Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removal of Backdoor.bot-Acovcnt.exe


  • This topic is locked This topic is locked
8 replies to this topic

#1 MarkR42

MarkR42

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 19 September 2009 - 11:44 AM

Although I've had almost no symptoms other than slow browsing speeds and regularily having to terminate Firefox in order to open Firefox, the program ScanSpyware discovered the program Acovcnt.exe in my Windows/System32 folder. Upon looking it up on the Net, I discovered that it was a Backdoor.bot and should be removed immediately. After every removal, however, I find it back in its folder upon restarting the computer.

Malwarebyte's shows no infection. Sophos showed no infection. RootRepeal crashes when I run it.

Here the Dds Results:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Mark Riemer at 17:40:23,81 on 19.09.2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1033.18.3071.1964 [GMT 2:00]

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ASUS.SYS\DVMExportService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Mark Riemer\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

============== Pseudo HJT Report ===============

uStart Page = www.tvtorrents.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: MP3Bar: {f6bd6330-76f8-44d9-b775-87614e2d8374} - c:\program files\fiesta download manager\mp3bar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
mRun: [Launch LCDMon] "c:\program files\common files\logitech\lcd manager\LCDMon.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &MP3Bar - c:\program files\fiesta download manager\mp3bar.dll/MENUSEARCH.HTM
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\markri~1\appdata\roaming\mozilla\firefox\profiles\zj3x7blg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tvtorrents.com/loggedin/showcalendar.do
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbiblionet.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprmsl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-21 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-21 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-21 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-21 53328]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\DVMExportService.exe [2008-11-20 307200]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-22 92296]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-8-21 604488]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-9-9 48128]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-9-12 34760]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-8-21 43904]
SUnknown MEMSWEEP2;MEMSWEEP2; [x]

