Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something


  • This topic is locked This topic is locked
2 replies to this topic

#1 Mj0lln1r

Mj0lln1r

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 18 May 2010 - 01:33 AM

I'm sorry that I forgot to put it in the title but the infection is ADSM_PData_0150.

Earlier today after I had finished downloading some files my computer began to act very slow and the internet cut in and out. I ran a Virus scan with trend micro and then ran their HouseCall program. The first scan showed 2 cookies and the full scan after showed nothing. After this I restarted the modem and then shutdown my laptop and the problem persisted. After this I began to run the Malware scan. After using the defrogger when I tried to run the GMER scan the following areas were greyed out System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries. I wasn't sure what to do about this so I ran the scan as it was.


DDS (Ver_10-03-17.01) - NTFSX64
Run by Mikail at 0:48:06.56 on Tue 05/18/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2392 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Mikail\Documents\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mikail\Documents\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.wyzostart.com/?cfg=2-47-0-13BHv
uDefault_Page_URL = hxxp://asus.msn.com
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files (x86)\search toolbar\SearchToolbar.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files (x86)\search toolbar\SearchToolbar.dll
TB: @c:\program files (x86)\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files (x86)\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
mRun: [UpdateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [CinemaNowMediaManagerApp] c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowShell.exe -start
mRun: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\VDeck.exe -r
mRun: [HControlUser] c:\program files (x86)\asus\atk hotkey\HControlUser.exe
mRun: [ATKOSD2] c:\program files (x86)\asus\atkosd2\ATKOSD2.exe
mRun: [ATKMEDIA] c:\program files (x86)\asus\atk media\DMedia.exe
mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\x64\3\EKIJ5000MUI.exe
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Bing Bar] "c:\program files (x86)\msn toolbar\platform\5.0.1423.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [SwitchBoard] c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
StartupFolder: c:\users\mikail\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\mikail\appdata\roaming\micros~1\windows\startm~1\programs\startup\pandora.lnk - c:\program files (x86)\pandora\Pandora.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{f0df4513-3c4c-4eb8-8012-2c5f70af3988}\_A1DDD39913A1970387B7B3.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files (x86)\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
Trusted Zone: cinemanow.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun-x64: [AmIcoSinglun64] c:\program files (x86)\amicosinglun\AmIcoSinglun64.exe
mRun-x64: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun-x64: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\x64\3\EKIJ5000MUI.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [AdobeAAMUpdater-1.0] "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\mikail\appdata\roaming\mozilla\firefox\profiles\kkpb9zek.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.wyzostart.com/s/?src=FF-Address&site=Bing&cfg=2-47-0-13BHv&q=
FF - component: c:\program files (x86)\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\msn toolbar\platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-9-12 15928]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 27136]
R2 ASMMAP64;ASMMAP64;c:\program files\atkgfnex\ASMMAP64.sys [2009-9-12 14904]
R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-11 127352]
R2 FastBootAgent;FastBootAgent;c:\windows\syswow64\fast boot\FastBootAgent.exe [2009-9-12 306232]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-5-7 42000]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-7-8 140800]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-9-12 917768]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-7-9 1222144]
S3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [2010-3-20 15872]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-5-7 61280]
S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-8-6 704864]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSG664.sys [2009-6-10 56832]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-10 1255736]

