Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

((( notepad.dll & ntload.dll ?? )))


  • This topic is locked This topic is locked
2 replies to this topic

#1 jbraden37

jbraden37

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 23 December 2009 - 10:17 AM

My computer is a new desktop PC (Maybe 6 months old). I have many security stuff on it (Listed Below).

Here is my problem: I'm having notifications showing up about every 8 seconds of something called "notepad.dll"
and it is said to be located at: C:\Windows\SysWOW64\

I also seem to be having something called "ntload.dll" showing up too. But the "notepad.dll" seems to be
the real bugger here!

My Firefox browser also seems to be crashing A LOT as well now!!!!! (Version 3.5.5)

Here are a few system specs:

- Hewlett Packard PC Desktop.
- 7 GB Memory.
- 700 GB HHD.
- AMD Phenom X4 Quad-Core Processor.
- Windows Vista Home 64bit.
- 64bit Processor too.

Here is the security stuff I'm running:

- HighjackThis.
- Spybot Search & Destroy.
- Windows Defendor.
- Retail (Bought) ESET Internet Security 4. (Firewall Enabled).

Posted Image

My DDS.txt Log:


DDS (Ver_09-12-01.01) - NTFSX64
Run by jbraden37 at 6:42:22.85 on Wed 12/23/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.6903.4193 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\PROGRA~2\cebas\ip-clamp\ipclamp.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxbtcoms.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Photodex\CompuPicPro\ScsiAccess.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\SysWOW64\BeepApp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\jbraden37\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mWinlogon: Userinit=userinit.exe
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files (x86)\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {b48939df-63d2-3cf8-8c45-380a1e275c87} - D
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [IDMan] c:\program files (x86)\internet download manager\IDMan.exe /onboot
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [KBD] c:\program files (x86)\hewlett-packard\kbd\KbdStub.EXE
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [<NO NAME>]
mRun: [notepad] rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0
StartupFolder: c:\users\jbraden37\appdata\roaming\microsoft\windows\start menu\programs\startup\scandisk.dll
StartupFolder: c:\users\jbrade~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\scandisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files (x86)\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\internet download manager\IEExt.htm
IE: Sothink SWF Catcher - c:\program files (x86)\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files (x86)\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~2\java\jre16~1.0_0\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
AppInit_DLLs: acaptuser32.dll
IFEO: ctfmon.exe - c:\windows\system32\ctfmon_lu.exe
TB-X64: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun-x64: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
AppInit_DLLs-X64: acaptuser64.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jbrade~1\appdata\roaming\mozilla\firefox\profiles\ey96dbu4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files (x86)\mozilla firefox\components\FFComm.dll
FF - component: c:\users\jbraden37\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files (x86)\gamecore web 3d player\npgamecore.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\jbraden37\appdata\roaming\mozilla\firefox\profiles\ey96dbu4.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-4-6 225296]
R1 DVDHelp;DVD Video Region CSS free Filter Driver;c:\windows\system32\drivers\DVDHelp.sys [2009-7-18 28696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 136584]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/16 00:38:20];c:\program files (x86)\hewlett-packard\media\dvd\000.fcl [2008-11-28 146928]
R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\amd\raidxpert\bin\RAIDXpertService.exe [2008-9-4 122880]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\x86\ekrn.exe [2009-9-11 735960]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 44944]
R2 IPClampService;IPCLAMP by cebas Computer GmbH;c:\progra~2\cebas\ip-clamp\ipclamp.exe [2009-11-12 45700]
R2 Sentinel64;Sentinel64;c:\windows\system32\drivers\sentinel64.sys [2009-11-8 142888]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-3-21 327800]
R2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-4-6 26168]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-7-3 93184]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-6-18 1038088]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 40464]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC_x64.pkms [2008-11-4 28144]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\drivers\point64k.sys [2009-6-1 33160]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-30 61976]
S4 RGService;RGService;c:\program files (x86)\radioget\RGService.exe [2009-10-1 335872]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 427880]
S4 STSService;STSService;"c:\program files (x86)\soundtaxi media suite\stsservice.exe" --> c:\program files (x86)\soundtaxi media suite\STSService.exe [?]

