Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Infections - \windows\batmeter16.dll


  • This topic is locked This topic is locked
2 replies to this topic

#1 E.Skinner

E.Skinner

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 19 October 2009 - 03:09 PM

I was asked by a relative to check into why her computer was running slowly, primary symptom was web browser pages were taking 10-15 minutes to render. The computer was running McAfee Internet Security product. I verified that the signature files were updated, and ran the most detailed scan available. Results were clean. Suspicious, I ran a deep scan using Avast Aniti-Virus from my U3 USB drive, and identified a bunch of malware hiding in files that appeared to be in directories create by some of the manufacturer's bloat ware (games and screen savers). Avast had its way with all of the files, either deleting them or quarentine. I then deinstalled (from the Windows Control Pannel) all of the products that were not being used. I rescanned using Avast again and came out clean. I updated all of the computer drivers and software relevant to the HP/Compaq laptop model, then updated with the available MicroSoft OS patches (applied SP3 and IE8 as the computer had not been updated since SP2). The updates that checked for malware did not report any errors or infections. I rescanned with Avast, and then again with McAfee, verified clean scans. The browser slowness continued, and started experiencing network timeouts.

The computer also had the unusual behavior of displaying a file window at startup c:\program files\common\ with a file named helper.sig. I searched for a registry entry matching with the directory and/or file name. Not there. Checked the startup folders, not there either. Hmm. I manually deleted the file and the directory, but, it continued to appear at startup.

I unistalled McAfee, and installed Kaspersky Internet Security 2010. The initial scan identified and removed two malware BHOs and another file threat in a program library. After the install completed and the signature files were updated, I performed a deep file scan and object scan to confirm clean results. The slow browser response and network timeouts continued.

I installed a copy of Malwarebytes Anti-Malware. It identified and removed yet another BHO and a rogue library. Sheesh. Where are all these infections coming from? A run from HijackThis identified several suspicious null entries, and a Run entry that pointed to \windows\batmeter16.dll.

The browser slowness problem and network timeouts continue, but now Kaspersky is finding and deleting the file \windows\batmeter16.dll and \System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP2\A0000573.dll approximately every six hours, and figure this, shutting down Kaspersky.

Sorry that I have already taken some steps myself -- I had not found this forum and the instructions until today.

Any help you can provide will be gratefully accepted.

Here are the files:


DDS (Ver_09-10-13.01) - NTFSx86
Run by AE Stevenson at 13:06:13.82 on Mon 10/19/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.84 [GMT -4:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\AOL\1255825348\ee\AOLSoftware.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\AE Stevenson\My Documents\Downloads\DDS Script\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ipchicken.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [<NO NAME>]
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimage\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HostManager] c:\program files\common files\aol\1255825348\ee\AOLSoftware.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-15 269648]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-10-12 598856]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-15 19160]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-10-17 193840]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]