=============== Created Last 30 ================

2009-09-19 17:16 <DIR> --d-h--- c:\temp\dvmexp
2009-09-19 17:16 <DIR> --d-h--- C:\dvmexp
2009-09-19 09:39 <DIR> --d----- c:\program files\Sophos
2009-09-17 21:01 45,056 a------- c:\windows\system32\acovcnt.exe
2009-09-17 20:22 <DIR> --d----- c:\program files\iPod
2009-09-17 20:22 <DIR> --d----- c:\program files\iTunes
2009-09-17 10:53 <DIR> --d----- c:\programdata\NVIDIA
2009-09-17 10:51 <DIR> --d----- c:\windows\system32\AGEIA
2009-09-17 10:43 <DIR> --d----- C:\NVIDIA
2009-09-17 10:39 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-09-14 18:27 570 a------- c:\users\markri~1\appdata\roaming\wklnhst.dat
2009-09-12 10:07 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-09-12 09:37 123 a------- c:\windows\rootkitno.ini
2009-09-12 09:24 34,760 a------- c:\windows\system32\drivers\Partizan.sys
2009-09-12 09:24 32,480 a------- c:\windows\system32\Partizan.exe
2009-09-12 09:24 12,752 a------- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-09-12 09:24 <DIR> --d----- c:\program files\UnHackMe
2009-09-12 08:48 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-12 08:48 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-12 08:47 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 08:47 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-08 21:34 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-08 21:34 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-08 21:34 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-08 21:34 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-08 21:34 10,240 a------- c:\windows\system32\finger.exe
2009-09-08 21:34 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-08 21:34 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-08 21:34 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-08 21:34 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-08 21:34 17,920 a------- c:\windows\system32\netevent.dll
2009-09-08 21:34 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-08 21:33 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-08 21:33 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-08 21:33 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-08 21:33 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-08 21:33 513,536 a------- c:\windows\system32\wlansvc.dll
2009-09-08 21:33 65,024 a------- c:\windows\system32\wlanapi.dll
2009-09-08 21:33 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-08 17:08 <DIR> --d----- c:\programdata\ashampoo
2009-09-08 17:08 <DIR> --d----- c:\progra~2\ashampoo
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-01 23:30 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 23:30 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:56 <DIR> --d----- c:\programdata\Fiesta Download Manager
2009-08-28 10:56 <DIR> --d----- c:\progra~2\Fiesta Download Manager
2009-08-28 10:56 <DIR> --d----- c:\program files\Fiesta Download Manager
2009-08-28 01:24 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-28 01:24 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-28 01:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-27 18:26 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-08-26 23:27 161,792 a------- c:\windows\SWREG.exe
2009-08-26 23:27 98,816 a------- c:\windows\sed.exe
2009-08-26 22:48 <DIR> --d----- c:\programdata\SecTaskMan
2009-08-26 22:48 <DIR> --d----- c:\progra~2\SecTaskMan
2009-08-26 22:11 2 a--shrot c:\windows\winstart.bat
2009-08-25 20:42 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-08-25 20:37 2,048 a------- c:\windows\system32\tzres.dll
2009-08-25 16:20 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-25 11:00 801 a------- c:\windows\ScanSpyware.INI
2009-08-25 10:55 <DIR> --d----- c:\users\markri~1\appdata\roaming\ScanSpyware
2009-08-24 22:27 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-08-23 21:37 <DIR> --d----- c:\users\markri~1\appdata\roaming\PeerNetworking
2009-08-23 09:53 <DIR> --d----- c:\windows\system32\SRSLabs
2009-08-23 09:53 <DIR> --d----- c:\windows\system32\RTCOM
2009-08-23 09:52 2,664,032 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-08-23 09:52 1,226,272 a------- c:\windows\system32\RtkPgExt.dll
2009-08-23 09:52 551,456 a------- c:\windows\system32\RTSndMgr.cpl
2009-08-23 09:52 52,256 a------- c:\windows\system32\RtkCoInst.dll
2009-08-23 09:52 2,898,464 a------- c:\windows\system32\RtkAPO.dll
2009-08-23 09:52 326,176 a------- c:\windows\system32\RtkApoApi.dll
2009-08-23 09:52 290,304 a------- c:\windows\system32\RP3DHT32.dll
2009-08-23 09:52 290,304 a------- c:\windows\system32\RP3DAA32.dll
2009-08-23 09:52 160,256 a------- c:\windows\system32\FMAPO.dll
2009-08-23 09:52 142,848 a------- c:\windows\system32\AERTACap.dll
2009-08-23 09:52 125,952 a------- c:\windows\system32\AERTARen.dll
2009-08-23 09:52 831,488 a------- c:\windows\RtlExUpd.dll