=============== Created Last 30 ================

2009-12-23 12:49:13 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-12-23 12:21:29 0 d-----w- c:\program files (x86)\Your Uninstaller 2010
2009-12-23 11:03:47 2621440 ----a-w- c:\windows\system32\wucltux.dll
2009-12-23 11:03:16 36864 ----a-w- c:\windows\system32\wuapp.exe
2009-12-23 11:03:16 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2009-12-23 11:03:16 185416 ----a-w- c:\windows\system32\wuwebv.dll
2009-12-23 11:03:16 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2009-12-23 10:39:56 0 --sha-w- c:\users\jbraden37\ntuser.dat{65777542-e949-11de-902d-002421597677}.TMContainer00000000000000000002.regtrans-ms
2009-12-23 10:39:56 0 --sha-w- c:\users\jbraden37\ntuser.dat{65777542-e949-11de-902d-002421597677}.TMContainer00000000000000000001.regtrans-ms
2009-12-23 10:39:56 0 --sha-w- c:\users\jbraden37\ntuser.dat{65777542-e949-11de-902d-002421597677}.TM.blf
2009-12-23 09:55:07 0 d-----w- c:\program files (x86)\common files\PC Tools
2009-12-23 09:55:06 0 d-----w- c:\users\jbrade~1\appdata\roaming\PC Tools
2009-12-23 09:55:06 0 d-----w- c:\programdata\PC Tools
2009-12-23 09:55:06 0 d-----w- c:\program files (x86)\Spyware Doctor
2009-12-18 07:20:25 0 d-----w- c:\users\jbrade~1\appdata\roaming\NASA
2009-12-18 07:19:58 0 d-----w- c:\program files (x86)\NASA
2009-12-18 03:56:08 0 d-----w- c:\programdata\ASGvis
2009-12-18 00:10:40 28 ----a-w- C:\ProgDVB.ini
2009-12-18 00:10:18 0 d-----w- c:\program files (x86)\WinPcap
2009-12-15 03:34:33 0 d-----w- c:\programdata\LogiShrd
2009-12-15 03:34:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-12-15 03:33:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-12-15 03:32:26 190992 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-12-15 03:32:17 96272 ----a-w- c:\windows\system32\KemXML.dll
2009-12-15 03:32:17 235536 ----a-w- c:\windows\system32\KemUtil.dll
2009-12-15 03:32:17 235536 ----a-w- c:\windows\system32\kemutb.dll
2009-12-15 03:32:17 159248 ----a-w- c:\windows\system32\KemWnd.dll
2009-12-15 03:31:49 0 d-----w- c:\programdata\Logitech
2009-12-15 03:31:25 0 d-----w- c:\program files\common files\Logishrd
2009-12-15 03:31:20 0 d-----w- c:\program files\Logitech
2009-12-14 09:06:48 0 d-----w- c:\program files (x86)\Pixarra
2009-12-10 08:09:50 0 d-----w- C:\Pictures6
2009-11-29 04:50:21 719872 ----a-w- c:\windows\syswow64\devil.dll
2009-11-29 04:50:20 308224 ----a-w- c:\windows\syswow64\Avisynth.dll

