Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google Installer error leading on to other virus problems


  • This topic is locked This topic is locked
2 replies to this topic

#1 Retal007

Retal007

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 02 January 2010 - 04:55 PM

Hello,
Hi I have recently been infected with a Virus with no solutions to it. I have run several online virus scanners with no luck finding the problem. In the begging when ever I would turn on my computer or let it run for some time a Googleinstallerupdate has encountered an error and needs to be shutdown please send error message to Microsoft, this problem recently stop and a new problem came around of random sounds being heard through my speakers (Advertisements, with out internet or Mozilla open), and now more recently I'll get pop ups behind open browsers on common sites like Hotmail.com and Facebook.com I will post the following Hijackthis reports etc and wait to hear a response Thanks


DDS (Ver_09-12-01.01) - NTFSx86
Run by Jason at 0:17:20.98 on Sat 01/01/2005
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.872 [GMT -6:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Jason\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249686199359
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jason\applic~1\mozilla\firefox\profiles\s5yzgbts.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091222.004\NAVENG.SYS [2009-12-22 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091222.004\NAVEX15.SYS [2009-12-22 1323568]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-12-8 2440120]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]

=============== Created Last 30 ================

2009-12-28 19:14:14 0 d-----w- c:\program files\ESET
2009-12-27 16:39:54 0 d-----w- c:\docume~1\jason\applic~1\Uniblue
2009-12-26 23:20:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-26 22:53:03 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-26 22:53:03 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-12-26 22:53:01 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-17 01:32:02 0 d-----w- c:\windows\system32\Adobe
2009-12-15 18:35:20 0 d-----w- c:\documents and settings\jason\Tracing
2009-12-15 18:31:16 0 d-----w- c:\program files\Microsoft
2009-12-15 18:30:59 0 d-----w- c:\program files\Windows Live SkyDrive
2009-12-15 18:28:36 0 d-----w- c:\program files\common files\Windows Live
2009-11-27 21:20:45 0 d-----w- c:\docume~1\jason\applic~1\Acreon
2009-11-20 06:09:15 0 d-----w- c:\program files\iPod
2009-11-20 06:09:11 0 d-----w- c:\program files\iTunes
2009-11-11 05:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-11 05:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-10-29 17:37:27 16508 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-29 04:01:35 151 ----a-w- c:\windows\PhotoSnapViewer.INI
2009-10-28 15:45:22 0 d-----w- c:\program files\Yahoo!
2009-10-20 16:20:16 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-10-14 19:02:16 0 d-----w- c:\windows\pss
2009-10-10 23:35:49 0 d-sh--w- c:\documents and settings\jason\IECompatCache
2009-10-04 01:47:21 0 d-----w- c:\documents and settings\jason\WINDOWS
2009-10-03 08:07:46 0 ----a-w- c:\windows\iPlayer.INI
2009-10-03 06:59:27 0 d-----w- c:\program files\InterActual
2009-09-28 03:58:12 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-05 02:14:43 0 d-sh--w- c:\documents and settings\jason\PrivacIE
2009-09-05 01:52:22 0 d-sh--w- c:\documents and settings\jason\IETldCache
2009-09-04 17:00:13 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-04 16:59:56 0 d-----w- c:\windows\ie8updates
2009-09-04 16:59:44 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-04 16:59:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-04 16:56:43 0 dc-h--w- c:\windows\ie8
2009-09-04 16:56:22 0 d-----w- c:\program files\WebEx
2009-09-04 16:53:04 0 d-----w- c:\windows\SxsCaPendDel
2009-09-04 09:33:16 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-09-04 06:41:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-08-08 02:06:01 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-08 02:06:01 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-08 02:05:44 0 d-----w- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-08 02:05:33 0 d-----w- c:\program files\Bonjour
2009-08-08 02:04:50 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-08 02:04:50 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-08 01:53:09 169 ----a-w- c:\windows\RtlRack.ini
2009-08-08 01:52:45 0 d-----w- c:\docume~1\alluse~1\applic~1\LightScribe
2009-08-08 01:45:46 0 d-----w- c:\program files\Gadwin Systems
2009-08-08 01:38:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
2009-08-08 01:38:31 0 d-----w- c:\program files\Nero
2009-08-08 01:23:55 0 d-----w- C:\Images