2009-08-22 11:49 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-22 09:24 <DIR> --d----- c:\program files\common files\McAfee
2009-08-22 09:24 <DIR> --d----- c:\program files\McAfee
2009-08-22 00:08 24 a------- c:\windows\ATKPF.ini
2009-08-21 23:56 <DIR> --d----- c:\programdata\SiteAdvisor
2009-08-21 23:55 <DIR> --d----- c:\programdata\WindowsSearch
2009-08-21 23:53 <DIR> --d----- c:\programdata\McAfee
2009-08-21 23:49 <DIR> a-d----- c:\programdata\TEMP
2009-08-21 23:49 1,071,088 a------- c:\windows\system32\MSCOMCTL.OCX
2009-08-21 23:49 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
2009-08-21 23:49 <DIR> --d----- c:\program files\SpywareBlaster
2009-08-21 23:47 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-08-21 23:46 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-21 23:46 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-21 23:46 <DIR> --d----- c:\programdata\Lavasoft
2009-08-21 23:46 <DIR> --d----- c:\program files\Lavasoft
2009-08-21 23:39 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-08-21 23:39 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-08-21 23:38 <DIR> --d----- c:\users\markri~1\appdata\roaming\SUPERAntiSpyware.com
2009-08-21 23:38 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-21 23:38 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-21 23:26 32,441 a------- c:\programdata\nvModes.dat
2009-08-21 23:26 32,441 a------- c:\progra~2\nvModes.dat
2009-08-21 23:20 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-08-21 23:20 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-21 21:31 1,339,392 a------- c:\windows\system32\CNC620C.DLL
2009-08-21 21:31 270,336 a------- c:\windows\system32\CNC620L.DLL
2009-08-21 21:31 188,416 a------- c:\windows\system32\CNC620O.DLL
2009-08-21 21:31 98,304 a------- c:\windows\system32\CNC620I.DLL
2009-08-21 21:30 <DIR> --d----- c:\program files\Canon
2009-08-21 20:49 0 -------- c:\windows\system32\drivers\1043_ASUSTEK_F70SL_V10_VISTA.MRK
2009-08-21 20:48 236,064 a------- c:\windows\system32\nvmccs.dll
2009-08-21 20:48 45,056 a------- c:\windows\system32\nvmccsrs.dll
2009-08-21 20:48 7,660,544 a------- c:\windows\system32\nvd3dum.dll
2009-08-21 20:48 122,880 a------- c:\windows\system32\nvcod134.dll
2009-08-21 20:48 991,744 a------- c:\windows\system32\nvapi.dll
2009-08-21 20:48 795,104 a------- c:\windows\system32\dpinst.exe
2009-08-21 20:48 147,456 a------- c:\windows\system32\nvcolor.exe
2009-08-21 20:37 13 -------- C:\F70SL_VISTA.10
2009-08-21 20:37 7 -------- C:\RECOVERY.DAT
2009-08-21 20:37 1,048,576 -------- C:\F70SL.BIN
2009-08-21 20:37 15,928 a------- c:\windows\system32\drivers\kbfiltr.sys
2009-08-21 20:06 313,888 a------- c:\windows\system32\nvexpbar.dll
2009-08-21 20:06 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-08-21 20:05 <DIR> --d----- c:\program files\ASUS
2009-08-21 20:05 <DIR> --dsh--- c:\windows\Installer
2009-08-21 20:04 <DIR> --d----- c:\program files\ATKGFNEX
2009-08-21 19:52 <DIR> --d----- c:\program files\common files\CANON
2009-08-21 19:48 <DIR> --d-h--- c:\programdata\CanonBJ
2009-08-21 19:44 230,912 a------- c:\windows\system32\CNMLM9D.DLL
2009-08-21 19:44 363,520 a------- c:\windows\system32\CNMNPPM.DLL
2009-08-21 19:44 143,360 a------- c:\windows\system32\CNMNPUI.DLL
2009-08-21 19:07 <DIR> --d----- c:\program files\MSXML 4.0
2009-08-21 19:01 <DIR> --d----- c:\programdata\FLEXnet
2009-08-21 18:56 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-08-21 16:28 <DIR> --d----- c:\windows\system32\eu-ES
2009-08-21 16:28 <DIR> --d----- c:\windows\system32\ca-ES
2009-08-21 16:28 <DIR> --d----- c:\windows\system32\vi-VN
2009-08-21 16:02 766 a------- c:\windows\system\CRIcon.ico
2009-08-21 16:02 <DIR> --d----- C:\swsetup
2009-08-21 15:58 <DIR> --d----- c:\windows\system32\EventProviders
2009-08-21 15:56 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-08-21 15:56 1,081,344 a------- c:\windows\system32\SLCExt.dll
2009-08-21 15:56 3,408,896 a------- c:\windows\system32\SLsvc.exe
2009-08-21 15:56 2,134,528 a------- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-08-21 15:56 65,536 a------- c:\windows\system32\DevicePairingWizard.exe
2009-08-21 15:54 1,730,560 a------- c:\windows\system32\apds.dll
2009-08-21 15:54 <DIR> --d----- c:\program files\common files\Logitech
2009-08-21 15:53 135,168 a------- c:\windows\system32\cscript.exe
2009-08-21 15:52 153 a------- c:\windows\system32\RacUREx.xml
2009-08-21 15:52 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-08-21 15:52 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-08-21 15:52 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-08-21 15:52 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-08-21 15:52 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-08-21 15:52 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-08-21 15:52 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-08-21 15:52 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-08-21 15:51 218,624 a------- c:\windows\system32\wdscore.dll
