Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTML/Infected.WebPage.Gen


  • This topic is locked This topic is locked
3 replies to this topic

#1 mboulton

mboulton

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 03 April 2010 - 10:50 PM

Hi there,
The problem started today sometime, my antivirus keeps popping up constantly over and over stating that a virus or unwanted program was found: HTML/Infected.WebPage.Gen
So, I guess my computer has been infected with something?


I will paste my DDS log and attach my "attach" file, but my ark.txt came out blank with no problems listed.
I also have a hijack this log; not sure if anyone wants to see that?

Thanks,
Michael.



DDS (Ver_10-03-17.01) - NTFSX64
Run by Michael at 20:03:44.36 on 03/04/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.6077.4232 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_f86438be\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AKProg\AKProg.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\SysWOW64\sysinfo.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael\Downloads\dds.scr
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mExplorerRun: [application] c:\program files (x86)\akprog\AKProg.exe hs
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\sysinfo.lnk - c:\windows\syswow64\sysinfo.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
mRun-x64: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\wqe183jf.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-3-10 52856]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/03/10 16:18:11];c:\program files (x86)\cyberlink\powerdvd dx\000.fcl [2010-3-10 146928]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-3-6 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-3-6 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-6 74880]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-8 135664]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2010-3-7 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-3-6 61280]
S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S4 IS360service;IS360service;c:\program files (x86)\iobit\iobit security 360\is360srv.exe [2010-3-8 311568]

