Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with bleeping virus, slows my com to halt


  • This topic is locked This topic is locked
11 replies to this topic

#1 moza100

moza100

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:seattle, wa
  • Local time:05:48 AM

Posted 17 October 2009 - 07:30 PM

I tried Ad-Aware SE and Spyboot but nothing working. Help!

Attached Files



BC AdBot (Login to Remove)

 


#2 moza100

moza100
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:seattle, wa
  • Local time:05:48 AM

Posted 23 October 2009 - 10:20 PM

Did I miss my turn?

#3 moza100

moza100
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:seattle, wa
  • Local time:05:48 AM

Posted 23 October 2009 - 10:58 PM

DDS (Ver_09-10-13.01) - NTFSx86
Run by Ahmed at 17:09:53.28 on Sat 10/17/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2045.876 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}

============== Running Processes ===============

C:\WINDOWS\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\taskeng.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Athan\Athan.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Windows\V0330Mon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Salaat Time\SalaatTime.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\System32\rundll32.exe
C:\Users\Ahmed\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.msn.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://my.yahoo.com/
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SalaatTime] c:\program files\salaat time\SalaatTime.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Athan] c:\program files\athan\Athan.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [V0330Mon.exe] c:\windows\V0330Mon.exe
mRun: [V0330Cfg.exe] V0330Cfg.exe /d:3
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [c:\windows\system32\v0330ext.ax] c:\windows\system32\regsvr32.exe /s c:\windows\system32\V0330Ext.ax
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - ?p=GRxdm011YYUS
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: skillport.com
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-5/myWebFaceInitialSetup1.0.1.2.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ahmed\appdata\roaming\mozilla\firefox\profiles\nuc0th44.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRxdm011YYUS&fl=0&ptb=jnifkmdGnszcb3iVhTzumw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-5 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2009-7-7 28762]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-23 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2008-12-30 185183]

=============== Created Last 30 ================

2009-10-16 19:17 <DIR> --d----- c:\program files\VS Revo Group
2009-10-16 08:51 <DIR> --d----- c:\windows\SQLTools9_KB970892_ENU
2009-10-16 08:42 <DIR> --d----- c:\windows\SQL9_KB970892_ENU
2009-10-16 00:58 60,928 a------- c:\windows\system32\msasn1.dll
2009-10-16 00:58 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-16 00:58 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-15 22:31 <DIR> --d----- C:\$WINDOWS.~LS
2009-10-15 22:25 <DIR> --d----- C:\$WINDOWS.~BT
2009-10-15 22:11 <DIR> --dsh--- C:\USMT.TMP
2009-10-11 19:27 37,440 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-10-11 19:27 91,200 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-10-11 19:25 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-10-11 19:25 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-10-11 19:23 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-10-10 21:24 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-10-10 21:24 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-10-10 21:23 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-10 20:18 <DIR> --d----- c:\program files\Microsoft ATS
2009-10-02 13:17 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-28 22:39 <DIR> --d----- c:\windows\system32\eu-ES
2009-09-28 22:39 <DIR> --d----- c:\windows\system32\ca-ES
2009-09-28 22:39 <DIR> --d----- c:\windows\system32\vi-VN
2009-09-28 21:51 <DIR> --d----- c:\windows\system32\EventProviders
2009-09-28 21:42 <DIR> a-d----- c:\programdata\TEMP
2009-09-28 21:08 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-09-27 17:22 <DIR> --d----- c:\program files\iTunes
2009-09-23 15:38 54,632 a------- c:\windows\system32\drivers\fssfltr.sys

==================== Find3M ====================

2009-10-17 12:40 626,090 a------- c:\windows\system32\perfh001.dat
2009-10-17 12:40 152,588 a------- c:\windows\system32\perfc001.dat
2009-10-16 23:43 2,134 a------- c:\users\ahmed\appdata\roaming\wklnhst.dat
2009-09-28 22:49 86,016 a------- c:\windows\inf\infstor.dat
2009-09-28 22:49 51,200 a------- c:\windows\inf\infpub.dat
2009-09-28 22:49 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-28 22:39 665,600 a------- c:\windows\inf\drvindex.dat
2009-09-21 22:45 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-10 11:48 218,624 a------- c:\windows\system32\msv1_0.dll
2009-08-28 21:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 21:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 21:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 21:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 19:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 19:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-27 00:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 00:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 00:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-26 22:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-14 10:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 08:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 08:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 08:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 08:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 08:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 08:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 08:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 08:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-04 07:34 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 07:34 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-22 14:35 175,480 a---h--- c:\windows\system32\mlfcache.dat
2008-11-07 18:31 1,107,028 a------- c:\users\ahmed\CS-ASP-MembershipProvider_cs.zip
2008-09-08 20:09 285,290 a------- c:\windows\inf\perflib\0401\perfi.dat
2008-09-08 20:09 285,290 a------- c:\windows\inf\perflib\0401\perfh.dat
2008-09-08 20:09 41,018 a------- c:\windows\inf\perflib\0401\perfd.dat
2008-09-08 20:09 41,018 a------- c:\windows\inf\perflib\0401\perfc.dat
2008-01-20 21:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2004-10-19 19:58 35,232 ac------ c:\windows\inf\wg311t\ME_INST.EXE
2004-10-19 19:58 26,112 ac------ c:\windows\inf\wg311t\install.exe
2004-06-17 23:41 386,688 ac------ c:\windows\inf\wg311v2\netwg311_XP.sys
2004-04-04 13:07 84,912 ac------ c:\windows\inf\wg311v2\FwRad17.bin
2004-04-04 13:07 83,320 ac------ c:\windows\inf\wg311v2\FwRad16.bin
2009-06-22 00:18 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-22 00:18 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-22 00:18 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-19 17:54 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2006-10-11 22:09 94,208 ---sh--- c:\windows\system32\SalaatTime.dll