2009-08-21 15:51 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-08-21 15:51 247,808 a------- c:\windows\system32\drvstore.dll
2009-08-21 15:44 <DIR> --d----- c:\users\markri~1\appdata\roaming\Uniblue
2009-08-21 15:44 <DIR> --d----- c:\programdata\DriverScanner
2009-08-21 15:44 <DIR> --d----- c:\progra~2\DriverScanner
2009-08-21 15:44 <DIR> --d----- c:\program files\Uniblue
2009-08-21 15:43 <DIR> -cd-h--- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-08-21 15:43 <DIR> -cd-h--- c:\progra~2\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-08-21 15:41 604,488 a------- c:\windows\system32\TUProgSt.exe
2009-08-21 15:41 29,000 a------- c:\windows\system32\uxtuneup.dll
2009-08-21 15:41 17,224 a------- c:\windows\system32\authuitu.dll
2009-08-21 15:41 361,288 a------- c:\windows\system32\TuneUpDefragService.exe
2009-08-21 15:41 <DIR> --d----- c:\users\markri~1\appdata\roaming\TuneUp Software
2009-08-21 15:40 <DIR> --d----- c:\programdata\TuneUp Software
2009-08-21 15:40 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-08-21 15:40 <DIR> --d----- c:\progra~2\TuneUp Software
2009-08-21 15:39 <DIR> --dsh--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-21 15:39 <DIR> --dsh--- c:\progra~2\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-21 15:29 <DIR> --d----- c:\users\markri~1\appdata\roaming\Ashampoo
2009-08-21 15:28 <DIR> --d----- c:\program files\Ashampoo
2009-08-21 15:26 <DIR> --d----- c:\users\markri~1\appdata\roaming\Malwarebytes
2009-08-21 15:26 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-21 15:26 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-21 15:20 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-21 15:20 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-21 15:19 <DIR> --d----- c:\program files\Bonjour
2009-08-21 15:14 <DIR> --d----- c:\programdata\Apple Computer
2009-08-21 15:11 <DIR> --d----- c:\programdata\Apple
2009-08-21 15:06 <DIR> --d----- c:\program files\Secunia
2009-08-21 15:05 <DIR> --d----- c:\programdata\Solero
2009-08-21 15:05 <DIR> --d----- c:\program files\FreeHand Systems
2009-08-21 15:05 <DIR> --d----- c:\progra~2\Solero
2009-08-21 15:02 <DIR> --d----- c:\users\mark riemer\Tracing
2009-08-21 15:00 <DIR> --d----- c:\program files\Microsoft
2009-08-21 15:00 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-08-21 14:58 <DIR> --d----- c:\windows\PCHEALTH
2009-08-21 14:55 <DIR> --d----- c:\program files\common files\Windows Live
2009-08-21 14:51 <DIR> --d----- c:\program files\VSO
2009-08-21 14:49 <DIR> --d----- c:\program files\MSECache
2009-08-21 14:48 56 a---h--- c:\programdata\ezsidmv.dat
2009-08-21 14:48 56 a---h--- c:\progra~2\ezsidmv.dat
2009-08-21 14:34 <DIR> --d--r-- c:\program files\Skype
2009-08-21 14:34 <DIR> --d----- c:\programdata\Skype
2009-08-21 14:33 <DIR> --d----- c:\program files\RocketDock
2009-08-21 14:32 <DIR> --d----- c:\program files\CCleaner
2009-08-21 14:28 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-08-21 14:28 11,967,524 a------- c:\windows\system32\korwbrkr.lex
2009-08-21 14:20 <DIR> --d----- c:\program files\uTorrent
2009-08-21 14:18 <DIR> --d----- c:\users\markri~1\appdata\roaming\uTorrent
2009-08-21 13:23 <DIR> --d----- c:\program files\AVG
2009-08-21 13:21 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-21 13:01 156,160 a------- c:\windows\system32\msls31.dll
2009-08-21 13:00 385,024 a------- c:\windows\system32\html.iec
2009-08-21 13:00 169,472 a------- c:\windows\system32\iexpress.exe
2009-08-21 13:00 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-08-21 13:00 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-08-21 13:00 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-08-21 13:00 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-08-21 13:00 45,568 a------- c:\windows\system32\mshta.exe
2009-08-21 12:59 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-08-21 12:59 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-21 12:59 270,848 a------- c:\windows\system32\schannel.dll
2009-08-21 12:59 218,624 a------- c:\windows\system32\msv1_0.dll
2009-08-21 12:59 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-21 12:59 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-21 12:59 72,704 a------- c:\windows\system32\secur32.dll
2009-08-21 12:59 9,728 a------- c:\windows\system32\lsass.exe
2009-08-21 12:45 <DIR> --d----- c:\programdata\Adobe
2009-08-21 12:45 <DIR> --d----- c:\users\markri~1\appdata\roaming\Symantec
2009-08-21 12:41 2,034,688 a------- c:\windows\system32\win32k.sys
2009-08-21 12:41 289,792 a------- c:\windows\system32\atmfd.dll
2009-08-21 12:41 156,672 a------- c:\windows\system32\t2embed.dll
2009-08-21 12:41 72,704 a------- c:\windows\system32\fontsub.dll