=============== Created Last 30 ================

2010-04-04 00:32:51 0 d-----w- c:\program files (x86)\Trend Micro
2010-04-03 22:16:55 0 d-----w- c:\users\michael\appdata\roaming\Malwarebytes
2010-04-03 22:16:47 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-03 22:16:47 0 d-----w- c:\programdata\Malwarebytes
2010-04-03 22:16:47 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-04-03 08:19:09 73728 ----a-w- c:\windows\syswow64\sysinfo.exe
2010-04-03 08:19:04 0 d-----w- c:\program files (x86)\Moorhuhn Soccer PC Game
2010-04-03 08:09:49 0 d-----w- c:\programdata\MumboJumbo
2010-04-01 04:22:27 69 ----a-w- c:\windows\NeroDigital.ini
2010-03-30 13:10:07 0 d-----w- c:\program files (x86)\ToGo Game
2010-03-29 12:47:59 0 d-----w- c:\programdata\Nero
2010-03-29 12:47:59 0 d-----w- c:\program files (x86)\Nero
2010-03-29 03:26:36 352567296 ----a-w- C:\DVD5.ISO
2010-03-29 03:24:23 0 d-----w- c:\programdata\DVD Shrink
2010-03-29 03:24:23 0 d-----w- c:\program files (x86)\DVD Shrink
2010-03-29 02:52:31 0 d-----w- c:\program files (x86)\DVD Decrypter
2010-03-18 18:05:14 0 d-----w- c:\program files (x86)\VS Revo Group
2010-03-12 01:26:50 582 ----a-w- c:\windows\PowerReg.dat
2010-03-12 01:26:48 45568 ----a-w- c:\windows\UniFish3.exe
2010-03-12 01:13:18 0 d-----w- c:\programdata\JollyBear
2010-03-12 01:13:07 0 d-----w- c:\program files (x86)\Games
2010-03-11 04:44:07 0 d-----w- c:\program files (x86)\Maxis
2010-03-11 00:23:48 620032 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 00:23:48 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 00:23:48 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 00:23:48 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-03-11 00:23:47 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2010-03-11 00:13:55 0 d-----w- c:\programdata\FLEXnet
2010-03-11 00:11:06 0 d-----w- c:\programdata\Dell
2010-03-11 00:11:06 0 d-----w- c:\programdata\CyberLink
2010-03-11 00:10:36 89088 ----a-w- c:\windows\syswow64\atl71.dll
2010-03-11 00:10:36 499712 ----a-w- c:\windows\syswow64\msvcp71.dll
2010-03-11 00:10:36 348160 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-03-11 00:10:36 1060864 ----a-w- c:\windows\syswow64\MFC71.dll
2010-03-11 00:10:36 1047552 ----a-w- c:\windows\syswow64\MFC71u.dll
2010-03-11 00:00:09 0 d-----w- c:\programdata\eSellerate
2010-03-11 00:00:08 0 d-----w- c:\programdata\SmartSound Software Inc
2010-03-11 00:00:03 0 d-----w- c:\program files (x86)\SmartSound Software
2010-03-10 23:58:38 0 d-----w- c:\program files (x86)\common files\Macrovision Shared
2010-03-09 16:38:05 0 d-----w- c:\programdata\vsosdk
2010-03-08 23:10:46 0 d-----w- c:\programdata\IObit
2010-03-08 23:10:45 0 d-----w- c:\program files (x86)\IObit
2010-03-08 23:08:49 0 d-----w- c:\program files (x86)\CCleaner
2010-03-08 16:24:00 0 d-----w- c:\users\michael\.gimp-2.6
2010-03-08 15:53:14 0 d-----w- c:\program files\WinRAR
2010-03-08 15:44:14 178176 ----a-w- c:\windows\syswow64\unrar.dll
2010-03-08 15:44:13 38 ----a-w- c:\windows\avisplitter.ini
2010-03-08 15:44:12 881664 ----a-w- c:\windows\syswow64\xvidcore.dll
2010-03-08 15:44:12 839680 ----a-w- c:\windows\syswow64\lameACM.acm
2010-03-08 15:44:12 414 ----a-w- c:\windows\syswow64\lame_acm.xml
2010-03-08 15:44:12 217088 ----a-w- c:\windows\syswow64\yv12vfw.dll
2010-03-08 15:44:12 205824 ----a-w- c:\windows\syswow64\xvidvfw.dll
2010-03-08 15:44:12 151552 ----a-w- c:\windows\syswow64\ac3acm.acm
2010-03-08 15:44:10 85504 ----a-w- c:\windows\syswow64\ff_vfw.dll
2010-03-08 15:44:10 547 ----a-w- c:\windows\syswow64\ff_vfw.dll.manifest
2010-03-08 15:44:09 0 d-----w- c:\program files (x86)\K-Lite Codec Pack
2010-03-08 15:18:23 0 d-----w- c:\programdata\Messenger Plus!
2010-03-08 15:17:13 0 d-----w- c:\program files (x86)\Messenger Plus! Live
2010-03-07 23:00:16 0 d-----w- c:\windows\syswow64\spool
2010-03-07 23:00:16 0 d-----w- c:\program files (x86)\Windows Portable Devices
2010-03-07 23:00:15 0 d-----w- c:\program files\Windows Portable Devices
2010-03-07 23:00:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-07 22:42:48 92672 ----a-w- c:\windows\syswow64\UIAnimation.dll
2010-03-07 22:42:48 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-03-07 22:42:48 3023360 ----a-w- c:\windows\syswow64\UIRibbon.dll
2010-03-07 22:42:48 1164800 ----a-w- c:\windows\syswow64\UIRibbonRes.dll
2010-03-07 22:42:48 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-03-07 22:42:48 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2010-03-07 22:26:46 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2010-03-07 22:26:46 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-07 22:26:46 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2010-03-07 22:26:46 1927680 ----a-w- c:\windows\system32\gameux.dll
2010-03-07 22:26:46 1696256 ----a-w- c:\windows\syswow64\gameux.dll
2010-03-07 22:26:45 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-07 22:21:30 700310 ----a-w- c:\windows\syswow64\PerfStringBackup.INI