=============== Created Last 30 ================

2010-05-18 05:47:12 0 ----a-w- c:\users\mikail\defogger_reenable
2010-05-18 00:16:49 0 d-----w- c:\users\mikail\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-05-18 00:13:14 0 d-----w- c:\users\mikail\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-05-18 00:13:14 0 d-----w- c:\users\mikail\appdata\roaming\Adobe Mini Bridge CS5
2010-05-17 21:46:05 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-05-17 21:43:02 0 d-----w- c:\program files\Adobe
2010-05-17 21:39:25 0 d-----w- c:\program files\common files\Adobe
2010-05-17 01:38:35 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-05-17 01:38:35 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-05-17 01:38:35 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-05-17 01:38:35 145184 ----a-w- c:\windows\syswow64\java.exe
2010-05-17 01:15:07 543834303 ----a-w- c:\windows\MEMORY.DMP
2010-05-16 23:29:03 1228400 ----a-w- c:\users\mikail\Photoshop_12_LS1.exe
2010-05-16 23:29:03 1026293791 ----a-w- c:\users\mikail\Photoshop_12_LS1.7z
2010-05-16 23:26:46 0 d-----w- c:\program files (x86)\common files\Akamai
2010-05-16 04:16:43 306688 ----a-w- c:\windows\IsUninst.exe
2010-05-14 20:21:10 0 d-----w- c:\program files (x86)\Ask.com
2010-05-14 20:20:20 0 d-----w- c:\program files (x86)\uTorrent
2010-05-14 20:17:08 0 d-----w- c:\users\mikail\appdata\roaming\uTorrent
2010-05-14 16:03:20 0 d-----w- c:\users\mikail\appdata\roaming\OpenOffice.org
2010-05-14 16:00:12 0 d-----w- c:\program files (x86)\JRE
2010-05-14 16:00:06 0 d-----w- c:\program files (x86)\OpenOffice.org 3
2010-05-14 15:58:55 0 d-----w- c:\programdata\Sun
2010-05-12 07:43:22 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-12 07:34:59 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-05-12 05:50:39 0 d-----w- c:\users\mikail\appdata\roaming\IMVU
2010-05-12 05:50:15 0 d-----w- c:\users\mikail\appdata\roaming\IMVUClient
2010-05-12 01:29:12 0 d-----w- c:\program files (x86)\MSN Toolbar
2010-05-12 01:28:40 0 d-----w- c:\users\mikail\appdata\roaming\Azureus
2010-05-12 01:27:42 0 d-----w- c:\program files (x86)\common files\i4j_jres
2010-05-12 01:27:41 0 d-----w- c:\program files (x86)\Bing Bar Installer
2010-05-11 21:48:11 0 d-----w- c:\users\mikail\appdata\roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
2010-05-11 21:48:06 0 d-----w- c:\program files (x86)\Pandora
2010-05-11 18:13:31 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 18:13:31 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-05-11 00:56:51 0 d-----w- c:\windows\syswow64\kodak
2010-05-11 00:55:54 0 d-----w- c:\windows\syswow64\spool
2010-05-11 00:55:45 0 d-----w- c:\program files (x86)\Kodak
2010-05-11 00:55:02 0 d-----w- c:\program files (x86)\Bonjour
2010-05-11 00:55:01 0 d-----w- c:\program files\Bonjour
2010-05-11 00:55:00 0 d-----w- c:\programdata\Apple
2010-05-11 00:48:51 0 d-----w- c:\users\mikail\appdata\roaming\Temp
2010-05-11 00:43:46 0 d-----w- c:\programdata\Kodak
2010-05-11 00:39:11 0 d-----w- c:\windows\system32\kodak
2010-05-10 16:03:54 0 d-----w- c:\windows\syswow64\Wat
2010-05-10 16:03:54 0 d-----w- c:\windows\system32\Wat
2010-05-10 15:59:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-10 15:59:28 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-05-08 18:11:59 11406336 ----a-w- c:\windows\syswow64\wmp.dll
2010-05-08 18:11:58 982600 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-05-08 18:11:58 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2010-05-08 18:11:58 1320960 ----a-w- c:\windows\syswow64\CertEnroll.dll
2010-05-08 18:11:57 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2010-05-08 18:11:57 12625408 ----a-w- c:\windows\syswow64\wmploc.DLL
2010-05-08 18:10:19 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-05-08 18:10:19 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-08 18:10:19 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-08 18:10:19 148480 ----a-w- c:\windows\system32\t2embed.dll
2010-05-08 18:10:19 108544 ----a-w- c:\windows\syswow64\t2embed.dll