2009-08-21 12:41 34,304 a------- c:\windows\system32\atmlib.dll
2009-08-21 12:41 23,552 a------- c:\windows\system32\lpk.dll
2009-08-21 12:41 10,240 a------- c:\windows\system32\dciman32.dll
2009-08-21 12:41 71,680 a------- c:\windows\system32\atl.dll
2009-08-21 12:41 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-21 12:40 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-21 12:40 136,192 a------- c:\windows\system32\aaclient.dll
2009-08-21 12:40 53,248 a------- c:\windows\system32\tsgqec.dll
2009-08-21 12:40 623,616 a------- c:\windows\system32\localspl.dll
2009-08-21 12:40 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-21 12:40 6,656 a------- c:\windows\system32\kbd106n.dll
2009-08-21 12:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-21 12:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-21 12:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-21 12:39 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-21 12:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-21 12:39 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-21 12:39 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-21 12:39 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-08-21 12:32 0 a------- c:\windows\system32\drivers\1043_ASUSTeK_F70SL.alu
2009-08-21 12:31 <DIR> --d----- c:\programdata\Symantec
2009-08-21 12:31 <DIR> --d----- c:\progra~2\Symantec
2009-08-21 12:31 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-08-21 12:30 47,672 a------- c:\windows\AsScrProlog.exe
2009-08-21 12:30 4,814,371 a------- c:\windows\ASUS Camera ScreenSaver.exe
2009-08-21 12:30 281,144 a------- c:\windows\ASUS Camera ScreenSaver Uninstaller.exe
2009-08-21 12:30 520,192 a------- c:\windows\system32\Asus_Camera_ScreenSaver.scr
2009-08-21 12:30 <DIR> --d----- c:\windows\system32\Asus_Camera_ScreenSaver dir
2009-08-21 12:30 3,054,136 a------- c:\windows\AsScrPro.exe
2009-08-21 12:30 <DIR> --d-h--- c:\temp\tmpdvmexp
2009-08-21 12:28 <DIR> --d-h--- C:\ASUS.SYS
2009-08-21 12:28 <DIR> --d-h--- C:\temp
2009-08-21 12:28 <DIR> --d----- c:\program files\Downloaded Installations
2009-08-21 12:26 155,648 a------- c:\windows\system32\ACEngSvr.exe
2009-08-21 12:25 <DIR> --d----- c:\programdata\ASUS
2009-08-21 12:25 <DIR> --d----- c:\progra~2\ASUS
2009-08-21 12:17 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-08-21 12:17 <DIR> --d----- c:\program files\Synaptics
2009-08-21 12:17 1,060,424 a------- c:\windows\system32\WdfCoInstaller01000.dll
2009-08-21 12:17 196,608 a------- c:\windows\system32\SynCtrl.dll
2009-08-21 12:17 196,400 a------- c:\windows\system32\drivers\SynTP.sys
2009-08-21 12:17 163,840 a------- c:\windows\system32\SynCOM.dll
2009-08-21 12:17 147,456 a------- c:\windows\system32\SynTPAPI.dll
2009-08-21 12:17 110,592 a------- c:\windows\system32\SynTPCo4.dll
2009-08-21 12:17 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-08-21 12:16 83,456 a------- c:\windows\system32\wudriver.dll
2009-08-21 12:16 162,064 a------- c:\windows\system32\wuwebv.dll
2009-08-21 12:16 31,232 a------- c:\windows\system32\wuapp.exe
2009-08-21 12:15 1,772,544 a------- c:\windows\system32\drivers\snp2uvc.sys
2009-08-21 12:15 176,128 a------- c:\windows\system32\csnp2uvc.dll
2009-08-21 12:15 28,160 a------- c:\windows\system32\drivers\sncduvc.sys
2009-08-21 12:15 15,497 a------- c:\windows\snp2uvc.ini
2009-08-21 12:15 13,022 a------- c:\windows\snp2uvc.src
2009-08-21 12:14 5,430 a------- c:\windows\system\MyMulti.ico
2009-08-21 12:13 <DIR> --d----- c:\program files\Wireless Console 2
2009-08-21 12:10 919,552 a------- c:\windows\system32\athr.sys
2009-08-21 12:10 516,096 a------- c:\windows\system32\S64CPA.exe
2009-08-21 12:10 118,270 a------- c:\windows\system32\netathr.inf
2009-08-21 12:10 39,537 a------- c:\windows\system32\athrext.cat
2009-08-21 12:10 <DIR> --d----- c:\windows\system32\nn-NO
2009-08-21 12:10 393,216 a------- c:\windows\system32\athihvs.dll
2009-08-21 12:10 53,248 a------- c:\windows\system32\athihvui.dll
2009-08-21 12:09 <DIR> --d----- c:\program files\Cisco
2009-08-21 12:09 <DIR> --d----- c:\program files\Atheros
2009-08-21 12:09 <DIR> --d----- c:\programdata\Atheros
2009-08-21 12:09 <DIR> --d----- c:\progra~2\Atheros
2009-08-21 12:09 80,384 a------- c:\windows\system32\drivers\tshd4_kern_i386.sys
2009-08-21 12:09 61,952 a------- c:\windows\system32\drivers\cshp_kern_i386.sys
2009-08-21 12:09 48,768 a------- c:\windows\system32\drivers\maxv_kern_i386.sys
2009-08-21 12:09 43,904 a------- c:\windows\system32\drivers\SRS_PremiumSound_i386.sys
2009-08-21 12:09 43,776 a------- c:\windows\system32\drivers\hp360_kern_i386.sys
2009-08-21 12:08 319,456 a------- c:\windows\DIFxAPI.dll
2009-08-21 12:08 <DIR> --d----- c:\program files\Realtek
2009-08-21 12:08 <DIR> --d-h--- c:\program files\Temp
2009-08-21 12:03 <DIR> --d----- c:\users\Mark Riemer

