Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SOS! win32 dll trojan/malware is driving me insane! PLZ help me:(


  • This topic is locked This topic is locked
2 replies to this topic

#1 SouthernCharmz

SouthernCharmz

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 11 January 2010 - 08:35 PM

Ok earlier today security essentials found win32meerdrop trojan and i removed it but then my os said it wasnt installled correctly so i had to do a sytem restore. other than that ive had no luck finding anything on my system but im postitive im infected and have been on both vista basic and this xp sp3. ive done clean installs and formats multiple times to no evail. Please for the love of god above help me destroy and obliterate this tough lil bug! or bugs! Hey I've had this really odd trojan or worm hijacker problem for the last 2 or 3 weeks.It seems to start out by taking over my system32 and using explore and svhost to do whatever it pleases. It makes desktop.ini shortcuts in random spoots, namely desktop and documents. It spreads into my legit programs somewhow until im forced to reinstall but no matter how i format or which os i use (vista basic or xpsp3 media cntr) it wont stay out! I've used numerous programs and all the diffferent tools microsoft offers but it either removes things i need and thus disables wndows or it finds nothing at all. i notice its utilizing my network somehow by viewing one of the svhost it runs. Please can an experienced tech save me from this god awful bug?! Here are my logs!
dds-
DDS (Ver_09-12-01.01) - NTFSx86
Run by Brandon at 19:45:41.75 on Mon 01/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.1196 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\topdesk\topdesk.exe
C:\Users\Brandon\Local Settings\Application Data\TrueTransparency\TrueTransparency.exe
C:\WINDOWS\system32\ultdrvmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\LiberKey\Apps\Asuite\LKrun.exe
C:\Users\Brandon\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: UIHost=%SystemRoot%\System32\ultlogonui.exe
uRun: [Google Update] "c:\users\brandon\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UltimateServices] c:\windows\system32\ultsvcs.exe /startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [InCD] c:\program files\nero\nero8\incd\InCD.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [2009-10-17 9096]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-11 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-11 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-11 108552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2010-1-11 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2010-1-11 297752]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-1-11 22072]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\advanced system optimizer 3\ASO3DefragSrv.exe [2010-1-11 239336]
S3 BCASPROT;Advanced System Protector;c:\program files\systweak\advanced system protector\sasprot32.sys [2010-1-11 6656]
S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 SliceDisk5;SliceDisk5;c:\program files\liberkey\apps\partitionfindandmount\app\partitionfindandmount\slicedisk.sys [2010-1-11 10240]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-6-10 53032]