2009-08-08 01:22:13 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2009-08-08 01:21:58 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-08 01:21:58 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-08 01:21:58 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-08 01:21:58 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-08 01:21:01 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2009-08-08 01:21:01 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2009-08-08 01:21:01 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2009-08-08 01:20:37 0 d-----w- c:\program files\Symantec
2009-08-08 01:20:37 0 d-----w- c:\program files\common files\Symantec Shared
2009-08-08 01:20:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2009-08-08 00:54:18 0 d-----w- c:\docume~1\jason\applic~1\OpenOffice.org
2009-08-08 00:51:35 0 d-----w- c:\program files\OpenOffice.org 3
2009-08-08 00:43:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-08-08 00:43:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-08 00:38:39 0 d-----w- c:\program files\CCleaner
2009-08-08 00:18:40 0 d-----w- c:\windows\system32\AGEIA
2009-08-08 00:18:36 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-08-08 00:18:29 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-08-08 00:17:36 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-08 00:17:35 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-08 00:17:33 0 d-----w- C:\NVIDIA
2009-08-07 23:33:20 0 d-----w- c:\windows\system32\XPSViewer
2009-08-07 23:32:56 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 23:32:56 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 23:32:56 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-07 23:32:55 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 23:32:55 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-07 23:32:55 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 23:32:55 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-07 23:30:38 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-07 23:30:38 19495 ----a-w- c:\windows\system32\nvdisp.nvu
2009-08-07 23:30:38 0 d-----w- c:\windows\nview
2009-08-07 23:30:15 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-08-07 23:28:21 0 d-----w- c:\docume~1\jason\applic~1\Windows Desktop Search
2009-08-07 23:28:05 0 d-----w- c:\windows\system32\GroupPolicy
2009-08-07 23:28:05 0 d-----w- c:\program files\Windows Desktop Search
2009-08-07 23:27:30 0 d-----w- c:\program files\Windows Media Connect 2
2009-08-07 23:26:47 0 d-----w- c:\windows\system32\LogFiles
2009-08-07 23:25:45 0 d-----w- c:\windows\system32\URTTemp
2009-08-07 23:12:11 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-07 23:12:11 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-07 23:12:10 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-07 23:11:25 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-08-07 23:10:41 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-07 23:10:40 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-08-07 23:10:40 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-07 23:08:20 0 d-----w- c:\windows\system32\PreInstall
2009-08-07 23:08:19 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-08-07 23:08:18 0 d--h--w- c:\windows\$hf_mig$
2009-08-07 23:02:49 0 d-sh--w- c:\documents and settings\jason\UserData
2009-08-07 22:57:30 0 d-----w- c:\program files\Realtek Sound Manager
2009-08-07 22:57:27 0 d-----w- c:\program files\AvRack
2009-08-07 22:57:23 0 d-----w- c:\program files\Realtek AC97
2009-08-07 22:40:54 0 d-----w- c:\program files\NVIDIA Corporation
2009-08-07 22:18:49 0 d-sh--w- c:\documents and settings\all users\DRM
2009-08-07 22:18:33 0 d--h--w- c:\program files\WindowsUpdate
2009-08-07 22:17:59 0 d-----w- c:\program files\common files\MSSoap
2009-08-07 22:16:36 0 d-----w- c:\program files\Online Services
2009-08-07 22:16:30 0 d-----w- c:\program files\Messenger
2009-08-07 22:16:27 0 d-----w- c:\program files\MSN Gaming Zone
2009-08-07 22:15:56 0 d-----w- c:\program files\Windows NT
2009-08-07 16:56:56 0 d-----w- c:\program files\common files\ODBC
2009-08-07 16:56:53 0 d-----w- c:\program files\common files\SpeechEngines
2009-08-07 16:56:28 0 d-----r- c:\documents and settings\all users\Documents
2005-09-02 04:37:39 0 d-----w- c:\program files\Ventrilo
2005-09-02 04:16:06 0 d-----w- c:\program files\common files\Blizzard Entertainment
2005-09-02 04:14:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard
2005-09-02 03:56:35 0 d-----w- c:\program files\Linksys
2005-01-01 11:59:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2005-01-01 11:59:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2005-01-01 07:23:38 0 d-----w- c:\docume~1\jason\applic~1\Windows Search
2005-01-01 06:31:59 0 d-----w- c:\program files\Pure Networks
2005-01-01 06:30:44 0 d-----w- c:\program files\common files\Pure Networks Shared
2005-01-01 06:30:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks
2005-01-01 06:15:42 0 d-----w- c:\docume~1\jason\applic~1\AVG8