==================== Find3M ====================

2009-09-17 10:49 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-17 10:49 51,200 a------- c:\windows\inf\infpub.dat
2009-09-17 10:49 86,016 a------- c:\windows\inf\infstor.dat
2009-08-29 04:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 04:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 04:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 04:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-21 18:51 129,784 -------- c:\windows\system32\pxafs.dll
2009-08-21 18:51 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-08-21 18:51 116,472 -------- c:\windows\system32\pxcpyi64.exe
2009-08-21 18:51 43,528 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-08-21 16:27 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-19 13:35 10,420,224 a------- c:\windows\system32\nvoglv32.dll
2009-08-19 13:35 9,787,488 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-19 13:35 3,197,952 a------- c:\windows\system32\nvwgf2um.dll
2009-08-19 13:35 1,740,800 a------- c:\windows\system32\nvcuda.dll
2009-08-19 13:35 1,317,408 a------- c:\windows\system32\nvcuvenc.dll
2009-08-19 13:35 678,432 a------- c:\windows\system32\nvcuvid.dll
2009-08-19 13:35 485,920 a------- c:\windows\system32\nvudisp.exe
2009-08-19 13:35 155,648 a------- c:\windows\system32\nvcod163.dll
2009-08-19 13:35 155,648 a------- c:\windows\system32\nvcod.dll
2009-08-19 13:35 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-08-16 17:08 178,176 a------- c:\windows\system32\unrar.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-21 23:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 23:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 23:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 22:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-14 02:15 90,112 a------- c:\windows\system32\dpl100.dll
2009-07-14 02:15 685,056 a------- c:\windows\system32\divx.dll
2008-01-21 04:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 14:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 14:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 14:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 14:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:41:41,30 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 MarkR42

MarkR42
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 24 September 2009 - 03:18 AM

Is anyone there who has time to help me remove the Acovcnt.exe infection?????????

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 24 September 2009 - 09:52 PM.


#3 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:38 PM

Posted 06 October 2009 - 07:38 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#4 MarkR42

MarkR42
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 06 October 2009 - 08:52 AM

Hey PW, thanks for the reply.

So, a few months back, a program I was using, ScanSpyware, found something called acovcnt.exe Backdoor.bot in my Windows System32 file. I would delete it with the program and the next day it would be back in the System 32 file again. I tried Malwarebyte's and Sophos to no avail. I also have SuperAntiSpyware running and that didn't find the Backdoor.bot, even though it was clearly in the System32 registry.