2010-03-07 20:55:07 0 d-----w- c:\program files\Microsoft Office
2010-03-07 20:55:01 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-03-07 20:53:55 0 d-----w- c:\programdata\Microsoft Help
2010-03-07 20:24:04 0 d-----w- c:\windows\syswow64\vi-VN
2010-03-07 20:24:04 0 d-----w- c:\windows\syswow64\eu-ES
2010-03-07 20:24:04 0 d-----w- c:\windows\syswow64\ca-ES
2010-03-07 20:24:04 0 d-----w- c:\windows\system32\vi-VN
2010-03-07 20:24:04 0 d-----w- c:\windows\system32\eu-ES
2010-03-07 20:24:04 0 d-----w- c:\windows\system32\ca-ES
2010-03-07 20:11:32 0 d-----w- c:\windows\system32\EventProviders
2010-03-07 20:09:59 996352 ----a-w- c:\windows\syswow64\WMNetMgr.dll
2010-03-07 20:00:04 0 d-----w- c:\program files (x86)\VideoLAN
2010-03-07 19:59:30 0 d-----w- c:\program files (x86)\GIMP-2.0
2010-03-07 19:58:59 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-03-07 19:58:51 0 d-----w- c:\program files (x86)\DivX
2010-03-07 19:58:51 0 d-----w- c:\program files (x86)\common files\DivX Shared
2010-03-07 19:58:07 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-07 19:58:07 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2010-03-07 19:58:07 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2010-03-07 19:57:51 0 d-----w- c:\program files\iPod
2010-03-07 19:57:50 0 d-----w- c:\programdata\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
2010-03-07 19:57:50 0 d-----w- c:\program files\iTunes
2010-03-07 19:57:50 0 d-----w- c:\program files (x86)\iTunes
2010-03-07 19:56:49 0 d-----w- c:\program files (x86)\Bonjour
2010-03-07 19:56:48 0 d-----w- c:\program files\Bonjour
2010-03-07 19:56:30 0 d-----w- c:\programdata\Apple Computer
2010-03-07 19:54:41 0 d-----w- c:\program files\common files\Apple
2010-03-07 19:54:25 0 d-----w- c:\programdata\Apple
2010-03-07 19:41:54 0 d-----w- c:\programdata\PopCap Games
2010-03-07 19:40:29 0 d-----w- c:\program files (x86)\Popcap Game Collection
2010-03-07 19:35:54 65602 ----a-w- c:\windows\syswow64\cook3260.dll
2010-03-07 19:35:54 273408 ----a-w- c:\windows\syswow64\Pncrt.dll
2010-03-07 19:35:54 217127 ----a-w- c:\windows\syswow64\drv43260.dll
2010-03-07 19:35:54 208935 ----a-w- c:\windows\syswow64\drv33260.dll
2010-03-07 19:35:54 176165 ----a-w- c:\windows\syswow64\drv23260.dll
2010-03-07 19:35:54 102439 ----a-w- c:\windows\syswow64\sipr3260.dll
2010-03-07 19:35:53 626688 ----a-w- c:\windows\syswow64\vp7vfw.dll
2010-03-07 19:35:53 1184984 ----a-w- c:\windows\syswow64\wvc1dmod.dll
2010-03-07 19:35:52 0 d-----w- c:\program files (x86)\VSO
2010-03-07 19:34:22 14 ----a-w- c:\windows\syswow64\systeminfo3.dll
2010-03-07 19:32:48 99384 ----a-w- c:\users\michael\appdata\roaming\inst.exe
2010-03-07 19:32:48 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-07 19:32:48 82816 ----a-w- c:\users\michael\appdata\roaming\pcouffin.sys
2010-03-07 19:32:43 0 d-----w- c:\programdata\DVDXStudio
2010-03-07 19:32:43 0 d-----w- c:\program files (x86)\CloneDVD
2010-03-07 19:30:51 0 d-----r- c:\users\michael\Programs
2010-03-07 19:25:09 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2010-03-07 19:25:09 0 d-----w- c:\program files (x86)\PowerISO
2010-03-07 19:19:15 0 d-----w- c:\programdata\SlySoft
2010-03-07 19:18:49 0 d-----w- c:\program files (x86)\SlySoft
2010-03-07 19:16:40 81920 ----a-w- c:\windows\syswow64\OpenAL32.dll
2010-03-07 19:16:40 225280 ----a-w- c:\windows\syswow64\wrap_oal.dll
2010-03-07 19:15:53 0 d-----w- C:\Games
2010-03-07 18:27:02 0 d-----w- c:\programdata\ATI
2010-03-07 18:26:28 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-07 18:22:48 0 d-----w- c:\program files (x86)\ATI Technologies
2010-03-07 18:20:52 0 d-----w- c:\program files (x86)\Cisco
2010-03-07 18:19:52 772384 ----a-w- c:\windows\system32\oem19.inf
2010-03-07 18:19:14 0 d-----w- c:\program files\Dell
2010-03-07 18:06:05 0 d-----w- c:\program files\Intel
2010-03-07 18:05:57 336000 ----a-w- c:\windows\system32\PROUnstl.exe
2010-03-07 18:05:57 1904 ------w- c:\windows\system32\SetupBD.din
2010-03-07 18:02:00 56952 ----a-w- c:\windows\system32\NicInE6.dll
2010-03-07 18:02:00 36472 ----a-w- c:\windows\system32\NicCo26.dll
2010-03-07 18:02:00 313472 ----a-w- c:\windows\system32\drivers\e1e6032e.sys
2010-03-07 18:02:00 2710 ----a-w- c:\windows\system32\e1e6032e.din
2010-03-07 18:01:59 121440 ----a-w- c:\windows\system32\e1000msg.dll
2010-03-07 17:40:21 0 d-----w- c:\programdata\Citrix
2010-03-07 17:39:59 0 d-----w- c:\program files (x86)\Citrix
2010-03-07 17:00:41 0 d-----w- c:\programdata\Adobe
2010-03-07 17:00:16 0 d-----w- c:\programdata\NOS
2010-03-07 16:27:13 442368 ----a-w- c:\windows\system32\winhttp.dll
2010-03-07 16:27:13 377344 ----a-w- c:\windows\syswow64\winhttp.dll
2010-03-07 15:21:32 0 d-----w- c:\program files\ATI Technologies
2010-03-07 15:21:29 0 d-----w- c:\program files\ATI
2010-03-06 22:52:40 104 ----a-w- c:\users\michael\Control Panel - Shortcut.lnk
2010-03-06 22:22:24 0 d-----w- c:\program files (x86)\uTorrent
