Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan: Crypt/XPACK/Gen


  • This topic is locked This topic is locked
2 replies to this topic

#1 melm

melm

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 15 December 2009 - 03:09 PM

Avira Antivirus picked up the Trojan Crypt/XPACK/Gen on my HP, (with Vista OS). Attempted cleaning with Avira, but comes back with new scan. MalwareBytes did not pick it up. ESET online scanner did not pick it up. Until recently I had Trend Micro Internet Security on this laptop, and it failed to detect it. I also have IObit Security 360, which I am trying out, as well as a-squared trial version of their anti-malware.

I deleted the files containing the original location of the Trojan. Now it is Avira reports:

Begin scan in 'C:\'
C:\WINDOWS\System32\SsiEfr.exe
[WARNING] The file could not be opened!
C:\WINDOWS\System32\wrLZMA.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\WINDOWS\System32\wrLZMA.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4b73d4b8.qua'!

Attached are the log files.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Hewlrtt Packard at 14:32:29.56 on Tue 12/15/2009
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1761 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Hewlrtt Packard\Desktop\dds.scr
C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
uRun: [HPAdvisor] "c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe" view=DOCKVIEW,SYSTRAY
uRun: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast!] "c:\progra~1\alwils~1\avast4\ashDisp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"
mRun: [WAWifiMessage] "c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe"
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [OnScreenDisplay] "c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe"
mRun: [QlbCtrl] "%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_17.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
AppInit_DLLs: c:\windows\system32\guard32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\hewlrt~1\appdata\roaming\mozilla\firefox\profiles\p9jqiu57.default\
FF - prefs.js: browser.startup.homepage - hxxp://myaccount.wildblue.net:8180/wbisp/wildblue.net/sso/index.jsp?SAMLRequest=fVLJTsMwEL0j8Q%2BW79kQILCaVAWEqMQS0cCBm%2BtMErdegsdp4O9JU9YDvT6%2Fect4JtM3rcgGHEprUpqEMSVghC2lqVP6VFwHZ3SaHR5MkGvVslnnG%2FMIrx2gJ8OkQTY%2BpLRzhlmOEpnhGpB5wRazu1t2FMasddZbYRUl86uUrpVZ11zbugIpmsqu1m1b15qv%2BKqxZbVcCt00pdaUPH%2FFOtrGmiN2MDfoufEDFMfnQZIE8XERn7DklCXHL5Tkn04X0uwa7Iu13JGQ3RRFHuQPi2IU2MgS3P3ATmltba0gFFZv7XOOKDcD7F0HlMwQwfkh36U12GlwC3AbKeDp8Taljfctsijq%2Bz78UYl41EtVLlUHoQEfcYE0G1fLxnbu1073Z%2Bdf5jT7kZ9Ev6Syzy%2FbNplf5VZJ8U5mStn%2B0gH33zWurdPc%2F%2B%2BWhMmIyDKoRirrDLYgZCWhpCTKdq5%2Fb2O4mA8%3D&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fwildblue.net%2FServiceLogin%3Fcontinue%3Dhttp%253A%252F%252Fpartnerpage.google.com%252Fwildblue.net%252Fdefault%252Fpostlogin%253Fpid%253Dwildblue.net%2526url%253Dhttp%253A%252F%252Fpartnerpage.google.com%252Fwildblue.net%26followup%3Dhttp%253A%252F%252Fpartnerpage.google.com%252Fwildblue.net%252Fdefault%252Fpostlogin%253Fpid%253Dwildblue.net%2526url%253Dhttp%253A%252F%252Fpartnerpage.google.com%252Fwildblue.net%26service%3Dig%26passive%3Dtrue%26cd%3DUS%26hl%3Den%26nui%3D1%26ltmpl%3Ddefault%26go%3Dtrue%26passive_sso%3Dtrue
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-7 114768]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-14 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-12-8 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-12-8 29520]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-7 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-7 53328]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-14 56816]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-4 19160]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2009-11-20 206608]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-11 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-11 8456]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2009-11-20 206608]

