Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrojanDownloader:Win32/Renos.JM


  • This topic is locked This topic is locked
2 replies to this topic

#1 Jennyw88

Jennyw88

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 19 November 2009 - 07:56 PM

i thought i was downloading a video codec, instead i got a high level one "TrojanDownloader:Win32/Renos.JM"

heres my DDs log and RootRepeal logs, any help will be hugely appreciated

Edit: ok, sorry i didnt put the dds log properly in here as it should, ive got M.E. and in my defence it was early in the morning.



DDS (Ver_09-10-26.01) - NTFSx86
Run by Jenny at 23:13:43.94 on 19/11/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.3000.914 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Jenny\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\defrag.exe
C:\Windows\system32\DfrgNtfs.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Jenny\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1009&m=aspire_5735
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1009&m=aspire_5735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1009&m=aspire_5735
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [<NO NAME>]
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SSHNAS] rundll32.exe c:\windows\system32\sshnas.dll,DllWork
uRun: [MailBlocker] c:\users\jenny\appdata\local\temp\j.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eRecoveryService]
mRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jenny\appdata\roaming\mozilla\firefox\profiles\mcg5hr2k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-8 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-8 108552]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]

=============== Created Last 30 ================

2009-11-19 23:07:27 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-19 23:06:16 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-19 23:06:15 0 d-----w- c:\users\jenny\appdata\roaming\SUPERAntiSpyware.com
2009-11-19 23:05:14 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-19 22:56:15 178176 ----a-w- c:\windows\msb.exe
2009-11-19 22:23:47 178176 ----a-w- c:\windows\msa.exe
2009-11-14 17:09:29 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-14 17:07:44 0 d-----r- c:\program files\Skype
2009-11-14 17:07:38 0 d-----w- c:\programdata\Skype
2009-11-11 14:00:06 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 14:00:00 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 15:51:27 0 d--h--w- C:\$AVG8.VAULT$
2009-11-04 09:58:56 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-02 23:40:04 0 d-----w- c:\programdata\Last.fm
2009-11-02 23:39:27 0 d-----w- c:\program files\Last.fm
2009-11-02 22:53:44 180224 ----a-w- c:\windows\system32\ac3filter.cpl
2009-11-02 22:53:43 0 d-----w- c:\program files\AC3Filter
2009-10-28 13:00:42 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 13:00:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 11:46:37 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 11:46:22 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 11:46:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-27 11:46:14 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-23 15:25:26 0 d-----w- c:\users\jenny\Option
2009-10-23 00:53:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-20 23:50:49 0 d-sh--w- c:\users\jenny\Phone Browser

==================== Find3M ====================

2009-11-19 17:42:09 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-11-19 17:42:09 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-15 06:17:06 182 ----a-w- c:\users\jenny\appdata\roaming\wklnhst.dat
2009-10-13 15:33:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-10-13 15:32:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-13 15:31:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-10-13 15:30:30 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-09 00:33:36 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-10-09 00:32:30 738304 ----a-w- c:\windows\system32\inetcomm.dll
2009-10-09 00:32:14 269312 ----a-w- c:\windows\system32\es.dll
2009-10-09 00:30:06 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-10-09 00:30:06 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-10-09 00:29:50 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-10-09 00:29:50 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-10-09 00:29:50 155648 ----a-w- c:\windows\system32\wscript.exe
2009-10-09 00:29:50 135168 ----a-w- c:\windows\system32\cscript.exe
2009-10-09 00:29:49 90112 ----a-w- c:\windows\system32\wshext.dll
2009-10-09 00:29:49 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-10-09 00:28:50 885248 ----a-w- c:\windows\system32\RacEngn.dll
2009-10-09 00:28:39 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-10-09 00:28:28 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-09 00:28:17 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-10-09 00:26:59 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-09 00:26:59 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-09 00:26:45 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-10-09 00:25:01 988216 ----a-w- c:\windows\system32\winload.exe
2009-10-09 00:25:01 927288 ----a-w- c:\windows\system32\winresume.exe
2009-10-09 00:25:01 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-10-09 00:25:01 615992 ----a-w- c:\windows\system32\ci.dll
2009-10-09 00:25:01 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2009-10-09 00:25:01 40960 ----a-w- c:\windows\system32\srclient.dll
2009-10-09 00:25:01 378368 ----a-w- c:\windows\system32\srcore.dll
2009-10-09 00:25:01 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-10-09 00:25:01 19000 ----a-w- c:\windows\system32\kd1394.dll
2009-10-09 00:25:01 14848 ----a-w- c:\windows\system32\srdelayed.exe
2009-10-09 00:23:50 28728 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-10-09 00:23:50 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-08 23:42:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-10-08 16:58:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-08 16:58:27 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-08 16:58:17 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-08 15:58:35 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-10-08 15:58:28 315392 ----a-w- c:\windows\HideWin.exe
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-10 17:30:12 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 12:24:34 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 18:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32:41 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:16:15.07 ===============

Attached Files


Edited by Jennyw88, 20 November 2009 - 10:41 AM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:48 AM

Posted 27 November 2009 - 01:06 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:48 AM

Posted 04 December 2009 - 06:54 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users