Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

User Protection, js.mui & wmpscfgs.exe trojan infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 AlleycatLA

AlleycatLA

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 March 2010 - 05:50 PM

It all started when a popup started up on it's own and my system started a 'security scan'. It installed the "user protection" fake security program. Using MBAM, I managed to clean up almost all of that - MBAM found a lot of real problems besides user protection that I fixed. But...

1. MBAM can not delete js.mui and 2 instances of wmpscfgs.exe. It reboots the system, but I think the startup programs (#2 below) reinfect the system.

2. I have found some exe files that have been duplicated and renamed, adding a space before the suffex ( .exe). Here are a couple...
C:\program files (x86)\avg\avg9\avgtray .exe
C:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon .exe
C:\program files (x86)\itunes\ituneshelper .exe
C:\program files (x86)\adobe\acrobat 9.0\acrobat\acrotray .exe

I'm running windows 7 64bit with NBAM, firefox, AVG installed. I got as far as I know how... Please help!

Mark

CODE
Malwarebytes' Anti-Malware 1.44
Database version: 3922
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/28/2010 3:36:51 PM
mbam-log-2010-03-28 (15-36-51).txt

Scan type: Quick Scan
Objects scanned: 107681
Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files (x86)\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mark\AppData\Local\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully.

DDS (Ver_10-03-17.01) - NTFSX64  
Run by Mark at 15:40:12.42 on Sun 03/28/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.2047.944 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sandboxie\sbiectrl.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\program files (x86)\avg\avg9\avgtray .exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\program files (x86)\itunes\ituneshelper .exe
C:\program files (x86)\adobe\acrobat 9.0\acrobat\acrotray .exe
C:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon .exe
C:\program files (x86)\visioneer onetouch\onetouchmon .exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Mark\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~1\office12\GR469A~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [BMUpdate] c:\windows\system32\BMUpdate.exe
uRun: [AdobeBridge]
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [AdobeUpdater6] "c:\program files (x86)\common files\adobe\updater6\Adobe_Updater.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\qttask                 .exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "c:\program files (x86)\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~2\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [OneTouch Monitor] c:\program files (x86)\visioneer onetouch\OneTouchMon.exe
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\micros~1\office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
AppInit_DLLs: app_dll.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~1\office12\GR469A~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64:     WormRadar.com IESiteBlocker.NavFilter - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\6rheyd15.default\
FF - prefs.js: browser.startup.homepage - hxxp://fav4.org/
FF - component: c:\users\mark\appdata\roaming\mozilla\firefox\profiles\6rheyd15.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\mark\appdata\roaming\mozilla\firefox\profiles\6rheyd15.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files (x86)\photodex presenter\npPxPlay.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-3-25 54480]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-3-25 269320]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-3-25 35464]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-3-25 316936]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 203264]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-3-25 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-3-25 308064]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 15208]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 134760]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-3-25 1038088]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-26 1255736]

