Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Returning Trojans AFTER SCAN AND REMOVAL! HELP!


  • Please log in to reply
4 replies to this topic

#1 UrMom

UrMom

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 19 January 2010 - 09:21 AM

My Windows Vista Laptop (Dell XPS 1640) was attacked by Windows 2010 Defender malware..... I removed it using malwarebyte anti-malware removal.... but pop ups show up every time I turn my computer and when I re-run the scan I am using (Super Anti Spyware) after my laptop reboot..... the same 5 trojans show up! Also when I first turn on my laptop a message about a process that cant start show up with a name similar to the trojan names and I always have to scurry to my task manager to end the process within a minute... If not I got a Windows 2010 Defender threat/pop up.

Trojan.Agent/Gen:
[vftls8vwe6oc] C:\WINDOWS\SYSWOW64\VFTLS8VWE6OC.EXE
C:\WINDOWS\SYSWOW64\VFTLS8VWE6OC.EXE
[SecurityCenter] C:\WINDOWS\SYSWOW64\VFTLS8VWE6OC.EXE
[vftls8vwe6oc] C:\USERS\URMOM\APPDATA\ROAMING\VFTLS8VWE6OC.EXE
C:\USERS\URMOM\APPDATA\ROAMING\VFTLS8VWE6OC.EXE

DDS:
DDS (Ver_09-12-01.01) - NTFSX64
Run by UrMom at 8:45:21.22 on Tue 01/19/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4060.2576 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FASecFacX.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ranisha\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files (x86)\sensible vision\fast access\FAIESSO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
uRun: [SecurityCenter] c:\windows\syswow64\vftls8vwe6oc.exe
uRun: [vftls8vwe6oc] c:\users\URMOM\appdata\roaming\vftls8vwe6oc.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [FATrayAlert] c:\program files (x86)\sensible vision\fast access\FATrayMon.exe
mRun: [FAStartup]
mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vftls8vwe6oc] c:\windows\syswow64\vftls8vwe6oc.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\users\URMOM\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files (x86)\mcafee security scan\1.0.150\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
Notify: FastAccess - c:\program files (x86)\sensible vision\fast access\FALogNot.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\URMOM\appdata\roaming\mozilla\firefox\profiles\7gow2o8g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - component: c:\users\URMOM\appdata\roaming\mozilla\firefox\profiles\7gow2o8g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-12-10 53488]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-18 89680]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files (x86)\cyberlink\powerdvd dx\000.fcl [2009-12-10 32240]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-12-10 89600]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-10 203264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-18 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-18 65616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-18 138680]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FAService;FAService;c:\program files (x86)\sensible vision\fast access\FAService.exe [2008-9-5 2340096]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-18 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-18 352920]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-8-2 243840]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-12-10 59392]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-12-10 239104]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-12-10 4735488]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 159840]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 319840]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2010-1-5 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-1 135664]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-4-24 93184]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]

