt.dll
2009-04-10 23:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-10 23:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-10 23:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-10 23:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-10 23:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-10 23:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-10 23:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-10 23:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-10 23:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-10 23:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-10 23:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-10 23:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-10 23:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-10 23:27 547,840 a------- c:\windows\system32\RMActivate_isv.exe
2009-04-10 23:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-10 23:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-10 22:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-10 22:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 21:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-10 21:55 2,048 a------- c:\windows\system32\mferror.dll
2009-04-10 21:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-10 21:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-10 21:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-10 21:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 18:59 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-04-10 18:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:26:42.33 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:22 AM

Posted 08 July 2009 - 06:06 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users