==================== Find3M ====================

2009-12-23 11:31:11 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-23 11:31:11 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-23 11:31:10 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 10:38:11 807809 ----a-w- c:\windows\Voyager Master LCARS.exe
2009-11-17 10:38:11 28672 ----a-w- c:\windows\gscr.dll
2009-11-16 09:25:38 34308 ----a-w- c:\windows\syswow64\BASSMOD.dll
2009-11-16 03:40:44 3350 --sha-w- c:\programdata\KGyGaAvL.sys
2009-11-14 07:26:28 2877440 ----a-w- c:\windows\system32\frysdk64.dll
2009-11-11 23:14:24 52273 ----a-w- c:\windows\MaxwellMaxPluginUninstall.exe
2009-11-11 23:12:46 6119 ----a-w- c:\windows\unins001.dat
2009-11-11 23:12:29 684377 ----a-w- c:\windows\unins001.exe
2009-11-07 07:52:04 151552 ----a-w- c:\windows\syswow64\nvRegDev.dll
2009-11-03 23:23:25 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-03 23:23:25 249856 ------w- c:\windows\Setup1.exe
2009-10-27 19:42:10 349511 ----a-w- C:\BdUninstallTool2009.10.27-12.33.46.reg
2009-10-26 22:02:07 688409 ----a-w- c:\program files (x86)\em010_32.dat
2009-10-26 22:02:07 30170 ----a-w- c:\program files (x86)\em013_64.dat
2009-10-26 22:02:06 985918 ----a-w- c:\program files (x86)\em009_32.dat
2009-10-26 22:02:06 51321 ----a-w- c:\program files (x86)\em006_64.dat
2009-10-26 22:02:06 49345 ----a-w- c:\program files (x86)\em006_32.dat
2009-10-26 22:02:06 248699 ----a-w- c:\program files (x86)\em008_64.dat
2009-10-26 22:02:06 182230 ----a-w- c:\program files (x86)\em008_32.dat
2009-10-26 22:02:06 1083490 ----a-w- c:\program files (x86)\em009_64.dat
2009-10-26 22:02:05 48010 ----a-w- c:\program files (x86)\em005_32.dat
2009-10-26 22:02:05 439868 ----a-w- c:\program files (x86)\em004_32.dat
2009-10-26 22:02:04 284902 ----a-w- c:\program files (x86)\em003_32.dat
2009-10-26 22:02:04 18743858 ----a-w- c:\program files (x86)\em002_32.dat
2009-10-26 22:01:42 55905 ----a-w- c:\program files (x86)\em000_64.dat
2009-10-26 22:01:42 48589 ----a-w- c:\program files (x86)\em000_32.dat
2009-10-26 22:01:42 374119 ----a-w- c:\program files (x86)\em001_32.dat
2009-10-18 19:57:37 25 ---h--w- c:\program files (x86)\common files\common.log
2009-10-17 10:50:44 104603 ----a-w- c:\program files\s3dcx56uninstal.log
2009-10-16 19:59:09 74240 ------w- c:\windows\AKDeInstall.exe
2009-10-16 19:26:06 17408 ----a-w- C:\psapi.dll
2009-10-03 03:41:38 2140160 ----a-w- c:\windows\syswow64\python26.dll
2009-09-24 23:41:30 35906 ----a-w- c:\windows\fonts\AGAvantGardeCyr.ttf
2009-09-11 06:40:24 88743 ----a-w- c:\program files (x86)\Uninstal.exe
2009-09-10 06:17:05 203 ----a-w- c:\program files (x86)\scores.txt
2009-09-04 01:50:47 3053568 ----a-w- c:\program files (x86)\PahelikaRelease.exe
2009-09-04 00:50:05 766 ----a-w- c:\program files (x86)\icon.ico
2009-09-03 23:48:30 44080938 ----a-w- c:\program files (x86)\main.pak
2009-09-03 23:48:30 33961 ----a-w- c:\program files (x86)\license.txt
2009-09-03 23:48:30 32 ----a-w- c:\program files (x86)\version.txt
2009-09-03 23:48:12 316 ----a-w- c:\program files (x86)\launch.ini
2009-09-03 23:48:12 226 ----a-w- c:\program files (x86)\setup.ini
2009-09-03 23:48:11 92216 ----a-w- c:\program files (x86)\bass.dll
2009-09-03 23:48:11 64000 ----a-w- c:\program files (x86)\gcapi_dll.dll
2009-08-23 00:06:14 83005720 ----a-w- c:\program files (x86)\resources.sfs
2009-08-23 00:06:14 1884 ----a-w- c:\program files (x86)\readme.txt
2009-08-23 00:06:14 156 ----a-w- c:\program files (x86)\versioninfo.xml
2009-08-23 00:06:11 94208 ----a-w- c:\program files (x86)\j2k-codec.dll
2009-08-23 00:06:11 679936 ----a-w- c:\program files (x86)\d3dx81ab.dll
2009-08-19 00:04:14 1019904 ----a-w- c:\program files (x86)\IncanSun.exe
2009-08-16 16:57:54 5911 ----a-w- c:\program files (x86)\distributorsmall.png
2009-08-16 16:57:54 15787 ----a-w- c:\program files (x86)\distributor.jpg
2009-08-16 16:57:37 55951360 ----a-w- c:\program files (x86)\dat1.dll
2009-08-16 16:57:25 638976 ----a-w- c:\program files (x86)\drv.dll