For weeks now I have been deleting the file Acovcnt.exe manually every morning, waiting for a response here. Now all of a sudden, the file is no longer on my System. I'm hoping that one of my other AV or Malware programs finally caught it and deleted it, but I'm not sure.

As far as symptoms, I have only had slow browsing speeds, but nothing else.

If you could just tell me if everything appears to be fine with my System, I'd be grateful. I'm worried that the Acovcnt.exe is hiding somewhere.

Here are the DDS logs:


DDS (Ver_09-09-29.01) - NTFSx86
Run by Mark Riemer at 15:42:13,28 on 06.10.2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1033.18.3071.1601 [GMT 2:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ASUS.SYS\DVMExportService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\TUProgSt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Program Files\Uniblue\DriverScanner\DriverScanner.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mark Riemer\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.tvtorrents.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {F6BD6330-76F8-44D9-B775-87614E2D8374} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [HWPropClass] regsvr32 /s /u "c:\users\mark riemer\appdata\local\hwprop\HWPropClass.dll"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Launch LCDMon] "c:\program files\common files\logitech\lcd manager\LCDMon.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\markri~1\appdata\roaming\mozilla\firefox\profiles\zj3x7blg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tvtorrents.com/loggedin/showcalendar.do
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbiblionet.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprmsl.dll
FF - plugin: c:\users\mark riemer\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-21 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-21 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-21 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-21 53328]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\DVMExportService.exe [2008-11-20 307200]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-22 92296]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-9-25 604488]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-9-9 48128]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-8-21 43904]

=============== Created Last 30 ================

2009-10-06 09:54 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-10-06 09:54 171,608 a------- c:\windows\system32\wuwebv.dll
2009-10-06 09:54 33,792 a------- c:\windows\system32\wuapp.exe
2009-10-06 08:54 12 ----h--- C:\dvmexp.idx
2009-10-06 06:54 <DIR> --d-h--- c:\temp\dvmexp
2009-10-06 06:54 <DIR> --d-h--- C:\dvmexp
2009-10-04 22:49 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-04 19:48 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-25 18:30 604,488 a------- c:\windows\system32\TUProgSt.exe
2009-09-25 18:30 29,000 a------- c:\windows\system32\uxtuneup.dll
2009-09-25 18:30 17,224 a------- c:\windows\system32\authuitu.dll
2009-09-25 18:29 361,288 a------- c:\windows\system32\TuneUpDefragService.exe
2009-09-25 18:29 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-09-23 19:44 <DIR> --d----- c:\program files\iPod
2009-09-23 19:44 <DIR> --d----- c:\program files\iTunes
2009-09-20 10:00 <DIR> --d----- c:\program files\a-squared Anti-Malware
2009-09-17 10:53 <DIR> --d----- c:\programdata\NVIDIA
2009-09-17 10:51 <DIR> --d----- c:\windows\system32\AGEIA
2009-09-17 10:43 <DIR> --d----- C:\NVIDIA
2009-09-17 10:39 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-09-14 18:27 1,708 a------- c:\users\markri~1\appdata\roaming\wklnhst.dat
2009-09-12 10:07 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-09-12 09:37 123 a------- c:\windows\rootkitno.ini
2009-09-12 09:24 <DIR> --d----- c:\program files\UnHackMe
2009-09-12 08:48 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-12 08:48 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-12 08:47 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 08:47 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-08 21:34 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-08 21:34 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-08 21:34 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-08 21:34 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-08 21:34 10,240 a------- c:\windows\system32\finger.exe
2009-09-08 21:34 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-08 21:34 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-08 21:34 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-08 21:34 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-08 21:34 17,920 a------- c:\windows\system32\netevent.dll
2009-09-08 21:34 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-08 21:33 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-08 21:33 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-08 21:33 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-08 21:33 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-08 21:33 513,536 a------- c:\windows\system32\wlansvc.dll
2009-09-08 21:33 65,024 a------- c:\windows\system32\wlanapi.dll
2009-09-08 21:33 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-08 17:08 <DIR> --d----- c:\programdata\ashampoo
2009-09-08 17:08 <DIR> --d----- c:\progra~2\ashampoo