=============== Created Last 30 ================

2009-12-15 15:19:48 0 d-----w- c:\programdata\Apple Computer
2009-12-15 15:19:44 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-12-15 15:19:44 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-12-15 15:19:34 0 d-----w- c:\program files\QuickTime Alternative
2009-12-15 00:52:12 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-15 00:51:49 0 d-----w- c:\programdata\Avira
2009-12-15 00:51:49 0 d-----w- c:\program files\Avira
2009-12-14 19:03:46 0 d-----w- c:\program files\a-squared Anti-Malware
2009-12-13 20:21:00 0 d-----w- c:\programdata\Sony Corporation
2009-12-12 15:29:12 0 d-----w- c:\programdata\IObit
2009-12-12 15:24:03 524288 --sha-w- c:\users\hewlrtt packard\NTUSER.DAT{66f9113b-e72e-11de-921c-001e68545922}.TMContainer00000000000000000002.regtrans-ms
2009-12-12 15:24:03 524288 --sha-w- c:\users\hewlrtt packard\NTUSER.DAT{66f9113b-e72e-11de-921c-001e68545922}.TMContainer00000000000000000001.regtrans-ms
2009-12-12 15:24:02 65536 --sha-w- c:\users\hewlrtt packard\NTUSER.DAT{66f9113b-e72e-11de-921c-001e68545922}.TM.blf
2009-12-12 15:04:53 0 d-----w- c:\users\hewlrt~1\appdata\roaming\GlarySoft
2009-12-12 15:02:35 0 d-----w- c:\program files\Glary Utilities
2009-12-12 08:02:04 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 08:01:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 08:01:33 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 01:35:53 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-12-12 01:35:52 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2009-12-12 01:35:52 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2009-12-12 01:35:52 1669120 ----a-w- c:\windows\system32\BootMan.exe
2009-12-12 01:35:52 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2009-12-12 01:35:18 0 d-----w- c:\program files\EASEUS
2009-12-12 01:27:44 65536 --sha-w- c:\users\hewlrtt packard\NTUSER.DAT{6619a46a-e6a0-11de-a9eb-001e68545922}.TM.blf
2009-12-12 01:27:44 524288 --sha-w- c:\users\hewlrtt packard\NTUSER.DAT{6619a46a-e6a0-11de-a9eb-001e68545922}.TMContainer00000000000000000002.regtrans-ms
2009-12-12 01:27:44 524288 --sha-w- c:\users\hewlrtt packard\NTUSER.DAT{6619a46a-e6a0-11de-a9eb-001e68545922}.TMContainer00000000000000000001.regtrans-ms
2009-12-12 01:24:52 0 ---ha-w- c:\users\hewlrtt packard\NTUSER.tmp.LOG2
2009-12-12 01:24:52 0 ---ha-w- c:\users\hewlrtt packard\NTUSER.tmp.LOG1
2009-12-12 01:22:41 0 d-----w- c:\program files\NT Registry Optimizer
2009-12-12 01:14:53 0 d-----w- c:\users\hewlrt~1\appdata\roaming\Auslogics
2009-12-12 01:14:36 0 d-----w- c:\program files\Auslogics
2009-12-11 21:56:29 15360 ----a-w- c:\windows\system32\wsock32.dlb
2009-12-11 21:56:20 205560 ----a-w- c:\windows\UNBOC.EXE
2009-12-11 21:56:19 212728 ----a-w- c:\windows\CMDLIC.DLL
2009-12-11 21:54:07 0 d-----w- c:\program files\Defraggler
2009-12-09 22:25:25 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 22:08:54 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 08:10:22 266000 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-12-08 07:53:09 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-12-08 07:53:09 171552 ----a-w- c:\windows\system32\guard32.dll
2009-12-08 07:53:09 128376 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-12-08 06:25:30 0 dc-h--w- c:\programdata\{DE032019-B933-4DF4-9174-48C52613DA13}
2009-12-08 04:35:12 0 d-----w- c:\users\hewlrt~1\appdata\roaming\Comodo
2009-12-08 04:35:12 0 d-----w- c:\programdata\comodo
2009-12-08 04:35:11 0 d-----w- c:\program files\COMODO
2009-12-08 04:23:38 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-12-08 04:11:35 0 d-----w- c:\program files\Wise Registry Cleaner
2009-12-04 04:19:25 117760 ----a-w- c:\windows\system32\hpzll4v2.dll
2009-12-04 04:07:35 0 d-----w- c:\users\hewlrtt packard\{85a626fc-80d4-4cd7-ae88-0850735f4f06}
2009-12-04 04:05:16 675840 ----a-w- c:\windows\system32\hpowiax4.dll
2009-12-04 04:05:16 569344 ----a-w- c:\windows\system32\hpotscl4.dll
2009-12-04 04:05:16 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2009-12-04 04:05:16 309760 ----a-w- c:\windows\system32\difxapi.dll
2009-12-04 04:05:16 294912 ----a-w- c:\windows\system32\hpovst11.dll
2009-12-04 03:51:23 54156 ---ha-w- c:\windows\QTFont.qfn
2009-12-04 03:51:23 1409 ----a-w- c:\windows\QTFont.for
2009-12-01 17:04:16 0 d-----w- c:\program files\Myst III Exile
2009-12-01 00:54:32 0 d-----w- c:\program files\Riven
2009-11-25 11:38:51 0 d-----w- c:\program files\Windows Portable Devices
2009-11-25 11:38:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-25 07:25:32 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 07:23:28 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-25 07:22:09 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-25 07:22:07 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-25 07:22:07 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-25 01:32:20 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 01:32:19 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 01:30:27 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-24 04:39:08 0 d-----w- c:\windows\system32\eu-ES
2009-11-24 04:39:08 0 d-----w- c:\windows\system32\ca-ES
2009-11-24 04:39:07 0 d-----w- c:\windows\system32\vi-VN
2009-11-24 04:30:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-11-24 03:18:32 0 d-----w- c:\windows\system32\EventProviders
2009-11-24 02:35:59 1216000 ----a-w- c:\windows\system32\AuxiliaryDisplayCpl.dll
2009-11-24 02:34:59 54784 ----a-w- c:\windows\system32\DevicePairingProxy.dll
2009-11-24 02:33:59 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-11-24 02:32:48 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-11-20 08:12:12 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2009-11-20 07:34:39 0 d-----w- c:\program files\log
2009-11-20 02:36:47 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-20 02:34:54 355328 ----a-w- c:\windows\system32\WSDApi.dll