=============== Created Last 30 ================

2010-03-28 22:29:51    0    ----a-w-    c:\users\mark\defogger_reenable
2010-03-28 21:37:51    0    d-----w-    c:\programdata\Google
2010-03-28 20:29:13    149280    ----a-w-    c:\windows\syswow64\javaws.exe
2010-03-28 20:29:13    145184    ----a-w-    c:\windows\syswow64\javaw.exe
2010-03-28 20:29:13    145184    ----a-w-    c:\windows\syswow64\java.exe
2010-03-28 20:27:47    0    d-----w-    c:\programdata\McAfee
2010-03-28 20:16:17    0    d-----w-    c:\program files (x86)\Secunia
2010-03-28 06:40:23    0    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2010-03-28 05:22:56    0    d-----w-    c:\program files (x86)\ESET
2010-03-28 03:17:13    0    d-----w-    c:\program files (x86)\Trend Micro
2010-03-27 09:49:48    0    d-----w-    c:\program files (x86)\MSXML 4.0
2010-03-27 09:06:44    52568    ----a-r-    c:\windows\system32\AdobePDF.dll
2010-03-27 09:06:44    24416    ----a-r-    c:\windows\system32\AdobePDFUI.dll
2010-03-27 08:41:46    0    d-----w-    c:\users\mark\appdata\roaming\FileMaker Pro Advanced
2010-03-27 08:35:18    0    d-----w-    c:\program files (x86)\FileMaker
2010-03-27 06:00:21    0    d-----w-    c:\users\mark\appdata\roaming\Ashampoo Cover Studio 2
2010-03-27 05:58:29    0    d-----w-    c:\program files (x86)\Ashampoo
2010-03-27 05:25:11    0    d-----w-    c:\programdata\Invoices & Estimates Pro
2010-03-27 05:24:54    0    d-----w-    c:\users\mark\appdata\roaming\Nova Development
2010-03-27 05:24:33    0    d-----w-    c:\program files (x86)\Nova Development
2010-03-27 00:56:51    0    d-----w-    c:\users\mark\appdata\roaming\Avery
2010-03-27 00:55:11    0    d-----w-    c:\programdata\Avery
2010-03-27 00:55:11    0    d-----w-    c:\program files (x86)\Avery Dennison
2010-03-27 00:20:21    32768    ----a-w-    c:\windows\syswow64\temp.003
2010-03-27 00:20:18    0    d-----w-    c:\windows\Driver cache
2010-03-27 00:20:12    0    d-----w-    c:\program files (x86)\Visioneer OneTouch
2010-03-27 00:18:40    0    d-----w-    c:\windows\system32\appmgmt
2010-03-26 23:43:40    0    d-sh--w-    c:\users\mark\PrivacIE
2010-03-26 18:54:16    0    d-----w-    c:\windows\syswow64\7400
2010-03-26 18:45:45    0    d-----w-    c:\program files (x86)\Visioneer
2010-03-26 18:11:58    0    d-----w-    c:\windows\syswow64\Wat
2010-03-26 18:11:57    0    d-----w-    c:\windows\system32\Wat
2010-03-26 18:01:33    0    d-----w-    c:\program files (x86)\common files\ScanSoft Shared
2010-03-26 18:01:31    0    d-----w-    c:\program files (x86)\ScanSoft
2010-03-26 17:59:53    306688    ----a-w-    c:\windows\IsUninst.exe
2010-03-26 10:30:22    27648    ----a-w-    c:\windows\syswow64\stikynot.exe
2010-03-26 10:30:22    27648    ----a-w-    c:\windows\syswow64\stikynot .exe
2010-03-26 10:05:04    311808    ----a-w-    c:\windows\system32\msv1_0.dll
2010-03-26 10:05:04    257024    ----a-w-    c:\windows\syswow64\msv1_0.dll
2010-03-26 09:35:43    0    d-----w-    c:\programdata\SSScanAppDataDir
2010-03-26 09:35:35    0    d-----w-    c:\programdata\MSScanAppDataDir
2010-03-26 09:05:51    32768    ----a-w-    c:\windows\syswow64\temp.002
2010-03-26 08:52:32    32768    ----a-w-    c:\windows\syswow64\temp.001
2010-03-26 04:41:06    0    d-----w-    c:\users\mark\appdata\roaming\DigitalJuice
2010-03-26 04:34:58    0    d-----w-    c:\programdata\DJDownloads
2010-03-26 04:33:37    0    d-----w-    c:\programdata\DigitalJuice
2010-03-26 04:33:37    0    d-----w-    c:\program files (x86)\Digital Juice
2010-03-26 02:13:04    0    d-----w-    c:\users\mark\appdata\roaming\Spiral Graphics
