Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

omegaplayer.exe sheurz.asbn lsass.exe


  • This topic is locked This topic is locked
4 replies to this topic

#1 hannaconda

hannaconda

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 22 July 2009 - 11:16 AM

I have AVG and Window Defender both found viruses both said they were removed but they came back.

the attach.txt is attached and this is from my DDS.txt ...


DDS (Ver_09-06-26.01) - NTFSx86
Run by the Calvin hp at 11:58:26.14 on Wed 07/22/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1895 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\the Calvin hp.theCalvinhp-PC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Taskman=c:\recycler\s-1-5-21-5057224388-1967309641-804648605-0625\rundll32.exe
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-5057224388-1967309641-804648605-0625\rundll32.exe
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [CCUTRAYICON] FactoryMode
mRun: [<NO NAME>]
mRun: [SnapfishMediaDetector] c:\program files\snapfish media detector\SnapfishMediaDetector.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "c:\program files\mediafour\macdrive 7\MacDrive.exe"
mRun: [MDGetStarted.exe] "c:\program files\mediafour\macdrive 7\MDGetStarted.exe" /auto
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\thecal~2.the\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish media detector\SnapfishMediaDetector.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\spyder~1.lnk - c:\program files\datacolor\spyder3pro\utility\Spyder3Utility.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: NameServer = 85.255.112.96,85.255.112.11
TCP: {39B31FB6-5D05-4F55-A5D0-EF764F0E827A} = 85.255.112.96,85.255.112.11
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\thecal~2.the\appdata\roaming\mozilla\firefox\profiles\1bgg5hcf.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\users\the calvin hp.thecalvinhp-pc\appdata\roaming\mozilla\firefox\profiles\1bgg5hcf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-9-5 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-8 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-8 108552]
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2009-6-16 9600]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-8 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-8 298776]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 MacDriveService;MacDriveService;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2007-5-1 143360]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2008-7-21 193888]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2008-1-28 384896]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 b57nd60x;%SvcDispName%;c:\windows\system32\drivers\b57nd60x.sys [2009-5-10 179712]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-5-24 255488]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2007-11-6 12288]

=============== Created Last 30 ================

2009-07-22 01:31 <DIR> --d----- c:\program files\Trend Micro
2009-07-21 23:06 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-21 18:35 268,652,959 a------- c:\windows\MEMORY.DMP
2009-07-21 17:54 2,000 a---h--- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2009-07-21 17:54 2,000 a---h--- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2009-07-15 15:20 <DIR> --d----- c:\users\thecal~2.the\appdata\roaming\Shareaza
2009-07-15 15:20 <DIR> --d----- c:\program files\Shareaza
2009-07-15 14:01 <DIR> --d----- c:\users\the calvin hp.thecalvinhp-pc\.SunDownloadManager
2009-07-15 12:52 <DIR> --d----- c:\users\thecal~2.the\appdata\roaming\CopyTrans
2009-07-15 12:51 <DIR> --d----- c:\program files\WindSolutions
2009-07-15 12:51 <DIR> --d----- c:\users\thecal~2.the\appdata\roaming\WindSolutions
2009-07-15 12:51 <DIR> --d----- c:\programdata\WindSolutions
2009-07-15 12:51 <DIR> --d----- c:\progra~2\WindSolutions
2009-07-14 17:24 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 17:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 17:24 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 17:24 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-26 14:07 <DIR> --d----- c:\users\thecal~2.the\appdata\roaming\LimeWire
2009-06-26 14:06 <DIR> --d----- c:\program files\LimeWire