=============== Created Last 30 ================

2010-01-12 00:35:44 0 d-----w- c:\program files\Advanced System Optimizer 3
2010-01-12 00:11:21 0 d-----w- c:\windows\system32\appmgmt
2010-01-11 23:57:36 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-11 23:56:41 0 d-----w- c:\program files\Systweak
2010-01-11 21:46:40 0 d-----w- c:\program files\Microsoft Calculator Plus
2010-01-11 21:39:08 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 21:26:33 0 d-----w- c:\program files\Microsoft Security Essentials
2010-01-11 21:15:57 26096640 ----a-w- c:\windows\system32\shell32.backup
2010-01-11 21:14:59 115712 ----a-w- c:\windows\system32\cleanmgr.backup
2010-01-11 21:14:58 83456 ----a-w- c:\windows\system32\charmap.backup
2010-01-11 21:14:57 117760 ----a-w- c:\windows\system32\calc.backup
2010-01-11 21:14:56 63488 ----a-w- c:\windows\system32\browselc.backup
2010-01-11 21:14:55 38400 ----a-w- c:\windows\system32\batmeter.backup
2010-01-11 21:14:55 34816 ----a-w- c:\windows\system32\batt.backup
2010-01-11 21:14:54 796672 ----a-w- c:\windows\system32\appwiz.backup
2010-01-11 21:14:53 100864 ----a-w- c:\windows\system32\ahui.backup
2010-01-11 21:14:52 449024 ----a-w- c:\windows\system32\accwiz.backup
2010-01-11 21:14:51 69632 ----a-w- c:\windows\system32\access.backup
2010-01-11 21:12:42 0 d-----w- c:\windows\pss
2010-01-11 20:00:07 0 d--h--w- C:\$AVG8.VAULT$
2010-01-11 19:59:42 656 ----a-w- c:\windows\system32\ccleaner.ini
2010-01-11 19:18:06 0 d-----w- c:\users\brandon\applic~1\Systweak
2010-01-11 17:56:47 0 d-----w- c:\users\alluse~1\applic~1\Systweak
2010-01-11 17:56:22 17136 ----a-w- c:\windows\system32\sasnative32.exe
2010-01-11 16:14:23 0 d-sh--w- c:\users\brandon\IECompatCache
2010-01-11 16:13:40 0 d-sh--w- c:\users\brandon\PrivacIE
2010-01-11 16:02:18 0 d-----w- c:\windows\system32\LogFiles
2010-01-11 15:54:37 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-01-11 15:51:00 0 d-----w- C:\12c904a82f3501094fd7a4
2010-01-11 15:50:53 0 d-----w- c:\program files\Broadcom
2010-01-11 15:50:41 0 d-----w- c:\users\alluse~1\applic~1\Broadcom
2010-01-11 15:43:54 0 d-----w- C:\eb87cce7878ee1b339100021
2010-01-11 15:42:58 0 d-----w- C:\efaaf01c732351d358e58274c64b6455
2010-01-11 15:32:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-01-11 15:32:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
2010-01-11 15:27:32 0 d-----w- c:\program files\Synaptics
2010-01-11 15:27:05 200704 ----a-w- c:\windows\system32\SynCtrl.dll
2010-01-11 15:27:05 199472 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-01-11 15:27:05 151552 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-01-11 15:27:05 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2010-01-11 15:27:04 163840 ----a-w- c:\windows\system32\SynCOM.dll
2010-01-11 15:26:17 0 ----a-w- c:\windows\Setup.INI
2010-01-11 15:25:49 83 ----a-w- c:\windows\LManager.UNI
2010-01-11 15:25:24 0 d-----w- c:\program files\Launch Manager
2010-01-11 15:21:33 0 d-sh--w- c:\users\brandon\IETldCache
2010-01-11 15:19:47 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-11 15:19:47 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-11 15:19:43 0 d-----w- c:\windows\ie8updates
2010-01-11 15:19:39 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-11 15:17:40 0 dc-h--w- c:\windows\ie8
2010-01-11 15:00:20 17408 ----a-w- c:\windows\system32\drivers\DKbFltr.sys
2010-01-11 14:51:01 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2010-01-11 14:50:56 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2010-01-11 14:50:03 0 d-----w- c:\windows\system32\Lang
2010-01-11 14:48:54 0 ----a-w- c:\windows\ativpsrm.bin
2010-01-11 14:47:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-11 14:43:47 0 d-----w- c:\program files\ATI Technologies
2010-01-11 14:43:07 22072 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2010-01-11 14:41:44 0 d-----w- c:\windows\system32\RTCOM
2010-01-11 14:41:10 0 d-----w- c:\program files\Realtek
2010-01-11 14:20:28 0 d-----w- c:\program files\LiberKey
2010-01-11 14:18:19 0 d-----w- c:\program files\AMD
2010-01-11 14:10:10 0 d-----w- c:\windows\system32\ReinstallBackups
2010-01-11 13:36:44 0 d-----w- c:\program files\Marvell
2010-01-11 13:36:18 0 d-----w- c:\users\brandon\applic~1\TMP
2010-01-11 13:34:57 0 d-----w- c:\program files\Safe Downloads
2010-01-11 13:32:30 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-01-11 13:26:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-11 13:26:06 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-11 13:26:02 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-11 13:26:02 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-11 13:26:01 0 d-----w- c:\users\alluse~1\applic~1\avg8
2010-01-11 13:26:01 0 d-----w- c:\program files\AVG
2010-01-11 13:19:34 0 d---a-w- c:\program files\Nero
2010-01-11 13:19:34 0 d-----w- c:\users\alluse~1\applic~1\Nero
2010-01-11 13:18:01 0 d---a-w- c:\users\brandon\applic~1\OtakuSoftware
2010-01-11 13:05:26 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-01-11 13:02:49 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-01-11 13:01:59 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2010-01-11 13:00:59 78848 -c--a-w- c:\windows\system32\dllcache\dayi.ime
2010-01-11 12:45:51 0 d-----w- c:\program files\TUGZip
2010-01-11 12:45:38 0 d-----w- c:\program files\Firefox
2010-01-11 12:38:07 0 d-----w- c:\program files\ffdshow
2010-01-11 12:37:05 0 d---a-w- c:\program files\Windows Plus
2010-01-11 12:27:36 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-11 12:25:27 0 d-----w- c:\program files\MSXML 4.0
2010-01-11 12:24:01 0 d-sh--w- c:\users\all users\DRM
2010-01-11 12:23:36 0 d--h--w- c:\program files\WindowsUpdate
2010-01-11 12:22:15 0 d-----w- c:\program files\common files\MSSoap
2010-01-11 12:19:22 0 d-----w- c:\program files\Windows Media Connect 2
2010-01-11 12:19:12 0 d-----w- c:\program files\MSN Gaming Zone
2010-01-11 12:17:54 0 d-----w- c:\program files\Windows NT
2010-01-11 07:11:49 0 d-----r- c:\users\all users\Public
2010-01-11 07:07:36 0 d-----w- c:\program files\common files\ODBC
2010-01-11 07:07:32 0 d-----w- c:\program files\common files\SpeechEngines