2010-03-26 02:10:42    0    d-----w-    c:\programdata\Spiral Graphics
2010-03-26 02:10:42    0    d-----w-    c:\program files\Spiral Graphics
2010-03-26 02:04:28    0    d-----w-    c:\program files (x86)\Photodex Presenter
2010-03-26 02:04:18    0    d-----w-    c:\program files (x86)\Photodex
2010-03-26 02:02:40    0    d-----w-    c:\users\mark\appdata\roaming\Photodex
2010-03-26 02:02:40    0    d-----w-    c:\programdata\Photodex
2010-03-26 01:57:40    0    d---a-w-    c:\program files (x86)\ProAnimator 4.5.1 PC
2010-03-26 01:49:54    0    d---a-w-    c:\programdata\TEMP
2010-03-26 00:58:33    5423104    ----a-w-    c:\windows\syswow64\tlpsplib10.dll
2010-03-26 00:58:33    2510848    --s-a-w-    c:\windows\syswow64\tlpsplib10.dllOLD
2010-03-26 00:52:55    0    d-----w-    c:\program files (x86)\Topaz Labs LLC
2010-03-26 00:27:52    0    d-----w-    c:\programdata\boost_interprocess
2010-03-26 00:22:02    0    d-----w-    c:\program files (x86)\common files\Topaz Labs
2010-03-26 00:22:01    0    d-----w-    c:\program files (x86)\Topaz Labs
2010-03-25 23:49:31    210944    ----a-r-    c:\windows\system\MSVCRT10.DLL
2010-03-25 21:43:13    0    d-----w-    c:\users\mark\appdata\roaming\Malwarebytes
2010-03-25 21:43:08    0    d-----w-    c:\programdata\Malwarebytes
2010-03-25 21:43:07    22104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-03-25 21:30:20    0    d--h--w-    C:\$AVG
2010-03-25 21:16:51    0    d-----r-    C:\Sandbox
2010-03-25 21:16:34    1460    ----a-w-    c:\windows\Sandboxie.ini
2010-03-25 21:15:56    0    d-----w-    c:\program files\Sandboxie
2010-03-25 21:13:45    0    d-----w-    c:\program files (x86)\DAMN NFO Viewer
2010-03-25 20:27:05    0    d-----w-    c:\programdata\FLEXnet
2010-03-25 19:08:58    0    d-----w-    c:\program files\Adobe
2010-03-25 19:06:53    0    d-----w-    c:\programdata\ALM
2010-03-25 19:03:12    54480    ------w-    c:\windows\system32\drivers\PxHlpa64.sys
2010-03-25 19:03:11    0    d-----w-    c:\program files (x86)\common files\Sonic Shared
2010-03-25 19:03:11    0    d-----w-    c:\program files (x86)\common files\PX Storage Engine
2010-03-25 18:43:13    0    d-----w-    c:\windows\syswow64\spool
2010-03-25 18:41:53    0    d-----w-    c:\programdata\Adobe
2010-03-25 18:40:22    0    d-----w-    c:\program files\common files\Macrovision Shared
2010-03-25 18:40:22    0    d-----w-    c:\program files\common files\Adobe
2010-03-25 18:38:11    0    d-----w-    c:\windows\syswow64\Macromed
2010-03-25 18:37:44    0    d-----w-    c:\program files (x86)\common files\Macrovision Shared
2010-03-25 12:23:01    285696    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2010-03-25 12:23:01    157696    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2010-03-25 12:21:59    465408    ----a-w-    c:\windows\syswow64\psisdecd.dll
2010-03-25 12:21:58    46592    ----a-w-    c:\windows\system32\msasn1.dll
2010-03-25 12:21:58    34816    ----a-w-    c:\windows\syswow64\msasn1.dll
2010-03-25 12:21:55    464896    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-03-25 12:21:55    162304    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2010-03-25 11:55:53    0    d-----w-    c:\users\mark\appdata\roaming\Digsby
2010-03-25 11:55:53    0    d-----w-    c:\programdata\Digsby
2010-03-25 11:55:10    0    d-----w-    c:\program files (x86)\Digsby
2010-03-25 11:41:19    0    d-----w-    c:\windows\PCHEALTH
2010-03-25 11:38:46    0    d-----w-    c:\program files\Microsoft Office
2010-03-25 11:38:41    0    d-----w-    c:\program files (x86)\Microsoft Visual Studio 8