2010-03-06 22:21:58 0 d-----w- c:\users\michael\appdata\roaming\uTorrent
2010-03-06 22:21:20 892 ----a-w- c:\windows\system\keylog.lnk
2010-03-06 22:21:12 4698184 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-06 22:20:04 0 d-sh--w- c:\program files (x86)\AKProg
2010-03-06 19:53:32 18904 ----a-w- c:\windows\syswow64\StructuredQuerySchemaTrivial.bin
2010-03-06 19:53:32 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-03-06 19:53:29 11967524 ----a-w- c:\windows\syswow64\korwbrkr.lex
2010-03-06 19:53:29 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-03-06 19:20:03 41984 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-03-06 19:20:03 13824 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-06 19:01:51 656896 ----a-w- c:\windows\system32\kerberos.dll
2010-03-06 19:01:50 499712 ----a-w- c:\windows\syswow64\kerberos.dll
2010-03-06 19:01:50 338432 ----a-w- c:\windows\system32\schannel.dll
2010-03-06 19:01:50 270848 ----a-w- c:\windows\syswow64\schannel.dll
2010-03-06 18:56:29 453632 ----a-w- c:\windows\system32\drivers\srv.sys
2010-03-06 18:55:59 280576 ----a-w- c:\windows\system32\rastls.dll
2010-03-06 18:52:12 97792 ----a-w- c:\windows\system32\wlanhlp.dll
2010-03-06 18:52:12 86528 ----a-w- c:\windows\system32\wlanapi.dll
2010-03-06 18:52:12 68096 ----a-w- c:\windows\syswow64\wlanhlp.dll
2010-03-06 18:52:12 65024 ----a-w- c:\windows\syswow64\wlanapi.dll
2010-03-06 18:52:12 615936 ----a-w- c:\windows\system32\wlansvc.dll
2010-03-06 18:52:12 376832 ----a-w- c:\windows\system32\wlansec.dll
2010-03-06 18:52:12 353280 ----a-w- c:\windows\system32\wlanmsm.dll
2010-03-06 18:52:12 302592 ----a-w- c:\windows\syswow64\wlansec.dll
2010-03-06 18:52:12 293376 ----a-w- c:\windows\syswow64\wlanmsm.dll
2010-03-06 18:52:12 2608861 ----a-w- c:\windows\system32\wlan.tmf
2010-03-06 18:52:12 157184 ----a-w- c:\windows\system32\L2SecHC.dll
2010-03-06 18:52:12 127488 ----a-w- c:\windows\syswow64\L2SecHC.dll
2010-03-06 18:09:45 0 d-----w- c:\users\michael\Folders
2010-03-06 18:02:56 0 d-----w- c:\users\michael\Tracing
2010-03-06 18:02:39 61280 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-03-06 18:02:39 0 d-----w- c:\program files\Windows Live
2010-03-06 18:01:55 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-03-06 18:01:55 3426072 ----a-w- c:\windows\syswow64\d3dx9_32.dll
2010-03-06 18:01:37 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-03-06 18:00:32 0 d-----w- c:\program files (x86)\Microsoft
2010-03-06 18:00:19 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-03-06 17:59:53 0 d-----w- c:\windows\PCHEALTH
2010-03-06 17:58:53 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-03-06 17:14:16 0 d-----w- c:\windows\syswow64\Macromed
2010-03-06 16:42:26 0 d-----w- c:\program files (x86)\Dell Drivers
2010-03-06 16:38:58 74880 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-06 16:38:57 0 d-----w- c:\programdata\Avira
2010-03-06 16:38:57 0 d-----w- c:\program files (x86)\Avira
2010-03-06 16:28:12 53248 ----a-w- c:\windows\syswow64\CSVer.dll
2010-03-06 16:27:07 5709824 ----a-w- c:\windows\system32\idtcpl64.cpl
2010-03-06 16:27:07 542208 ----a-w- c:\windows\system32\idt64mp1.exe
2010-03-06 16:27:07 443904 ----a-w- c:\windows\sttray64.exe
2010-03-06 16:27:07 2474496 ----a-w- c:\windows\system32\stlang64.dll
2010-03-06 16:27:07 246272 ----a-w- c:\windows\system32\stacsv64.exe
2010-03-06 16:26:44 783872 ----a-w- c:\windows\system32\stapo64.dll
2010-03-06 16:26:44 500736 ----a-w- c:\windows\system32\stapi64.dll
2010-03-06 16:26:44 457216 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2010-03-06 16:26:44 367104 ----a-w- c:\windows\system32\stcplx64.dll
2010-03-06 16:26:44 206848 ----a-w- c:\windows\system32\st646017.dll
2010-03-06 16:26:44 0 d-----w- c:\program files\IDT
2010-03-06 16:26:43 600064 ----a-w- c:\windows\system32\ctapo64.dll
2010-03-06 16:26:43 45568 ----a-w- c:\windows\system32\ctppld.dll
2010-03-06 16:26:43 0 d-----w- c:\program files (x86)\IDT
2010-03-06 16:23:54 0 d-----w- c:\windows\syswow64\vmm32
2010-03-06 16:23:54 0 d-----w- c:\program files (x86)\Dell
2010-03-06 16:23:39 0 d-sh--w- c:\windows\Installer
2010-03-06 16:18:51 98816 ----a-w- c:\windows\system32\wudriver.dll
2010-03-06 16:18:51 87552 ----a-w- c:\windows\syswow64\wudriver.dll
2010-03-06 16:18:50 575704 ----a-w- c:\windows\syswow64\wuapi.dll
2010-03-06 16:18:50 35552 ----a-w- c:\windows\syswow64\wups.dll
2010-03-06 16:18:38 36864 ----a-w- c:\windows\system32\wuapp.exe
2010-03-06 16:18:38 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2010-03-06 16:18:38 185416 ----a-w- c:\windows\system32\wuwebv.dll
2010-03-06 16:18:38 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2010-03-06 16:07:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-03-06 15:58:38 0 d-----w- c:\windows\Panther
2010-03-06 15:58:26 8192 --s-a-r- C:\BOOTSECT.BAK
2010-03-06 15:58:17 24 ---ha-r- c:\windows\dell_version
2010-03-06 15:58:17 0 d-----w- c:\windows\system32\OEM
2010-03-06 15:46:40 0 d-----w- C:\Windows.old