=============== Created Last 30 ================

2010-01-19 14:13:52 391680 ----a-w- c:\users\ranisha\appdata\roaming\vftls8vwe6oc.exe
2010-01-19 11:34:07 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-19 11:33:14 0 d-----w- c:\users\URMOM\appdata\roaming\SUPERAntiSpyware.com
2010-01-19 11:33:14 0 d-----w- c:\program files (x86)\SUPERAntiSpyware
2010-01-19 11:31:28 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-01-19 06:15:47 0 d-----w- c:\program files (x86)\CCleaner
2010-01-18 20:00:44 65616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-18 20:00:44 0 ----a-w- c:\windows\syswow64\config.nt
2010-01-18 20:00:00 380928 ----a-w- c:\windows\syswow64\actskin4.ocx
2010-01-18 20:00:00 1280480 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-01-18 19:59:57 0 d-----w- c:\program files\Alwil Software
2010-01-18 15:16:27 0 d-----w- c:\programdata\Citrix
2010-01-18 15:15:50 61224 ----a-w- c:\users\URMOM\GoToAssistDownloadHelper.exe
2010-01-18 00:34:19 0 d-----w- c:\users\URMOM\appdata\roaming\Malwarebytes
2010-01-18 00:34:10 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-18 00:34:10 0 d-----w- c:\programdata\Malwarebytes
2010-01-18 00:34:10 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-01-17 23:04:11 391680 ----a-w- c:\windows\syswow64\vftls8vwe6oc.exe
2010-01-14 00:24:12 0 d-----w- c:\users\URMOM\Tracing
2010-01-13 07:40:49 96256 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 07:40:49 72704 ----a-w- c:\windows\syswow64\fontsub.dll
2010-01-13 07:40:49 189440 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 07:40:49 156672 ----a-w- c:\windows\syswow64\t2embed.dll
2010-01-12 12:52:09 0 d-----w- c:\programdata\Creative
2010-01-08 03:06:54 0 d-----w- c:\programdata\McAfee
2010-01-07 11:56:43 0 d-----w- c:\programdata\Roxio
2010-01-07 05:42:16 0 d-----w- c:\programdata\Adobe
2010-01-06 16:26:45 0 d-----w- c:\programdata\NOS
2010-01-06 03:06:54 0 d-----w- c:\programdata\McAfee Security Scan
2010-01-06 03:06:53 0 d-----w- c:\program files (x86)\McAfee Security Scan
2010-01-05 03:44:52 0 d-----w- C:\DVDVideoSoft
2010-01-05 02:08:39 0 d-----w- c:\program files (x86)\DVDVideoSoft
2010-01-05 02:08:39 0 d-----w- c:\program files (x86)\common files\DVDVideoSoft
2010-01-05 00:13:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-01-02 11:19:12 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-01-02 11:19:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-02 11:11:39 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-02 11:11:39 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-01-02 11:11:38 610304 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-02 11:11:38 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-01-02 11:11:38 31232 ----a-w- c:\windows\syswow64\httpapi.dll
2010-01-02 09:41:08 372736 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-02 09:41:08 310784 ----a-w- c:\windows\syswow64\unregmp2.exe
2010-01-02 09:41:04 10624000 ----a-w- c:\windows\syswow64\wmp.dll
2010-01-02 09:40:59 8147456 ----a-w- c:\windows\syswow64\wmploc.DLL
2010-01-02 09:40:58 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-02 09:40:20 2749952 ----a-w- c:\windows\system32\win32k.sys
2010-01-02 09:40:17 604672 ----a-w- c:\windows\syswow64\WMSPDMOD.DLL
2010-01-02 09:40:16 818688 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-02 09:40:14 437248 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-02 09:40:14 351232 ----a-w- c:\windows\syswow64\WSDApi.dll
2010-01-02 09:40:09 280576 ----a-w- c:\windows\system32\rastls.dll
2010-01-02 09:40:08 295936 ----a-w- c:\windows\system32\raschap.dll
2010-01-02 09:40:08 281600 ----a-w- c:\windows\syswow64\raschap.dll
2010-01-02 09:40:08 244224 ----a-w- c:\windows\syswow64\rastls.dll
2010-01-02 09:39:34 324608 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-01-02 09:39:33 241152 ----a-w- c:\windows\syswow64\PortableDeviceApi.dll
2010-01-02 09:39:28 1875456 ----a-w- c:\windows\system32\msxml3.dll
2010-01-02 09:39:26 1794560 ----a-w- c:\windows\system32\msxml6.dll
2010-01-02 09:39:25 1399296 ----a-w- c:\windows\syswow64\msxml6.dll
2010-01-02 09:39:24 1257472 ----a-w- c:\windows\syswow64\msxml3.dll
2010-01-02 09:11:54 82944 ----a-w- c:\windows\system32\msasn1.dll
2010-01-02 09:11:54 61440 ----a-w- c:\windows\syswow64\msasn1.dll
2010-01-02 09:11:53 176640 ----a-w- c:\windows\system32\Faultrep.dll
2010-01-02 09:11:52 147456 ----a-w- c:\windows\syswow64\Faultrep.dll
2010-01-02 09:11:52 120832 ----a-w- c:\windows\system32\wersvc.dll
2010-01-02 08:15:38 212352 ------w- c:\windows\system32\MpSigStub.exe
2010-01-02 05:58:30 0 d-----w- c:\program files\Google
2010-01-02 05:58:23 0 d-----w- c:\programdata\Google
2010-01-02 03:56:04 2621440 ----a-w- c:\windows\system32\wucltux.dll
2010-01-02 03:55:46 87552 ----a-w- c:\windows\syswow64\wudriver.dll
2010-01-02 03:55:45 98816 ----a-w- c:\windows\system32\wudriver.dll
2010-01-02 03:55:45 575704 ----a-w- c:\windows\syswow64\wuapi.dll
2010-01-02 03:55:45 35552 ----a-w- c:\windows\syswow64\wups.dll
2010-01-02 03:55:38 36864 ----a-w- c:\windows\system32\wuapp.exe
2010-01-02 03:55:38 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2010-01-02 03:55:38 185416 ----a-w- c:\windows\system32\wuwebv.dll
2010-01-02 03:55:38 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2010-01-02 02:39:44 212 ----a-w- c:\users\ranisha\appdata\roaming\wklnhst.dat
2010-01-02 02:38:07 0 d-----w- c:\users\ranisha\appdata\roaming\Dell
2010-01-02 02:37:02 0 d-----w- c:\programdata\ATI
2010-01-02 02:31:49 0 d-sh--we c:\programdata\Documents
2010-01-02 02:31:49 0 d-sh--we C:\Documents and Settings
2010-01-01 18:57:14 0 d-----w- c:\users\URMOM\appdata\roaming\Windows Live Writer