2010-03-25 11:37:20    0    d-----w-    c:\programdata\Microsoft Help
2010-03-25 10:52:59    0    d-----w-    c:\program files (x86)\JDownloader
2010-03-25 10:52:50    411368    ----a-w-    c:\windows\syswow64\deploytk.dll
2010-03-25 10:39:32    0    d-----w-    c:\program files (x86)\Elaborate Bytes
2010-03-25 09:35:02    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-03-25 09:29:44    34152    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-25 09:29:44    126312    ----a-w-    c:\windows\system32\GEARAspi64.dll
2010-03-25 09:29:44    107368    ----a-w-    c:\windows\syswow64\GEARAspi.dll
2010-03-25 09:29:35    0    d-----w-    c:\program files\iPod
2010-03-25 09:29:34    0    d-----w-    c:\programdata\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
2010-03-25 09:29:34    0    d-----w-    c:\program files\iTunes
2010-03-25 09:29:34    0    d-----w-    c:\program files (x86)\iTunes
2010-03-25 09:27:50    0    d-----w-    c:\program files\Bonjour
2010-03-25 09:27:50    0    d-----w-    c:\program files (x86)\Bonjour
2010-03-25 09:27:05    0    d-----w-    c:\program files\common files\Apple
2010-03-25 09:26:54    0    d-----w-    c:\programdata\Apple
2010-03-25 09:06:09    0    d-----w-    c:\program files (x86)\uTorrent
2010-03-25 09:05:22    0    d-----w-    c:\users\mark\appdata\roaming\uTorrent
2010-03-25 08:38:18    32768    ----a-w-    c:\windows\syswow64\temp.000
2010-03-25 08:38:18    22    ----a-w-    c:\windows\BMUpdate.ini
2010-03-25 08:38:18    176128    ----a-w-    c:\windows\syswow64\bmupdate.exe
2010-03-25 08:38:18    176128    ----a-w-    c:\windows\syswow64\bmupdate .exe
2010-03-25 08:38:06    716288    ----a-w-    c:\windows\syswow64\Ltwvc11n.dll
2010-03-25 08:38:06    391168    ----a-w-    c:\windows\syswow64\Ltkrn11n.dll
2010-03-25 08:38:06    36864    ----a-w-    c:\windows\syswow64\Lfbmp11n.dll
2010-03-25 08:38:06    262144    ----a-w-    c:\windows\syswow64\LTDIS11n.dll
2010-03-25 08:38:06    127488    ----a-w-    c:\windows\syswow64\Ltimg11n.dll
2010-03-25 08:38:06    118272    ----a-w-    c:\windows\syswow64\Ltfil11n.dll
2010-03-25 08:38:05    276992    ----a-w-    c:\windows\syswow64\LFCMP11n.DLL
2010-03-25 08:32:40    12976    ----a-w-    c:\windows\system32\avgrssta.dll
2010-03-25 08:32:39    316936    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2010-03-25 08:32:36    269320    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2010-03-25 08:32:35    35464    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2010-03-25 08:32:34    0    d-----w-    c:\windows\system32\drivers\Avg
2010-03-25 08:30:39    0    d-----w-    c:\program files (x86)\AVG
2010-03-25 08:30:26    0    d-----w-    c:\programdata\avg9
2010-03-25 08:29:51    0    d-sh--w-    c:\windows\Installer
2010-03-25 08:15:09    33772    ----a-w-    c:\windows\system32\emptyregdb.dat
2010-03-25 08:14:33    0    d-----w-    c:\programdata\Apple Computer
2010-03-25 08:07:00    0    d-----w-    c:\windows\Panther
2010-03-25 08:06:48    8192    --sha-r-    C:\BOOTSECT.BAK
2010-03-25 08:06:47    383562    --sha-r-    C:\bootmgr
2010-03-25 08:06:46    0    d-sh--w-    C:\Boot
2010-03-25 07:44:22    0    d-sh--w-    c:\users\mark\IETldCache
2010-03-25 07:38:51    212864    ------w-    c:\windows\system32\MpSigStub.exe
2010-03-25 07:17:38    171136    --sha-r-    C:\grldr
2010-03-25 07:17:04    0    d-sh--w-    C:\Recovery
2010-03-25 07:13:05    0    d-----w-    c:\programdata\Hewlett-Packard
2010-03-25 07:12:07    0    ----a-w-    c:\windows\ativpsrm.bin
2010-03-25 07:11:12    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== Find3M  ====================