==================== Find3M ====================

2009-10-06 06:58 32,441 a------- c:\programdata\nvModes.dat
2009-10-06 06:58 32,441 a------- c:\progra~2\nvModes.dat
2009-09-30 09:55 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-30 09:55 51,200 a------- c:\windows\inf\infpub.dat
2009-09-30 09:55 86,016 a------- c:\windows\inf\infstor.dat
2009-09-21 20:48 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-15 12:55 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-05 14:25 1,183,744 a------- c:\windows\system32\drivers\athr.sys
2009-08-31 20:13 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-08-29 04:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 04:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 04:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 04:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-29 02:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 02:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-25 16:20 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-23 09:52 319,456 a------- c:\windows\DIFxAPI.dll
2009-08-21 18:51 129,784 -------- c:\windows\system32\pxafs.dll
2009-08-21 18:51 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-08-21 18:51 116,472 -------- c:\windows\system32\pxcpyi64.exe
2009-08-21 18:51 43,528 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-08-21 16:27 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-21 14:48 56 a---h--- c:\programdata\ezsidmv.dat
2009-08-21 14:48 56 a---h--- c:\progra~2\ezsidmv.dat
2009-08-21 13:17 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-08-21 12:32 0 a------- c:\windows\system32\drivers\1043_ASUSTeK_F70SL.alu
2009-08-21 12:30 3,054,136 a------- c:\windows\AsScrPro.exe
2009-08-21 12:17 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-08-19 13:35 10,420,224 a------- c:\windows\system32\nvoglv32.dll
2009-08-19 13:35 9,787,488 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-19 13:35 7,660,544 a------- c:\windows\system32\nvd3dum.dll
2009-08-19 13:35 3,197,952 a------- c:\windows\system32\nvwgf2um.dll
2009-08-19 13:35 1,740,800 a------- c:\windows\system32\nvcuda.dll
2009-08-19 13:35 1,317,408 a------- c:\windows\system32\nvcuvenc.dll
2009-08-19 13:35 991,744 a------- c:\windows\system32\nvapi.dll
2009-08-19 13:35 678,432 a------- c:\windows\system32\nvcuvid.dll
2009-08-19 13:35 485,920 a------- c:\windows\system32\nvudisp.exe
2009-08-19 13:35 155,648 a------- c:\windows\system32\nvcod163.dll
2009-08-19 13:35 155,648 a------- c:\windows\system32\nvcod.dll
2009-08-19 13:35 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-08-16 17:08 178,176 a------- c:\windows\system32\unrar.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-21 23:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 23:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 23:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 22:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-20 19:22 1,226,272 a------- c:\windows\system32\RtkPgExt.dll
2009-07-20 19:22 52,256 a------- c:\windows\system32\RtkCoInst.dll
2009-07-20 19:21 2,898,464 a------- c:\windows\system32\RtkAPO.dll
2009-07-20 19:21 326,176 a------- c:\windows\system32\RtkApoApi.dll
2009-07-17 15:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 14:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 14:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 14:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 14:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 02:15 90,112 a------- c:\windows\system32\dpl100.dll
2009-07-14 02:15 685,056 a------- c:\windows\system32\divx.dll
2008-01-21 04:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 14:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 14:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 14:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 14:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:42:36,33 ===============

Attached Files



#5 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:38 PM

Posted 08 October 2009 - 08:20 AM

Hello MarkR42 and welcome to Bleeping Computer!! :(

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains.

If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off when copying and pasting logs and only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.

Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista

Again, keep in mind that it may take a couple of days before I can reply but once we get started the process should speed up.

Thank you for your patience!!
PW

#6 MarkR42

MarkR42
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 08 October 2009 - 10:20 AM

Hey PW, thanks again for your reply. I've set my Vista to show Hidden Files and Folders as requested and await your next post. Mark

#7 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:38 PM

Posted 10 October 2009 - 08:20 AM

Hello MarkR42,

I have some bad news. :(

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Thanks!!
PW

#8 MarkR42

MarkR42
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 10 October 2009 - 09:25 AM

Hey PW,

thanks for the reply....I was sure it was a backdoor infection....I have been very good about backing up everything, so I will reformat and reinstall...in preparation for getting the Windows 7 Upgrade in 2 weeks....think its for the best.

Thanks, Mark

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:38 AM

Posted 10 October 2009 - 03:08 PM

You are welcome and success on behalf of pwgib.

This thread will now be closed since the issue seems to be resolved.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users