2009-08-16 16:57:25 1212416 ----a-w- c:\program files (x86)\dat2.dll
2009-08-16 16:57:23 401462 ----a-w- c:\program files (x86)\msvcp60.dll
2009-05-14 23:15:16 4809153 ----a-w- c:\program files (x86)\eset.chm
2009-05-14 23:01:16 293656 ----a-w- c:\program files (x86)\updater.dll
2009-05-14 23:01:12 388440 ----a-w- c:\program files (x86)\eguiUpdate.dll
2009-05-14 22:59:40 1100640 ----a-w- c:\program files (x86)\SysRescue.exe
2009-05-14 22:59:00 965704 ----a-w- c:\program files (x86)\SysInspector.exe
2009-05-14 22:58:20 210744 ----a-w- c:\program files (x86)\shellExt.dll
2009-05-14 22:57:38 403360 ----a-w- c:\program files (x86)\eplgOE.dll
2009-05-14 22:57:36 11952 ----a-w- c:\program files (x86)\eplgHooks.dll
2009-05-14 22:57:36 110328 ----a-w- c:\program files (x86)\eguiMailPlugins.dll
2009-05-14 22:54:26 88168 ----a-w- c:\program files (x86)\http_dll.dll
2009-05-14 22:54:26 23296 ----a-w- c:\program files (x86)\EHttpSrv.exe
2009-05-14 22:54:22 443024 ----a-w- c:\program files (x86)\eplgOESmon.dll
2009-05-14 22:54:20 225688 ----a-w- c:\program files (x86)\eguiSmon.dll
2009-05-14 22:51:12 429104 ----a-w- c:\program files (x86)\eguiScan.dll
2009-05-14 22:49:36 1400888 ----a-w- c:\program files (x86)\eguiEpfw.dll
2009-05-14 22:47:12 18144 ----a-w- c:\program files (x86)\eh64.exe
2009-05-14 22:47:10 2692520 ----a-w- c:\program files (x86)\egui.exe
2009-05-14 22:47:04 690640 ----a-w- c:\program files (x86)\eguiProduct.dll
2009-05-14 22:46:16 256064 ----a-w- c:\program files (x86)\eplgOEEmon.dll
2009-05-14 22:46:14 126272 ----a-w- c:\program files (x86)\eguiEmon.dll
2009-05-14 22:44:48 56232 ----a-w- c:\program files (x86)\eeclnt.exe
2009-05-14 22:44:46 115472 ----a-w- c:\program files (x86)\eguiDmon.dll
2009-05-14 22:44:44 167984 ----a-w- c:\program files (x86)\DMON.dll
2009-05-14 22:43:30 54696 ----a-w- c:\program files (x86)\ecmd.exe
2009-05-14 22:42:50 245680 ----a-w- c:\program files (x86)\ecls.exe
2009-05-14 22:42:12 170544 ----a-w- c:\program files (x86)\eguiAmon.dll
2009-05-14 22:41:18 67568 ----a-w- c:\program files (x86)\callmsi.exe
2009-04-06 20:26:46 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-01-29 18:13:44 24285 ----a-w- c:\program files (x86)\eula.rtf
2008-10-30 12:40:46 8686 ----a-w- c:\program files (x86)\fbx.ico
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2007-12-05 18:21:12 1239 ----a-w- c:\program files (x86)\Microsoft.VC80.MFCLOC.manifest
2007-05-11 00:20:16 799800 ----a-w- c:\program files (x86)\msvcr80.dll
2007-05-11 00:20:16 1659448 ----a-w- c:\program files (x86)\mfc80.dll
2007-05-11 00:20:16 1655864 ----a-w- c:\program files (x86)\mfc80u.dll
2007-01-04 00:30:04 397312 ----a-w- c:\program files (x86)\luxor2.exe
2006-12-20 14:53:48 2373 ----a-w- c:\program files (x86)\Microsoft.VC80.MFC.manifest
2006-12-20 14:53:48 1871 ----a-w- c:\program files (x86)\Microsoft.VC80.CRT.manifest
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-08-27 06:46:50 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-08-27 06:46:50 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-08-27 06:46:50 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-02-13 08:47:47 29696 --sha-w- c:\windows\syswow64\notepad.dll
2009-09-08 07:43:51 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-09-08 07:43:51 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-09-08 07:43:51 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-04-06 20:30:10 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 6:43:31.45 ===============

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,076 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:39 AM

Posted 04 January 2010 - 03:30 PM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • GMER log
Please do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box.


Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,076 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:39 AM

Posted 10 January 2010 - 06:14 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users