2010-02-02 08:36:47    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-02-02 07:45:54    2048    ----a-w-    c:\windows\syswow64\tzres.dll
2010-01-19 09:05:57    424960    ----a-w-    c:\windows\system32\secproc.dll
2010-01-19 09:05:57    422912    ----a-w-    c:\windows\system32\secproc_isv.dll
2010-01-19 09:05:57    121856    ----a-w-    c:\windows\system32\secproc_ssp_isv.dll
2010-01-19 09:05:57    121856    ----a-w-    c:\windows\system32\secproc_ssp.dll
2010-01-19 09:00:44    305152    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-19 09:00:43    357888    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2010-01-19 09:00:37    356352    ----a-w-    c:\windows\system32\RMActivate.exe
2010-01-19 09:00:37    306688    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:29:31    85504    ----a-w-    c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-18 23:29:31    85504    ----a-w-    c:\windows\syswow64\secproc_ssp.dll
2010-01-18 23:29:31    365568    ----a-w-    c:\windows\syswow64\secproc_isv.dll
2010-01-18 23:29:30    369152    ----a-w-    c:\windows\syswow64\secproc.dll
2010-01-18 23:28:33    324608    ----a-w-    c:\windows\syswow64\RMActivate_isv.exe
2010-01-18 23:28:33    277504    ----a-w-    c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-18 23:28:30    320512    ----a-w-    c:\windows\syswow64\RMActivate.exe
2010-01-18 23:28:30    280064    ----a-w-    c:\windows\syswow64\RMActivate_ssp.exe
2010-01-11 07:12:38    381440    ----a-w-    c:\windows\syswow64\iedkcs32.dll
2009-07-14 05:37:38    31548    ----a-w-    c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38    31548    ----a-w-    c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38    291294    ----a-w-    c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38    291294    ----a-w-    c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24    174    --sha-w-    c:\program files\desktop.ini
2009-07-14 04:54:24    174    --sha-w-    c:\program files (x86)\desktop.ini
2009-07-14 01:00:34    291294    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34    291294    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32    31548    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32    31548    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
2002-09-24 15:24:50    61440    ----a-w-    c:\windows\inf\i386\onetUSD.dll
2002-07-09 15:23:16    36864    ----a-w-    c:\windows\inf\i386\Vizmicro.dll
2002-05-20 15:20:36    172032    ----a-w-    c:\windows\inf\i386\viceo.dll
2002-05-20 15:02:46    225280    ----a-w-    c:\windows\inf\i386\rtscan.dll
2001-08-04 01:29:18    13824    ----a-w-    c:\windows\inf\i386\Usbscan.sys
2009-06-10 20:44:08    9633792    --sha-r-    c:\windows\fonts\StaticCache.dat
2009-07-14 04:55:03    16384    --sha-w-    c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-14 04:55:03    32768    --sha-w-    c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-14 04:55:03    16384    --sha-w-    c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-14 01:39:53    398848    --sha-w-    c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:41:08.97 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 AlleycatLA

AlleycatLA
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 30 March 2010 - 01:06 PM

I have managed to solve this. Thanks!
Mark

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:40 AM

Posted 30 March 2010 - 03:34 PM

Since this topic appears resolved I am closing it. If it needs to be reopened please feel free to ask any moderator. Thank you for letting us know.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users