==================== Find3M ====================

2010-01-02 04:00:36 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-02 04:00:36 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-02 04:00:32 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-10 19:12:21 302592 ----a-w- c:\windows\syswow64\wlansec.dll
2009-12-10 19:12:21 293376 ----a-w- c:\windows\syswow64\wlanmsm.dll
2009-12-10 19:12:21 157184 ----a-w- c:\windows\system32\L2SecHC.dll
2009-12-10 19:12:21 127488 ----a-w- c:\windows\syswow64\L2SecHC.dll
2009-12-10 19:12:20 97792 ----a-w- c:\windows\system32\wlanhlp.dll
2009-12-10 19:12:20 86528 ----a-w- c:\windows\system32\wlanapi.dll
2009-12-10 19:12:20 615936 ----a-w- c:\windows\system32\wlansvc.dll
2009-12-10 19:12:20 376832 ----a-w- c:\windows\system32\wlansec.dll
2009-12-10 19:12:20 353280 ----a-w- c:\windows\system32\wlanmsm.dll
2009-12-10 19:10:32 2452872 ----a-w- c:\windows\syswow64\ieapfltr.dat
2009-12-10 19:07:53 855552 ----a-w- c:\windows\syswow64\kernel32.dll
2009-12-10 19:07:53 25600 ----a-w- c:\windows\system32\amxread.dll
2009-12-10 19:07:53 24064 ----a-w- c:\windows\syswow64\amxread.dll
2009-12-10 19:07:53 15872 ----a-w- c:\windows\system32\apilogen.dll
2009-12-10 19:07:53 13824 ----a-w- c:\windows\syswow64\apilogen.dll
2009-12-10 19:06:36 656384 ----a-w- c:\windows\system32\kerberos.dll
2009-12-10 19:06:36 499712 ----a-w- c:\windows\syswow64\kerberos.dll
2009-12-10 19:06:35 94720 ----a-w- c:\windows\system32\secur32.dll
2009-12-10 19:06:35 76800 ----a-w- c:\windows\syswow64\secur32.dll
2009-12-10 19:06:35 515656 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-12-10 19:06:35 338944 ----a-w- c:\windows\system32\schannel.dll
2009-12-10 19:06:35 270848 ----a-w- c:\windows\syswow64\schannel.dll
2009-12-10 19:06:35 205312 ----a-w- c:\windows\system32\wdigest.dll
2009-12-10 19:06:35 175104 ----a-w- c:\windows\syswow64\wdigest.dll
2009-12-10 19:06:35 1692160 ----a-w- c:\windows\system32\lsasrv.dll
2009-12-10 19:06:35 11264 ----a-w- c:\windows\system32\lsass.exe
2009-12-10 19:05:11 2423296 ----a-w- c:\windows\system32\mstscax.dll
2009-12-10 19:05:11 2066432 ----a-w- c:\windows\syswow64\mstscax.dll
2009-12-10 19:03:50 3547136 ----a-w- c:\windows\system32\mf.dll
2009-12-10 19:03:50 2868224 ----a-w- c:\windows\syswow64\mf.dll
2009-12-10 19:03:49 2386944 ----a-w- c:\windows\syswow64\WMVCORE.DLL
2009-12-10 19:02:09 512000 ----a-w- c:\windows\syswow64\jscript.dll
2009-12-10 19:01:34 677376 ----a-w- c:\windows\syswow64\rpcrt4.dll
2009-12-10 19:01:34 1320448 ----a-w- c:\windows\system32\rpcrt4.dll
2009-12-10 19:00:56 48128 ----a-w- c:\windows\system32\atmlib.dll
2009-12-10 19:00:56 366080 ----a-w- c:\windows\system32\atmfd.dll
2009-12-10 19:00:56 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2009-12-10 19:00:56 10240 ----a-w- c:\windows\syswow64\dciman32.dll
2009-12-10 19:00:14 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-12-10 19:00:14 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2009-12-10 19:00:13 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2009-12-10 19:00:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-12-10 18:55:09 7680 ----a-w- c:\windows\syswow64\spwmp.dll
2009-12-10 18:55:09 4096 ----a-w- c:\windows\syswow64\dxmasf.dll
2009-12-10 18:55:08 9216 ----a-w- c:\windows\system32\spwmp.dll
2009-12-10 18:55:08 5120 ----a-w- c:\windows\system32\dxmasf.dll
2009-12-10 18:55:06 368128 ----a-w- c:\windows\system32\wmpdxm.dll