==================== Find3M ====================

2009-07-22 11:43 151,436 a------- c:\programdata\nvModes.dat
2009-07-22 11:43 151,436 a------- c:\progra~2\nvModes.dat
2009-07-18 10:25 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-15 12:53 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-15 12:53 86,016 a------- c:\windows\inf\infstor.dat
2009-07-15 12:53 51,200 a------- c:\windows\inf\infpub.dat
2009-06-22 15:12 319,456 a------- c:\windows\DIFxAPI.dll
2009-06-22 10:21 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-17 20:25 20,992 a------- c:\windows\jestertb.dll
2009-06-08 13:01 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-02 18:29 1,157,664 a------- c:\windows\system32\RtkPgExt.dll
2009-06-02 18:29 48,672 a------- c:\windows\system32\RtkCoInst.dll
2009-06-02 18:29 326,176 a------- c:\windows\system32\RtkApoApi.dll
2009-06-02 18:29 2,897,440 a------- c:\windows\system32\RtkAPO.dll
2009-06-02 18:04 2,364,960 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-06-01 14:20 26 a------- c:\users\thecal~2.the\appdata\roaming\Opusbext.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-10 22:05 174 a--sh--- c:\program files\desktop.ini
2009-05-10 21:54 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-10 21:26 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-05-10 21:26 82,432 a------- c:\windows\system32\axaltocm.dll
2009-05-10 16:19 269,312 a------- c:\windows\system32\es.dll
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-09 01:14 1,418,120 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-07 17:15 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-05-07 17:15 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-05-07 17:15 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-07 17:13 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-05-07 17:13 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-05-07 17:13 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-05-07 17:12 1,645,568 a------- c:\windows\system32\connect.dll
2009-05-07 14:51 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-07 14:51 272,896 a------- c:\windows\system32\polstore.dll
2009-05-07 14:51 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-07 14:51 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-05-07 14:47 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-07 14:46 296,960 a------- c:\windows\system32\gdi32.dll
2009-05-07 14:44 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-05-07 14:44 38,912 a------- c:\windows\system32\xolehlp.dll
2009-05-07 14:43 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-07 14:43 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-07 14:43 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-05-07 14:43 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-05-07 14:43 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-07 14:43 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-07 14:43 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-07 14:43 1,695,744 a------- c:\windows\system32\gameux.dll
2009-05-07 14:43 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-05-07 14:42 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-07 14:42 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-05-07 14:42 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-07 14:40 2,048 a------- c:\windows\system32\tzres.dll
2009-05-07 14:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-05-07 14:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-07 14:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-07 14:36 2,927,104 a------- c:\windows\explorer.exe
2009-05-07 14:29 6,656 a------- c:\windows\system32\kbd106n.dll
2009-05-07 14:29 988,216 a------- c:\windows\system32\winload.exe
2009-05-07 14:29 927,288 a------- c:\windows\system32\winresume.exe
2009-05-07 14:29 378,368 a------- c:\windows\system32\srcore.dll
2009-05-07 14:29 318,464 a------- c:\windows\system32\rstrui.exe
2009-05-07 14:29 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-05-07 14:29 40,960 a------- c:\windows\system32\srclient.dll
2009-05-07 14:29 19,000 a------- c:\windows\system32\kd1394.dll
2009-05-07 14:29 14,848 a------- c:\windows\system32\srdelayed.exe
2009-05-07 14:29 615,992 a------- c:\windows\system32\ci.dll
2009-05-07 14:26 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-05-07 14:26 72,704 a------- c:\windows\system32\secur32.dll
2009-05-07 14:26 9,728 a------- c:\windows\system32\lsass.exe
2009-05-07 14:26 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-05-07 14:26 24,064 a------- c:\windows\system32\amxread.dll
2009-05-07 14:26 13,824 a------- c:\windows\system32\apilogen.dll
2009-05-07 14:26 443,392 a------- c:\windows\system32\win32spl.dll
2009-05-07 14:26 37,888 a------- c:\windows\system32\printcom.dll
2009-05-07 14:25 14,848 a------- c:\windows\system32\wshrm.dll
2009-05-07 14:22 268,288 a------- c:\windows\system32\schannel.dll
2009-05-07 14:19 622,080 a------- c:\windows\system32\icardagt.exe
2009-05-07 14:19 97,800 a------- c:\windows\system32\infocardapi.dll
2009-05-07 14:19 11,264 a------- c:\windows\system32\icardres.dll
2009-05-07 14:19 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-07 14:19 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-05-07 14:19 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-05-07 14:19 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-05-07 14:14 96,760 a------- c:\windows\system32\dfshim.dll
2009-05-07 14:14 41,984 a------- c:\windows\system32\netfxperf.dll
2009-05-07 14:14 282,112 a------- c:\windows\system32\mscoree.dll
2009-05-07 14:14 158,720 a------- c:\windows\system32\mscorier.dll
2009-05-07 14:14 83,968 a------- c:\windows\system32\mscories.dll
2009-05-07 14:10 2,868,736 a------- c:\windows\system32\mf.dll
2009-05-07 14:10 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-05-07 14:10 98,816 a------- c:\windows\system32\mfps.dll
2009-05-07 14:10 94,720 a------- c:\windows\system32\logagent.exe
2009-05-07 14:10 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-05-07 14:10 24,576 a------- c:\windows\system32\mfpmp.exe
2009-05-07 14:10 2,048 a------- c:\windows\system32\mferror.dll
2009-05-07 14:09 738,304 a------- c:\windows\system32\inetcomm.dll
2009-05-07 14:09:32 A------- 84,480 c:\windows\system32\INETRES.dll

============= FINISH: 11:59:11.51 ===============

Attached Files


Edited by hannaconda, 22 July 2009 - 05:19 PM.


BC AdBot (Login to Remove)

 


m

#2 hannaconda

hannaconda
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 23 July 2009 - 11:57 AM

I downloaded and ran combofix.
It seems to have removed the virus which has been showing up as Trojan Horse Generic 14.DYJ

I have the combofix log if anyone would be so kind as to look over it and let me know.

Thanks

Hello hannaconda,

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 23 July 2009 - 05:40 PM.


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:58 AM

Posted 31 July 2009 - 12:04 PM

Hello hannaconda my name is Sempai and welcome to Bleeping Computer.

*We apologize for the delay. Forum have been busy.

*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.

*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.

*You must reply within 5 days otherwise this topic will be closed.


Please create a new DDS log. Post it together with the Combofix log that you have.

Note: ComboFix SHOULD NOT be used unless requested by a forum helper as it could cause irreversible damage to your computer.


~Semp :thumbup2:

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:58 AM

Posted 03 August 2009 - 05:25 PM

Are you still with us?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 PM

Posted 05 August 2009 - 10:45 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users