==================== Find3M ====================

2009-12-15 19:23:46 28789 ----a-w- c:\programdata\nvModes.dat
2009-12-08 07:55:32 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-08 07:55:32 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-08 07:55:30 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 11:38:47 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-24 04:17:20 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-06 20:19:42 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-06 17:00:36 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 17:00:36 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 17:00:34 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-11-06 03:00:57 2107287 ----a-w- c:\windows\system32\Blue Thunder.exe
2009-11-06 03:00:55 2107192 ----a-w- c:\windows\system32\Blue Thunder.scr
2009-11-05 09:59:28 17621504 ----a-w- c:\windows\system32\imageres.dll
2009-11-05 09:53:00 3382105 ----a-w- c:\windows\system32\OCEAN STORM.scr
2009-11-05 09:52:58 3382818 ----a-w- c:\windows\system32\OCEAN STORM 2.scr
2009-11-05 02:22:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-04 10:17:02 160272 ----a-w- c:\windows\system32\drivers\tmcomm_bak.sys
2009-11-04 06:03:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-11-04 05:09:18 645320 ----a-w- c:\program files\WildBlue.exe
2009-11-04 04:30:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-04 04:08:16 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv9700 Notebook PC_Y5335KV_0U_QCNF8157LSW_E480576-003_4A_I30D1_SQuanta_V85.26_F.32_T090303_WV3-1_L409_M3007_J160_7AMD_8F82_92.10_#091103_N14E44312;10DE054C_(KN879UA#ABA)_XMOBILE_CN10_Z.MRK
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-21 00:36:43 22 --sha-w- c:\windows\sminst\HPCD.SYS

============= FINISH: 14:35:32.64 ===============

Thanks in advance. Melissa

Attached Files



BC AdBot (Login to Remove)

 


#2 melm

melm
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 21 December 2009 - 09:17 PM

Received Help at MajorGeeks. Issues resolved. Avira anit-virus views SpySweeper files as trojans. THX

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,960 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:00 AM

Posted 21 December 2009 - 10:53 PM

Hello

Thank you for letting us know. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users