==================== Find3M ====================

2010-01-11 21:57:09 1293312 ----a-w- c:\windows\system32\sfr.exe
2010-01-11 21:13:00 6339584 ----a-w- c:\windows\system32\setupapi.dll
2010-01-11 21:13:00 156672 ----a-w- c:\windows\system32\sfc_os.dll
2010-01-11 14:41:07 315392 ----a-w- c:\windows\HideWin.exe
2010-01-11 12:20:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-17 22:35:04 1614848 ----a-w- c:\windows\system32\sfcfiles.dll
2009-10-17 22:34:57 52736 ----a-w- c:\windows\system32\wzcsapi.dll
2009-10-17 22:34:57 52224 ----a-w- c:\windows\system32\dmutil.dll
2009-10-17 22:34:57 483840 ----a-w- c:\windows\system32\wzcsvc.dll
2009-10-17 22:34:57 47616 ----a-w- c:\windows\system32\iyuv_32.dll
2009-10-17 22:34:57 47104 ----a-w- c:\windows\system32\cnbjmon.dll
2009-10-17 22:34:57 35328 ----a-w- c:\windows\system32\pid.dll
2009-10-17 22:34:57 20992 ----a-w- c:\windows\system32\hid.dll
2009-10-17 22:34:57 2066176 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-17 22:34:57 16896 ----a-w- c:\windows\system32\msyuv.dll
2009-10-17 22:34:57 15360 ----a-w- c:\windows\system32\pjlmon.dll
2009-10-17 22:25:05 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-10-17 22:24:35 604160 ----a-w- c:\windows\system32\wmspdmod.dll
2009-10-17 22:24:29 938496 ----a-w- c:\windows\system32\wmnetmgr.dll
2009-10-17 22:24:28 100864 ----a-w- c:\windows\system32\logagent.exe
2009-10-17 22:24:25 136704 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-17 22:24:21 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-10-17 22:24:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-10-17 22:24:15 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-10-17 22:24:13 58880 ----a-w- c:\windows\system32\atl.dll
2009-10-17 22:24:06 134144 ----a-w- c:\windows\system32\wkssvc.dll
2009-10-17 22:24:04 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-10-17 22:24:01 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-10-17 22:23:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-10-17 22:23:46 562176 ----a-w- c:\windows\system32\qedit.dll
2009-10-17 22:23:44 1435648 ----a-w- c:\windows\system32\query.dll
2009-10-17 22:23:35 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-17 22:23:35 56832 ----a-w- c:\windows\system32\secur32.dll
2009-10-17 22:23:35 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-10-17 22:23:35 147456 ----a-w- c:\windows\system32\schannel.dll
2009-10-17 22:23:34 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-10-17 22:23:13 346112 ----a-w- c:\windows\system32\localspl.dll
2009-10-17 22:23:07 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-17 22:23:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-10-17 22:23:05 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-10-17 22:22:30 286720 ----a-w- c:\windows\system32\gdi32.dll
2009-10-17 22:22:27 2067968 ----a-w- c:\windows\system32\mstscax.dll
2009-10-17 22:22:22 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-10-17 22:22:22 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-10-17 22:22:21 401408 ----a-w- c:\windows\system32\rpcss.dll
2009-10-17 22:22:21 35328 ----a-w- c:\windows\system32\sc.exe
2009-10-17 22:22:21 284160 ----a-w- c:\windows\system32\pdh.dll
2009-10-17 22:22:21 110592 ----a-w- c:\windows\system32\services.exe
2009-10-17 22:22:12 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-10-17 22:22:12 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-17 22:21:53 74240 ----a-w- c:\windows\system32\mscms.dll
2009-10-17 22:21:49 91648 ----a-w- c:\windows\system32\mtxoci.dll
2009-10-17 22:21:49 66560 ----a-w- c:\windows\system32\mtxclu.dll
2009-10-17 22:21:49 161792 ----a-w- c:\windows\system32\msdtcuiu.dll
2009-10-17 22:21:48 956928 ----a-w- c:\windows\system32\msdtctm.dll
2009-10-17 22:21:47 58880 ----a-w- c:\windows\system32\msdtclog.dll
2009-10-17 22:21:47 428032 ----a-w- c:\windows\system32\msdtcprx.dll
2009-10-17 22:21:44 90112 ----a-w- c:\windows\system32\wshext.dll
2009-10-17 22:21:43 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-10-17 22:21:43 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-10-17 22:21:43 135168 ----a-w- c:\windows\system32\cscript.exe
2009-10-17 22:21:40 245248 ----a-w- c:\windows\system32\mswsock.dll
2009-10-17 22:20:58 691712 ----a-w- c:\windows\system32\inetcomm.dll
2009-10-17 22:20:56 253952 ----a-w- c:\windows\system32\es.dll
2009-10-17 22:20:48 2560 ----a-w- c:\windows\system32\xpsp4res.dll
2009-10-17 22:19:48 414720 ----a-w- c:\windows\system32\msscp.dll
2009-10-17 22:17:59 656896 ----a-w- c:\windows\system32\wmvxencd.dll
2008-01-22 03:51:13 121 ---h--w- c:\program files\desktop.ini