==================== Find3M ====================

2010-03-09 16:50:32 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:25:21 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-03-09 16:07:05 1032192 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 15:42:17 834048 ----a-w- c:\windows\syswow64\wininet.dll
2010-03-09 15:42:08 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2010-03-09 15:40:29 477184 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-03-09 15:40:29 3601920 ----a-w- c:\windows\syswow64\mshtml.dll
2010-03-09 15:39:49 6080000 ----a-w- c:\windows\syswow64\ieframe.dll
2010-03-09 15:39:49 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-03-09 15:39:49 180736 ----a-w- c:\windows\syswow64\ieui.dll
2010-03-09 15:39:47 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-03-07 23:00:13 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-07 23:00:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-07 23:00:12 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-07 23:00:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-07 20:19:18 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-01-25 12:10:22 538624 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:10:22 160768 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:10:22 160768 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:10:03 539136 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:08:59 460288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 12:00:35 471552 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\syswow64\msdrm.dll
2010-01-25 08:29:35 413696 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:29:31 600576 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:29:31 409600 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:29:28 599552 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:20 526336 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2010-01-23 09:44:17 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-23 09:26:13 2048 ----a-w- c:\windows\syswow64\tzres.dll
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:04:05.55 ===============

Attached Files


Edited by mboulton, 03 April 2010 - 10:52 PM.


BC AdBot (Login to Remove)

 


#2 mboulton

mboulton
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 08 April 2010 - 09:13 AM

Hello,

I couldn't wait any longer; need my computer for work purposes and reinstalled Vista - Infection GONE!

Thanks for reading and trying to help, but this thread can be closed.

Michael.

#3 mboulton

mboulton
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 08 April 2010 - 09:13 AM

Hello,

I couldn't wait any longer; need my computer for work purposes and reinstalled Vista - Infection GONE!

Thanks for reading and trying to help, but this thread can be closed.

Michael.

Hello,

I couldn't wait any longer; need my computer for work purposes and reinstalled Vista - Infection GONE!

Thanks for reading and trying to help, but this thread can be closed.

Michael.

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:44 AM

Posted 08 April 2010 - 11:25 AM

Since this issue appears to be resolved ... this Topic has been closed.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users