=============== Created Last 30 ================

2009-10-18 19:11 <DIR> --d----- c:\docume~1\aestev~1\applic~1\HpUpdate
2009-10-17 20:24 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-10-17 20:22 <DIR> --d----- c:\program files\common files\aolshare
2009-10-17 20:22 <DIR> --d----- c:\program files\AOL 9.5
2009-10-17 20:16 0 a------- c:\docume~1\aestev~1\applic~1\wklnhst.dat
2009-10-17 19:58 <DIR> --d----- c:\windows\system32\Adobe
2009-10-17 19:41 73,728 a------- c:\windows\system32\javacpl.cpl
2009-10-17 18:06 873,374 a------- c:\windows\system32\oem79.inf
2009-10-17 17:26 90,112 a------- c:\windows\system32\hpqnt.dll
2009-10-17 17:26 45,056 a------- c:\windows\system32\hpBat.cpl
2009-10-17 17:24 <DIR> --d----- c:\program files\NetWaiting
2009-10-17 17:16 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-10-17 17:15 16,768 a------- c:\windows\system32\drivers\HpqKbFiltr.sys
2009-10-17 17:15 1,560,576 a------- c:\windows\system32\BttnCmns_64.dll
2009-10-17 17:15 1,560,576 a------- c:\windows\system32\BttnCmns.dll
2009-10-17 16:55 <DIR> --d----- c:\windows\tiinst
2009-10-17 16:07 <DIR> --d----- c:\program files\SP37159
2009-10-17 15:20 2 a------- c:\windows\msoffice.ini
2009-10-16 18:16 <DIR> --d----- c:\program files\Trend Micro
2009-10-15 21:50 <DIR> --d----- c:\docume~1\aestev~1\applic~1\Malwarebytes
2009-10-15 21:49 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-15 21:49 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-15 21:49 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-15 21:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-15 08:17 <DIR> --dsh--- c:\documents and settings\ae stevenson\IECompatCache
2009-10-14 20:17 604,140 a--sh--- c:\windows\system32\drivers\ISwift3.dat
2009-10-14 20:13 108,059 a------- c:\windows\system32\drivers\klin.dat
2009-10-14 20:13 95,259 a------- c:\windows\system32\drivers\klick.dat
2009-10-14 20:12 <DIR> --d----- c:\program files\Kaspersky Lab
2009-10-14 20:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-10-14 20:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-10-14 04:17 <DIR> --d----- c:\windows\system32\scripting
2009-10-14 04:16 <DIR> --d----- c:\windows\l2schemas
2009-10-14 04:16 <DIR> --d----- c:\windows\system32\en
2009-10-14 04:16 <DIR> --d----- c:\windows\system32\bits
2009-10-14 04:07 <DIR> --d----- c:\windows\EHome
2009-10-14 03:01 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-10-14 02:52 <DIR> --dsh--- c:\documents and settings\ae stevenson\PrivacIE
2009-10-14 02:46 <DIR> --dsh--- c:\documents and settings\ae stevenson\IETldCache
2009-10-14 02:35 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-10-14 02:35 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-10-14 02:35 <DIR> --d----- c:\windows\ie8updates
2009-10-14 02:35 100,352 -------- c:\windows\system32\dllcache\iecompat.dll
2009-10-14 02:34 <DIR> -cd-h--- c:\windows\ie8
2009-10-14 01:54 <DIR> --d----- c:\windows\ServicePackFiles
2009-10-14 01:46 <DIR> --d----- c:\windows\system32\XPSViewer
2009-10-14 01:45 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-14 01:45 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-10-14 01:45 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-14 01:45 117,760 -------- c:\windows\system32\prntvpt.dll
2009-10-14 01:45 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-14 01:45 <DIR> --d----- C:\8254ed55afb5e8c45249b3
2009-10-14 01:45 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-10-14 01:45 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-14 01:45 <DIR> --d----- c:\windows\SxsCaPendDel
2009-10-14 01:38 <DIR> --d----- c:\program files\MSXML 6.0
2009-10-14 00:12 873,134 a------- c:\windows\system32\oem85.inf
2009-10-14 00:12 87,280 a------- c:\windows\system32\bcmwlcoi.dll
2009-10-14 00:12 <DIR> --d----- c:\program files\Broadcom
2009-10-13 23:41 155,648 a------- c:\windows\system32\igfxres.dll
2009-10-13 23:35 1,902 -------- c:\windows\system32\SetupBD.din
2009-10-13 23:10 1,109,568 a------- c:\windows\system32\drivers\igxpmp32.sys
2009-10-13 23:10 48,128 a------- c:\windows\system32\igxprd32.dll
2009-10-13 23:10 1,304,320 a------- c:\windows\system32\igxpdv32.dll
2009-10-13 23:10 140,288 a------- c:\windows\system32\igxpgd32.dll
2009-10-13 23:10 2,076,160 a------- c:\windows\system32\igxpdx32.dll
2009-10-13 23:10 309,760 a------- c:\windows\system32\difx32.dll
2009-10-13 23:10 192,512 a------- c:\windows\system32\igfxCoIn_v4670.dll
2009-10-13 23:10 309,760 a------- c:\windows\system32\difxapi.dll
2009-10-13 23:10 121,232 a------- c:\windows\system32\IScrNBR.bmp
2009-10-13 23:10 121,232 a------- c:\windows\system32\IScrNB.bmp
2009-10-13 23:10 <DIR> --d----- c:\windows\system32\Lang
2009-10-13 23:10 397,312 a------- c:\windows\system32\igxpun.exe
2009-10-13 22:35 <DIR> --d----- C:\W30A5F24
2009-10-13 22:35 <DIR> --d----- c:\program files\Update