============= FINISH: 19:48:55.31 ===============
attatch-
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/11/2010 8:04:00 AM
System Uptime: 1/11/2010 6:58:16 PM (1 hours ago)

Motherboard: eMachines | | eMachines D620
Processor: AMD Athlon™ Processor 2650e | Socket M2/S1G1 | 1596/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 133.882 GiB free.
D: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 802.11g Network Adapter
Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_E003105B&REV_01\4&11E8A9CE&0&0028
Manufacturer: Broadcom
Name: Broadcom 802.11g Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_E003105B&REV_01\4&11E8A9CE&0&0028
Service: BCM43XX

==== System Restore Points ===================

RP1: 1/11/2010 4:03:52 PM - System Checkpoint
RP2: 1/11/2010 4:25:33 PM - Installed Windows Defender
RP3: 1/11/2010 4:39:00 PM - Software Distribution Service 3.0
RP4: 1/11/2010 4:43:35 PM - Software Distribution Service 3.0
RP5: 1/11/2010 4:46:39 PM - Installed Microsoft Calculator Plus
RP6: 1/11/2010 4:57:09 PM - Microsoft Antimalware Checkpoint
RP7: 1/11/2010 5:30:57 PM - Installed DirectX
RP8: 1/11/2010 6:45:03 PM - Restore Operation
RP9: 1/11/2010 6:55:26 PM - Restore Operation
RP10: 1/11/2010 7:37:21 PM - Advanced System Optimizer - First Install

==== Installed Programs ======================

Adobe Reader 9.1
Advanced System Optimizer
Advanced System Protector
Alky for Applications (Windows XP)
AMD Processor Driver
AMD USB Audio Driver Filter
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AVG Free 8.5
Broadcom Driver v4.170.25.12_Foxconn Installation Program
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Gadget Installer
Google Chrome
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Java™ 6 Update 17
Junk Mail filter update
Marvell Miniport Driver
Microsoft .NET Framework (English)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework 1.0
Microsoft Security Essentials
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
Next Generation Visualisations
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Skins
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows XP (KB898461)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update Rollup 2 for Windows XP Media Center Edition 2005
VCRedistSetup
WebFldrs XP
Windows Defender
Windows Driver Package - Advanced Micro Devices Inc. AMD USB Filter Driver (05/27/2008 1.0.7.0)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================
ark.txt-
ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2010/01/11 20:09
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: AmdK8.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xBA278000 Size: 57344 File Visible: - Signed: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8826000 Size: 98304 File Visible: No Signed: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5F6000 Size: 8192 File Visible: No Signed: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA5981000 Size: 49152 File Visible: No Signed: No
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA8AB4000 Size: 361600 File Visible: - Signed: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\Program Files\Safe Downloads\MSSEFU~1.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Brandon\Local Settings\Apps\2.0\NEDT20XY.O8M\E9L1OEVN.WO3\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Brandon\Local Settings\Apps\2.0\NEDT20XY.O8M\E9L1OEVN.WO3\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

==EOF==
hijackthis-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:55 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\topdesk\topdesk.exe
C:\Users\Brandon\Local Settings\Application Data\TrueTransparency\TrueTransparency.exe
C:\WINDOWS\system32\aeropeek\aeropeek.exe
C:\WINDOWS\system32\ultdrvmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Users\Brandon\Desktop\RootRepeal.exe
C:\Users\Brandon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Safe Downloads\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [UltimateServices] C:\WINDOWS\system32\ultsvcs.exe /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [Google Update] "C:\Users\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: ASO3DiskOptimizer - Systweak Inc. - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4102 bytes

Edited by SouthernCharmz, 11 January 2010 - 10:27 PM.


BC AdBot (Login to Remove)

 


#2 SouthernCharmz

SouthernCharmz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 16 January 2010 - 09:32 AM

Remove please,i upgraded to 7 and formatted drive, all seems well but ill be back if not.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,820 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:05 PM

Posted 16 January 2010 - 01:56 PM

Topic closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users