2009-12-10 18:55:06 313344 ----a-w- c:\windows\syswow64\wmpdxm.dll
2009-12-10 18:54:11 730112 ----a-w- c:\windows\system32\msdtcprx.dll
2009-12-10 18:54:11 562176 ----a-w- c:\windows\syswow64\msdtcprx.dll
2009-12-10 18:54:11 48640 ----a-w- c:\windows\system32\xolehlp.dll
2009-12-10 18:54:11 38912 ----a-w- c:\windows\syswow64\xolehlp.dll
2009-12-10 18:50:50 636928 ----a-w- c:\windows\syswow64\localspl.dll
2009-12-10 18:50:49 791552 ----a-w- c:\windows\system32\localspl.dll
2009-12-10 18:48:29 93184 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-10 18:48:29 91136 ----a-w- c:\windows\syswow64\avifil32.dll
2009-12-10 18:48:29 76800 ----a-w- c:\windows\system32\avicap32.dll
2009-12-10 18:48:29 108544 ----a-w- c:\windows\system32\avifil32.dll
2009-12-10 18:46:11 88576 ----a-w- c:\windows\system32\atl.dll
2009-12-10 18:46:11 71680 ----a-w- c:\windows\syswow64\atl.dll
2009-12-10 18:45:39 174592 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-12-10 18:44:02 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-10 18:44:01 95744 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-12-10 18:44:01 7680 ----a-w- c:\windows\system32\drivers\usbd.sys
2009-12-10 18:44:01 49664 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-12-10 18:44:01 29184 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2009-12-10 18:44:01 274432 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-12-10 18:44:01 260608 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-12-10 18:44:01 17920 ----a-w- c:\windows\system32\hcrstco.dll
2009-12-10 18:44:01 10752 ----a-w- c:\windows\system32\hccoin.dll
2009-12-10 18:43:29 202752 ----a-w- c:\windows\system32\wkssvc.dll
2009-12-10 18:41:20 111104 ----a-w- c:\windows\system32\drivers\sdbus.sys
2009-12-10 18:38:11 4653 ----a-w- c:\windows\system32\drivers\1028_Dell_STU_1640.mrk
2009-12-10 17:55:42 455680 ----a-w- c:\windows\system32\deploytk.dll
2009-12-10 17:54:23 410984 ----a-w- c:\windows\syswow64\deploytk.dll
2009-12-10 17:54:23 148888 ----a-w- c:\windows\syswow64\javaws.exe
2009-12-10 17:54:23 144792 ----a-w- c:\windows\syswow64\javaw.exe
2009-12-10 17:54:23 144792 ----a-w- c:\windows\syswow64\java.exe
2009-12-10 11:24:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-10-27 13:45:07 1032704 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:41:03 86528 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 13:20:19 833024 ----a-w- c:\windows\syswow64\wininet.dll
2009-10-27 13:20:05 1174528 ----a-w- c:\windows\syswow64\urlmon.dll
2009-10-27 13:18:49 146432 ----a-w- c:\windows\syswow64\occache.dll
2009-10-27 13:17:35 671232 ----a-w- c:\windows\syswow64\mstime.dll
2009-10-27 13:17:21 3584000 ----a-w- c:\windows\syswow64\mshtml.dll
2009-10-27 13:17:19 458240 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-10-27 13:16:43 28160 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-10-27 13:16:30 6069248 ----a-w- c:\windows\syswow64\ieframe.dll
2009-10-27 13:16:30 270848 ----a-w- c:\windows\syswow64\iertutil.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2009-10-27 13:16:28 389120 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-10-27 13:16:28 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2009-10-27 13:16:27 230400 ----a-w- c:\windows\syswow64\ieaksie.dll
2009-10-27 11:20:07 32768 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-27 10:55:39 26624 ----a-w- c:\windows\syswow64\ieUnatt.exe
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini

============= FINISH: 8:47:04.26 ===============


Edited by UrMom, 19 January 2010 - 12:11 PM.


BC AdBot (Login to Remove)

 


#2 certifiednerd

certifiednerd

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 19 January 2010 - 09:35 AM

uRun: [vftls8vwe6oc] c:\users\ranisha\appdata\roaming\vftls8vwe6oc.exe

this is one of your infections, the key is to be able to disable it before removing it. the simplest way to do so is to boot to safe mode, locate the file (in your appdata file) and delete it. once deleted you can remove it from startup using msconfig. make sure you remove all shortcuts to it, usually there is one on the desktop and one in the startmenu

#3 UrMom

UrMom
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 19 January 2010 - 09:52 AM

Forgot to quote! Oops!

Edited by UrMom, 19 January 2010 - 10:08 AM.


#4 UrMom

UrMom
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 19 January 2010 - 10:09 AM

uRun: [vftls8vwe6oc] c:\users\ranisha\appdata\roaming\vftls8vwe6oc.exe

this is one of your infections, the key is to be able to disable it before removing it. the simplest way to do so is to boot to safe mode, locate the file (in your appdata file) and delete it. once deleted you can remove it from startup using msconfig. make sure you remove all shortcuts to it, usually there is one on the desktop and one in the startmenu



Thanks for the quick reply! I should locate and manually remove all of the 5 files first? How do I remove the virus from the start up using msconfig?.. Ok I think I figured it out: Here is a screenshot... Should I disable everything but the virus or enable everything but the virus? or vice versa?! Posted Image

Ok Heres a link to the screen shot: Screenshot

#5 certifiednerd

certifiednerd

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 19 January 2010 - 04:40 PM

sorry for the wait on the reply, basicly just disable the one that linked to that file in "appdata", this way you dont get a missing file error on startup
you can leave everything else checked. nothing in startup should ever link to any user files, if they do, most likely they are infections

(unfortunitly i cant see the screenshot from where i am right now)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users