2009-10-13 22:33 <DIR> --d----- c:\program files\TIVistadriver
2009-10-13 21:21 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-10-13 21:20 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-10-13 21:19 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-10-13 21:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-10-13 21:18 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-10-13 21:18 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-10-13 21:18 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-10-13 19:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2009-10-12 21:07 <DIR> --d-h--- c:\windows\PIF
2009-10-12 20:31 <DIR> --d----- c:\program files\Nero
2009-10-12 20:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-10-12 20:00 249,152 a------- c:\windows\system32\drivers\timntr.sys
2009-10-12 20:00 30,688 a------- c:\windows\system32\drivers\tifsfilt.sys
2009-10-12 20:00 96,320 a------- c:\windows\system32\drivers\snapman.sys
2009-10-12 02:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-10-12 02:06 <DIR> --d----- c:\docume~1\aestev~1\applic~1\Webroot
2009-10-12 02:06 <DIR> --d----- c:\program files\Webroot
2009-10-12 02:06 <DIR> --d----- c:\program files\common files\Webroot Shared
2009-10-12 02:05 194,888 a------- c:\windows\Unwash6.exe
2009-10-09 21:50 <DIR> --d----- c:\program files\Shared
2009-10-09 18:04 348,160 a------- c:\windows\system32\msvcr71.dll
2009-09-30 16:34 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-10-17 19:40 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-14 04:21 86,939 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-10-09 18:04 499,712 a------- c:\windows\system32\msvcp71.dll
2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 10:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 17:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-31 16:51 103,216 a------- c:\windows\system32\AOLDial.dll
2009-08-31 16:51 33,400 a------- c:\windows\system32\drivers\atwpkt264.sys
2009-08-31 16:51 24,368 a------- c:\windows\system32\drivers\atwpkt2.sys
2009-08-29 04:08 916,480 a------- c:\windows\system32\wininet.dll
2009-08-29 04:08 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-08-29 04:08 916,480 -------- c:\windows\system32\dllcache\wininet.dll
2009-08-29 04:08 5,940,224 -------- c:\windows\system32\dllcache\mshtml.dll
2009-08-29 04:08 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-08-29 04:08 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-08-29 04:08 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-08-29 04:08 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-29 04:08 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-08-29 04:08 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-08-29 04:08 11,069,440 -------- c:\windows\system32\dllcache\ieframe.dll
2009-08-29 04:08 387,584 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-08-29 03:36 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-08-29 03:36 78,336 -------- c:\windows\system32\ieencode.dll
2009-08-29 03:36 78,336 -------- c:\windows\system32\dllcache\ieencode.dll
2009-08-28 06:35 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 06:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 04:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 11:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 10:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 10:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 10:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-29 00:37 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-29 00:37 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2008-03-30 20:46 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-09-04 15:08 22 a--sh--- c:\windows\sminst\HPCD.sys
2009-04-20 22:15 16,384 a--sh--- c:\windows\system32\config\systemprofile\temporary internet files\content.ie5\index.dat

============= FINISH: 13:07:49.45 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 E.Skinner

E.Skinner
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 22 October 2009 - 06:59 PM

I have surrendered. There is no chance I can trust this computer after having so much malware installed. I am zeroing the HD and loading OS from scratch.

Thank you to anyone who has read my post and considered solutions.

I do not have any idea as to the source of the malware, as the computer was owned by my Father-in-law, who who passed away last year (no way to figure out what sites he might have visited, or files downloaded).

Good luck, all. Thanks for the great tools!

Ed

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,942 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:13 AM

Posted 23 October 2009 - 07:04 PM

Thank you for letting us know. Sometimes the best and quickest solution is to reformat and reinstall.

Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users