============= FINISH: 17:13:56.58 ===============

#4 moza100

moza100
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:seattle, wa
  • Local time:05:48 AM

Posted 23 October 2009 - 11:01 PM

ss

Edited by moza100, 24 October 2009 - 07:34 AM.


#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:48 PM

Posted 27 October 2009 - 05:44 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post fresh dds logs, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#6 moza100

moza100
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:seattle, wa
  • Local time:05:48 AM

Posted 27 October 2009 - 09:32 AM

DDS (Ver_09-10-26.01) - NTFSx86
Run by Ahmed at 7:23:27.52 on Tue 10/27/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2045.1056 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\V0330Mon.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Ahmed\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [V0330Mon.exe] c:\windows\V0330Mon.exe
mRun: [Athan] c:\program files\athan\Athan.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\ahmed\appdata\roaming\mozilla\firefox\profiles\1n72g6v7.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\users\ahmed\appdata\roaming\mozilla\firefox\profiles\1n72g6v7.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-27 01:54:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-10-26 23:56:40 0 d-----w- c:\programdata\McAfee Security Scan
2009-10-26 23:56:39 0 d-----w- c:\program files\McAfee Security Scan
2009-10-26 23:47:21 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-26 23:47:21 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-26 23:46:09 0 d-----w- c:\program files\iPod
2009-10-26 23:46:07 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-26 23:46:07 0 d-----w- c:\program files\iTunes
2009-10-26 23:38:48 0 d-----w- c:\program files\Bonjour
2009-10-26 23:37:19 0 d-----w- c:\programdata\Apple Computer
2009-10-26 23:32:20 0 d-----w- c:\programdata\Apple
2009-10-26 23:08:57 737280 ----a-w- c:\windows\iun6002.exe
2009-10-26 23:08:55 0 d-----w- c:\windows\system32\athan
2009-10-26 23:07:46 0 d-----w- c:\program files\Athan
2009-10-26 22:42:17 0 d-----w- c:\program files\Microsoft MapPoint 2009
2009-10-26 22:39:03 0 d-----w- c:\program files\MSECache
2009-10-26 22:22:20 0 d-----w- c:\windows\system32\eu-ES
2009-10-26 22:22:20 0 d-----w- c:\windows\system32\ca-ES
2009-10-26 22:22:18 0 d-----w- c:\windows\system32\vi-VN
2009-10-26 21:46:20 0 d-----w- c:\windows\system32\EventProviders
2009-10-26 20:47:29 376 ----a-w- c:\windows\ODBC.INI
2009-10-26 20:47:22 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-10-26 20:45:03 0 d-----w- c:\program files\Microsoft ActiveSync
2009-10-26 18:09:42 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-26 18:08:57 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-26 18:08:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-26 18:08:36 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-26 17:57:26 0 d-----w- c:\users\ahmed\Tracing
2009-10-26 17:53:16 0 d-----w- c:\program files\Microsoft
2009-10-26 17:52:57 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-26 17:52:08 0 d-----w- c:\windows\PCHEALTH
2009-10-26 17:48:30 0 d-----w- c:\program files\common files\Windows Live
2009-10-26 17:36:59 301568 ----a-w- c:\windows\system32\srchadmin.dll
2009-10-26 17:35:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-10-26 17:34:59 57344 ----a-w- c:\windows\system32\samlib.dll
2009-10-26 17:33:41 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-26 17:33:41 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-26 17:33:41 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-26 17:33:41 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-26 17:33:40 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-26 17:33:40 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-26 17:33:40 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-26 17:33:35 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-26 17:33:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-26 17:33:28 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-26 17:33:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-26 17:03:37 8747 ----a-w- c:\windows\system32\Config.MPF
2009-10-26 06:18:38 0 d-----w- c:\programdata\SiteAdvisor
2009-10-26 06:16:16 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-26 06:16:16 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-26 06:16:16 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-26 06:16:07 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-26 06:15:36 0 d-----w- c:\program files\common files\McAfee
2009-10-26 06:15:33 0 d-----w- c:\program files\McAfee.com
2009-10-26 06:15:29 0 d-----w- c:\program files\McAfee
2009-10-26 06:14:19 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-26 06:14:04 0 d-----w- c:\programdata\McAfee
2009-10-26 06:05:29 48 ---ha-w- c:\programdata\ezsidmv.dat
2009-10-26 06:03:57 0 d-----r- c:\program files\Skype
2009-10-26 06:03:44 0 d-----w- c:\programdata\Skype
2009-10-25 23:48:57 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-25 22:41:19 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2009-10-25 22:38:34 7062 ----a-w- c:\windows\system32\audiopid.vxd
2009-10-25 22:35:07 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-25 22:35:07 2873820 ------w- c:\windows\system32\Sens_oal.dll
2009-10-25 22:35:07 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-25 22:33:35 0 d-----w- c:\program files\common files\Creative Labs Shared
2009-10-25 22:32:53 0 d-----w- c:\program files\Creative
2009-10-25 18:15:19 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-25 18:13:27 0 d-----w- c:\programdata\Creative
2009-10-25 18:13:19 87 ---ha-r- c:\windows\ctfile.rfc
2009-10-25 18:13:19 73728 ----a-w- c:\windows\system32\CmdRtr.DLL
2009-10-25 18:13:19 148480 ----a-w- c:\windows\system32\APOMngr.DLL
2009-10-25 18:07:01 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-25 17:52:06 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-10-25 17:52:03 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2009-10-25 17:31:12 0 d-sh--w- c:\windows\Installer
2009-10-25 17:17:56 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-25 17:13:41 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-25 17:13:41 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-25 17:13:40 9728 ----a-w- c:\windows\system32\lsass.exe
2009-10-25 17:13:40 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-25 17:13:40 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-25 17:13:40 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-25 17:13:40 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-25 10:55:17 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-10-25 10:55:17 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-10-25 10:55:17 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-10-25 10:55:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-10-25 10:55:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-10-25 10:55:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-10-25 10:55:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-10-25 10:55:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-10-25 10:55:16 17920 ----a-w- c:\windows\system32\netevent.dll
2009-10-25 10:55:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-10-25 10:55:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-10-25 10:53:34 71680 ----a-w- c:\windows\system32\atl.dll
2009-10-25 10:53:28 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-25 10:53:27 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-25 10:53:08 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-10-25 10:53:02 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-10-25 10:53:02 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-10-25 10:53:02 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-10-25 10:51:59 623616 ----a-w- c:\windows\system32\localspl.dll
2009-10-25 10:51:56 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-10-25 10:51:43 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-10-25 10:50:38 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-10-25 10:50:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-25 10:50:37 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-25 10:50:37 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-10-25 10:50:37 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-25 10:50:36 43520 ----a-w- c:\windows\system32\msdxm.tlb
2009-10-25 10:50:36 18432 ----a-w- c:\windows\system32\amcompat.tlb
2009-10-25 10:50:27 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-10-25 10:50:26 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-25 10:50:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-25 10:49:57 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-10-25 10:49:53 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-25 10:49:50 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-25 10:49:46 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-25 10:43:22 0 d-----w- c:\windows\Panther
2009-10-25 10:15:59 0 d-----w- C:\Windows.old
2009-10-16 03:11:37 0 d-sh--w- C:\USMT.TMP