==================== Find3M ====================

2009-12-03 22:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 09:17:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2009-08-14 13:21:25 1850624 ----a-w- c:\windows\system32\win32k.sys
2009-08-07 22:16:56 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-07 00:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:08 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-31 16:05:44 1372672 ----a-w- c:\windows\system32\msxml6.dll
2009-07-31 04:35:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-26 22:44:56 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01:06 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22:18 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-14 18:54:00 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54:00 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54:00 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 18:54:00 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54:00 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54:00 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54:00 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54:00 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 18:35:08 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 18:35:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-07-14 18:35:00 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-07-14 18:35:00 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-07-14 18:34:58 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 18:34:58 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 18:34:58 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 18:34:58 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 18:34:58 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 18:34:58 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 18:34:58 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 18:34:58 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 18:34:56 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-14 04:43:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 12:01:34 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-07 20:48:44 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-07-07 20:48:44 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-06-25 08:25:26 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25:26 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25:26 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25:26 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25:26 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-24 11:18:41 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36:30 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36:30 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31:40 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31:39 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19:38 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13:29 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09:37 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 05:24:06 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-07 15:32:35 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-28 14:55:06 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-21 04:12:14 149768 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2009-04-15 14:51:25 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 15:50:26 288024 ----a-w- c:\windows\system32\PhysXCplUI.exe
2009-04-07 15:50:26 288024 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe
2009-04-02 04:02:22 604160 ----a-w- c:\windows\system32\wmspdmod.dll
2009-03-08 09:34:30 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 09:33:40 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 09:33:06 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 09:32:56 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 09:32:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 09:31:38 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 09:31:18 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 09:31:02 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 09:22:38 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22:18 284160 ----a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10:48 714752 ----a-w- c:\windows\system32\ntdll.dll
2009-02-09 12:10:48 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10:48 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10:48 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10:48 401408 ----a-w- c:\windows\system32\rpcss.dll
2009-02-06 11:11:05 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 10:39:08 35328 ----a-w- c:\windows\system32\sc.exe
2009-02-06 10:10:02 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-01-27 18:50:56 111620 ----a-w- c:\windows\fonts\opens___.ttf
2009-01-07 23:20:38 24576 ----a-w- c:\windows\system32\nlsdl.dll
2009-01-07 23:20:36 26112 ----a-w- c:\windows\system32\idndl.dll
2009-01-07 23:20:36 23552 ----a-w- c:\windows\system32\normaliz.dll
2009-01-07 23:20:18 265720 ----a-w- c:\windows\system32\msdbg2.dll
2008-12-12 16:18:16 87336 ----a-w- c:\windows\system32\dns-sd.exe
2008-12-12 16:11:46 61440 ----a-w- c:\windows\system32\dnssd.dll
2008-12-11 10:57:09 333952 ----a-w- c:\windows\system32\drivers\srv.sys
2008-12-09 02:43:46 42312 ----a-w- c:\windows\system32\drivers\WPSDRVnt.sys
2008-12-09 02:43:34 357704 ----a-w- c:\windows\system32\sysfer.dll

============= FINISH: 0:18:19.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:23 PM

Posted 11 January 2010 - 12:20 AM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:23 PM

Posted 16 January 2010 - 04:04 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users