2010-05-08 18:10:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2010-05-08 18:09:01 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-05-08 18:09:01 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-08 18:08:00 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-08 18:08:00 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-05-08 18:06:53 2870272 ----a-w- c:\windows\explorer.exe
2010-05-08 18:05:57 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-05-08 18:04:40 960512 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-08 18:04:40 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-05-08 18:04:39 613888 ----a-w- c:\windows\system32\psisdecd.dll
2010-05-08 18:04:39 552960 ----a-w- c:\windows\system32\msdri.dll
2010-05-08 18:04:39 288256 ----a-w- c:\windows\system32\MSNP.ax
2010-05-08 18:04:39 204288 ----a-w- c:\windows\syswow64\MSNP.ax
2010-05-08 18:04:38 465408 ----a-w- c:\windows\syswow64\psisdecd.dll
2010-05-08 18:04:12 46592 ----a-w- c:\windows\system32\msasn1.dll
2010-05-08 18:04:12 34816 ----a-w- c:\windows\syswow64\msasn1.dll
2010-05-08 18:03:54 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2010-05-08 18:03:54 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-05-08 06:15:58 0 d-----w- c:\users\mikail\appdata\roaming\Radical Software Ltd
2010-05-08 05:49:02 390424 ----a-w- c:\windows\system32\xactengine2_5.dll
2010-05-08 05:49:02 251672 ----a-w- c:\windows\syswow64\xactengine2_5.dll
2010-05-08 05:30:20 0 d-----w- c:\program files (x86)\Search Toolbar
2010-05-08 05:27:25 0 d-----w- c:\program files (x86)\THQ
2010-05-08 05:27:24 0 d-----w- c:\program files (x86)\Wyzo
2010-05-08 05:19:59 18582 ----a-w- c:\windows\DIIUnin.dat
2010-05-08 05:19:56 94208 ----a-w- c:\windows\DIIUnin.exe
2010-05-08 05:19:56 2829 ----a-w- c:\windows\DIIUnin.pif
2010-05-08 05:07:08 0 d-----w- c:\program files (x86)\Diablo II
2010-05-08 00:48:30 0 d-----w- c:\programdata\McAfee
2010-05-07 23:50:26 0 d-----w- c:\programdata\ElectricSheep
2010-05-07 23:50:25 0 d-----w- c:\program files (x86)\Electric Sheep
2010-05-07 23:50:23 1974616 ----a-w- c:\windows\syswow64\D3DCompiler_42.dll
2010-05-07 23:50:22 1892184 ----a-w- c:\windows\syswow64\D3DX9_42.dll
2010-05-07 21:24:46 0 d-----w- c:\program files (x86)\Winamp Detect
2010-05-07 21:24:26 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-05-07 20:16:58 42000 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-05-07 20:16:58 265744 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-05-07 20:16:58 2007056 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-05-07 20:15:50 61280 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-05-07 20:11:11 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-07 19:26:40 0 d-----w- c:\windows\system32\log
2010-05-07 17:43:08 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-05-07 17:43:08 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-05-07 17:43:04 139264 ----a-w- c:\windows\system32\cabview.dll
2010-05-07 17:43:04 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-05-07 17:30:52 0 d-----w- c:\users\mikail\Tracing

==================== Find3M ====================

2010-04-10 11:06:34 3530752 ----a-w- c:\windows\es.scr
2010-03-05 15:13:40 947472 ----a-w- c:\windows\syswow64\msjava.dll
2010-02-27 15:17:00 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll
2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll
2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-02-18 07:34:01 12867072 ----a-w- c:\windows\syswow64\shell32.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-08 17:31:56 106496 ----a-w- c:\program files (x86)\common files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- c:\program files (x86)\common files\MSIactionall.dll
2008-05-22 15:35:54 51962 ----a-w- c:\program files (x86)\common files\banner.jpg
2007-06-12 16:34:50 35822 ----a-w- c:\program files (x86)\common files\ASPG_icon.ico
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:49:03.49 ===============

Attached Files


Edited by Mj0lln1r, 18 May 2010 - 02:43 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:59 AM

Posted 19 May 2010 - 06:37 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:59 AM

Posted 25 May 2010 - 07:00 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users