Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista (64-bit) Infected With TrojanDownloader:Win32/Renos.JM


  • This topic is locked This topic is locked
2 replies to this topic

#1 chichiri6

chichiri6

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 09 November 2009 - 03:32 AM

Hi and thank you for reading into my problem! This would make my heart feel at ease if someone could help me out.

Windows Defender and Symantec Enpoint Protection both notified me of a trojan attack (TrojanDownloader:Win32/Renos.JM) and each time the notification would come up, I would hit "remove all" and Windows Defender would seemingly fix the problem, but the warning has come up 3 times now and I'm getting concerned that there may be other things happening on my laptop. I tried to follow the preparation guide to the best that 64-bit Vista would allow (RootRepeal doesn't work on 64-bit?)

Any help would gladly be accepted and appreciated!

Thank you so much!


DDS (Ver_09-10-26.01) - NTFSX64
Run by Joonyoung Hwang at 3:02:47.59 on Mon 11/09/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4030.1661 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Joonyoung Hwang\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files (x86)\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files (x86)\aim toolbar\aimtb.dll
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files (x86)\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files (x86)\aim toolbar\aimtb.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Aim6]
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files (x86)\pando networks\media booster\PMB.exe
uRun: [TurboNet] c:\users\joonyo~1\appdata\local\temp\a.exe
mRun: [QPService] "c:\program files (x86)\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UCam_Menu] "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [hpWirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files (x86)\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [<NO NAME>]
mRun: [HPUsageTracking] "c:\program files (x86)\hp\hp ut\bin\hppusg.exe" "c:\program files (x86)\hp\hp ut\"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
StartupFolder: c:\users\joonyo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\sdktra~1.lnk - c:\sun\sdk\jdk\bin\javaw.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files (x86)\air mouse\air mouse\Air Mouse.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files (x86)\aim toolbar\aimtb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
TB-X64: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
TB-X64: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} -
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc64.dll,nvsvcStart
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [HP Input Device Main Program] c:\program files\hp\hp wireless comfort mobile mouse\tsr\xDaemon.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\joonyo~1\appdata\roaming\mozilla\firefox\profiles\wn0829ao.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\joonyoung hwang\appdata\roaming\mozilla\firefox\profiles\wn0829ao.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-29 40464]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2008-5-6 292864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-16 132656]
R3 HpGmb001;USB Mobile Packet Filter Driver;c:\windows\system32\drivers\HpGmb001.sys [2009-10-14 14336]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-6-9 25424]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-14 61280]