==================== Find3M ====================

2009-10-26 23:35:36 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-26 23:35:36 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-26 23:35:35 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-10-26 22:22:10 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-26 22:01:27 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-16 17:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 21:25:36 1183744 ----a-w- c:\windows\system32\drivers\athr.sys
2009-08-29 02:42:52 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-01-21 02:41:56 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 7:25:48.23 ===============

Edited by moza100, 27 October 2009 - 09:41 AM.


#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:48 PM

Posted 27 October 2009 - 10:57 AM

Hi,

The log looks quite good. Please let me know about remaining symptoms.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#8 moza100

moza100
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:seattle, wa
  • Local time:05:48 AM

Posted 27 October 2009 - 11:02 AM

Yes, I reinstalled windows. However, 1 day later I am hearing this bleeb and it slows down to halt as before installing window. Is it hardware problem?!

#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:48 PM

Posted 27 October 2009 - 11:05 AM

Nothing in logs indicate malware problem. If there're bleeping sounds coming out during bootup then it's possibly hardware issue. Might be worth posting at hardware related subforum here. Write specific description of the symptoms so they can better estimate what might be the problem.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#10 moza100

moza100
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:seattle, wa
  • Local time:05:48 AM

Posted 27 October 2009 - 11:12 AM

The sound is occurring during normal browsing, it did not happened the first day I installed window.. it start with slow movement of the mouse to halt at times combined with few bleep sound.

#11 moza100

moza100
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:seattle, wa
  • Local time:05:48 AM

Posted 27 October 2009 - 11:32 AM

It is hardware problem, i just discovered its the system sound for device connect/disconnect. Thanks.

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:48 PM

Posted 27 October 2009 - 11:41 AM

Thanks for the confirming. If you need help resolving it post in mentioned hardware subforum :(

I'll close this topic now.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users