=============== Created Last 30 ================

2009-11-09 07:52:27 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-09 07:52:10 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-09 07:48:41 0 d-----w- c:\program files (x86)\Trend Micro
2009-11-09 07:47:54 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-09 07:44:49 0 d-----w- c:\programdata\Lavasoft
2009-11-09 07:44:49 0 d-----w- c:\program files (x86)\Lavasoft
2009-11-09 07:18:25 162304 ----a-w- c:\windows\msa.exe
2009-11-09 07:05:04 0 ---ha-w- c:\windows\SwSys2.bmp
2009-11-09 07:05:04 0 ---ha-w- c:\windows\SwSys1.bmp
2009-11-09 07:04:21 0 d-----w- c:\program files (x86)\Game_Maker7
2009-11-07 18:15:52 24920 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-11-07 18:15:52 22360 ----a-w- c:\windows\syswow64\X3DAudio1_6.dll
2009-11-07 18:15:47 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-11-07 18:15:47 452440 ----a-w- c:\windows\syswow64\d3dx10_40.dll
2009-11-07 18:15:47 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-11-07 18:15:47 2036576 ----a-w- c:\windows\syswow64\D3DCompiler_40.dll
2009-11-07 18:15:39 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-11-07 18:15:39 4379984 ----a-w- c:\windows\syswow64\D3DX9_40.dll
2009-11-07 18:09:21 0 d-----w- c:\windows\syswow64\AGEIA
2009-11-07 05:57:18 520544 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-11-07 05:57:18 453456 ----a-w- c:\windows\syswow64\d3dx10_41.dll
2009-11-07 05:57:18 2430312 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-11-07 05:57:18 1846632 ----a-w- c:\windows\syswow64\D3DCompiler_41.dll
2009-11-07 05:57:15 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-11-07 05:57:15 4178264 ----a-w- c:\windows\syswow64\D3DX9_41.dll
2009-11-07 05:56:56 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-11-07 05:56:56 69448 ----a-w- c:\windows\syswow64\XAPOFX1_3.dll
2009-11-07 05:56:56 521560 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-11-07 05:56:56 517448 ----a-w- c:\windows\syswow64\XAudio2_4.dll
2009-11-07 05:56:31 235352 ----a-w- c:\windows\syswow64\xactengine3_4.dll
2009-11-07 05:56:31 174936 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-11-06 03:59:16 156 ----a-w- c:\users\joonyoung hwang\.bashrc
2009-11-05 14:47:06 0 ----a-w- C:\t134.1
2009-11-05 05:56:42 0 d-----w- C:\cygwin
2009-11-04 17:35:11 3584000 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-04 00:03:25 0 d-----w- c:\program files (x86)\DOSBox-0.73
2009-11-03 16:28:59 0 d-----w- c:\program files\iPod
2009-11-03 16:28:56 0 d-----w- c:\program files\iTunes
2009-11-03 16:28:56 0 d-----w- c:\program files (x86)\iTunes
2009-11-02 19:04:47 0 d-----w- c:\program files (x86)\Air Mouse
2009-11-02 03:51:47 716800 ----a-w- c:\windows\iun6002.exe
2009-11-02 03:51:14 0 d-----w- c:\program files (x86)\MDSolids35
2009-10-27 20:10:56 372736 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 20:10:56 310784 ----a-w- c:\windows\syswow64\unregmp2.exe
2009-10-27 20:10:54 10624000 ----a-w- c:\windows\syswow64\wmp.dll
2009-10-27 20:10:52 8147456 ----a-w- c:\windows\syswow64\wmploc.DLL
2009-10-27 20:10:51 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 01:57:37 0 d-----w- c:\users\joonyo~1\appdata\roaming\NeopleLauncherDFO
2009-10-25 19:27:04 0 d-----w- c:\programdata\NexonUS
2009-10-22 18:14:09 0 d-----w- c:\program files\7-Zip
2009-10-20 15:20:50 0 ----a-w- C:\t12s.1
2009-10-18 16:36:31 0 d-----w- c:\programdata\2DBoy
2009-10-18 16:35:13 0 d-----w- c:\program files (x86)\WorldOfGoo
2009-10-18 14:53:07 0 ----a-w- C:\t13c.1
2009-10-15 19:36:42 0 d-----w- c:\users\joonyo~1\appdata\roaming\REAPER
2009-10-15 19:36:42 0 d-----w- c:\program files (x86)\REAPER
2009-10-15 19:36:02 0 d-----w- c:\program files\REAPER (x64)
2009-10-14 16:50:23 14336 ----a-w- c:\windows\system32\drivers\HpGmb001.sys
2009-10-14 16:50:20 0 d-----w- c:\program files\HP
2009-10-14 07:43:28 0 ----a-w- C:\t12o.1
2009-10-14 03:57:56 4691016 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 03:57:20 558592 ----a-w- c:\windows\system32\EncDec.dll
2009-10-14 03:57:20 289792 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-14 03:57:19 428544 ----a-w- c:\windows\syswow64\EncDec.dll
2009-10-14 03:57:18 217088 ----a-w- c:\windows\syswow64\psisrndr.ax
2009-10-14 03:57:16 375808 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-14 03:57:15 227328 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-14 03:57:14 293376 ----a-w- c:\windows\syswow64\psisdecd.dll
2009-10-14 03:57:14 177664 ----a-w- c:\windows\syswow64\mpg2splt.ax
2009-10-14 03:57:14 101376 ----a-w- c:\windows\system32\MSNP.ax
2009-10-14 03:57:13 80896 ----a-w- c:\windows\syswow64\MSNP.ax
2009-10-14 03:56:53 604672 ----a-w- c:\windows\syswow64\WMSPDMOD.DLL
2009-10-14 03:56:52 818688 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 03:56:27 268800 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 03:56:27 213504 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-10-14 03:54:42 174592 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 03:54:36 82944 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 03:54:36 61440 ----a-w- c:\windows\syswow64\msasn1.dll

==================== Find3M ====================

2009-11-07 18:46:30 28285 ----a-w- c:\users\joonyo~1\appdata\roaming\nvModes.dat
2009-11-03 01:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-14 16:53:28 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-14 16:53:28 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-14 16:53:24 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-16 18:40:08 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2009-09-16 18:40:08 172080 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2009-09-16 18:40:08 10583 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2009-08-28 23:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 12:51:05 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 12:39:07 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2009-08-28 10:39:32 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 10:15:30 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2009-08-27 13:47:55 1032704 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:43:42 86528 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:32:41 833024 ----a-w- c:\windows\syswow64\wininet.dll
2009-08-27 13:32:28 1174528 ----a-w- c:\windows\syswow64\urlmon.dll
2009-08-27 13:31:28 146432 ----a-w- c:\windows\syswow64\occache.dll
2009-08-27 13:30:22 671232 ----a-w- c:\windows\syswow64\mstime.dll
2009-08-27 13:30:11 458240 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-08-27 13:29:41 28160 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-08-27 13:29:28 270848 ----a-w- c:\windows\syswow64\iertutil.dll
2009-08-27 13:29:27 6069248 ----a-w- c:\windows\syswow64\ieframe.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2009-08-27 13:29:25 389120 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-08-27 13:29:25 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2009-08-27 13:29:25 230400 ----a-w- c:\windows\syswow64\ieaksie.dll
2009-08-27 11:27:09 32768 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 10:58:58 26624 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-08-18 03:33:52 1193832 ----a-w- c:\windows\syswow64\FM20.DLL
2009-08-14 17:29:27 141312 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 17:29:26 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29:41 17920 ----a-w- c:\windows\syswow64\netevent.dll
2009-08-14 16:29:41 104960 ----a-w- c:\windows\syswow64\netiohlp.dll
2009-08-14 15:13:04 10752 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:13:02 21504 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 15:13:01 12800 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 15:12:59 32256 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:12:59 23040 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 15:12:58 10240 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 15:12:57 11264 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:16:55 9728 ----a-w- c:\windows\syswow64\TCPSVCS.EXE
2009-08-14 14:16:55 17920 ----a-w- c:\windows\syswow64\ROUTE.EXE
2009-08-14 14:16:52 11264 ----a-w- c:\windows\syswow64\MRINFO.EXE
2009-08-14 14:16:51 27136 ----a-w- c:\windows\syswow64\NETSTAT.EXE
2009-08-14 14:16:50 19968 ----a-w- c:\windows\syswow64\ARP.EXE
2009-08-14 14:16:49 8704 ----a-w- c:\windows\syswow64\HOSTNAME.EXE
2009-08-14 14:16:49 10240 ----a-w- c:\windows\syswow64\finger.exe
2008-07-13 00:07:03 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-07-12 22:18:47 22 --sha-w- c:\windows\sminst\HPCD.SYS
2006-05-03 09:06:54 163328 --sh--r- c:\windows\syswow64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\syswow64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\syswow64\nbDX.dll

============= FINISH: 3:06:35.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:28 PM

Posted 15 November 2009 - 05:36 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

We need to create an OTL Report
  • Please download OTL By OldTimer
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized

Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:28 PM

Posted 18 November 2009 - 07:13 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users