Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After AVSOFT Virus - Internet acting Weird


  • This topic is locked This topic is locked
4 replies to this topic

#1 sk8erjcx

sk8erjcx

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 02 June 2010 - 06:45 PM

Hi,

I was infected with the nasty AVsoft Antivirus and proceeded to remove it. Afterwards, my browser kept getting redirected to various sites but now seems fixed. Firefox currently is running a bit weird and pauses onces in a while and I would have to restart the browser. I was seeing if anyone can help me with this and let me know if I am still infected.

MY DDS LOG:


DDS (Ver_10-03-17.01) - NTFSx86
Run by JC at 22:08:57.89 on 06/01/2010 Tue
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.2047.1401 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.8.1296 [VPS 100601-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~2\Avast4\ashDisp.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Documents and Settings\JC\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~2\MEGAUP~1.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\jc\application data\flashgetbho\FlashGetBHO3.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~2\MEGAUP~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [Google Update] "c:\documents and settings\jc\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\LogMeInSystray.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [QuickTime Task] "c:\program files\k-lite codec pack\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~2\avast4\ashDisp.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office14\officesas\officeSASscheduler.exe
IE: Download All by FlashGet3 - c:\documents and settings\jc\application data\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\jc\application data\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: Send picture by MMS
IE: 使用快车3下载 - c:\documents and settings\jc\application data\flashgetbho\GetUrl.htm
IE: 使用快车3下载全部链接 - c:\documents and settings\jc\application data\flashgetbho\GetAllUrl.htm
IE: 氝樓善QQ桶? - c:\program files\tencent\qq\AddEmotion.htm
IE: 添加到QQ表情
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157b}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5}
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - {39732CE5-0EE6-401A-A0B2-27F46B755C5B}
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159365088875
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jc\applic~1\mozilla\firefox\profiles\xv0668vg.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\jc\application data\mozilla\firefox\profiles\xv0668vg.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll
FF - plugin: c:\documents and settings\jc\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-12-26 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-12-26 52872]
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [2006-10-11 30808]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-5-30 111184]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-3-27 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-22 242896]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-30 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-5-30 155160]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\rainfo.sys [2006-8-11 11112]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2006-9-28 2368]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-6-2 399032]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-5-30 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-5-30 352920]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-12-26 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-12-26 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-12-26 26120]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-22 216200]
S2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-5 308064]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-5-5 5888008]
S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [2008-12-18 33168]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-1-31 41864]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-1-31 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-1-31 81288]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-20 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-20 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

============== File Associations ===============

txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2010-06-02 00:19:40 0 d-sha-r- C:\cmdcons
2010-06-02 00:18:15 98816 ----a-w- c:\windows\sed.exe
2010-06-02 00:18:15 77312 ----a-w- c:\windows\MBR.exe
2010-06-02 00:18:15 256512 ----a-w- c:\windows\PEV.exe
2010-06-02 00:18:15 161792 ----a-w- c:\windows\SWREG.exe
2010-05-31 04:22:38 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-30 05:10:22 0 d-----w- c:\program files\ALWIL Software Security
2010-05-30 05:02:23 0 d-----w- c:\docume~1\jc\applic~1\PC Tools
2010-05-30 05:02:22 0 d-----w- c:\program files\Spyware Doctor
2010-05-30 05:01:56 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-30 05:01:56 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-05-30 05:01:56 0 d-----w- C:\$AVG
2010-05-08 13:59:12 12 ----a-w- c:\docume~1\jc\applic~1\lipoqz.dat
2010-05-06 01:15:19 0 d-----w- C:\!KillBox
2010-05-06 01:09:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-05 04:06:47 0 d-----w- c:\program files\Trend Micro
2010-05-05 03:57:00 40960 ----a-w- c:\windows\system32\mspaetup.dll

==================== Find3M ====================

2010-05-08 13:21:42 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-06 01:09:12 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-05-06 01:09:10 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-06 01:09:09 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-02 17:33:34 100237 ----a-w- c:\windows\War3Unin.dat
2009-08-19 18:04:22 3713835 ----a-w- c:\program files\iPhone Tunnel Suite 2.7 BETA.txt
2005-05-13 21:12:00 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 15:13:58 66560 --sha-r- c:\windows\MOTA113.exe
2005-10-14 01:27:00 422400 --sha-r- c:\windows\x2.64.exe
2005-07-14 16:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 19:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 02:37:42 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 04:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 14:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 17:16:22 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 04:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

============= FINISH: 22:09:20.42 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:02 PM

Posted 06 June 2010 - 10:41 AM

Hello sk8erjcx,

Please update me about the current condition of your computer in case you still need assistance.

#3 sk8erjcx

sk8erjcx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 07 June 2010 - 09:22 PM

I have since reformatted my computer. Currently I am having a weird issue - the computer freezes for 10 seconds in once in a while - it will freeze about three times then return to normal.

Here are my updated DDS Logs.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Chum at 22:19:52.71 on Mon 06/07/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1402 [GMT -4:00]

AV: avast! antivirus 4.8.1296 [VPS 100607-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~2\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chum\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avast!] c:\progra~1\alwils~2\avast4\ashDisp.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chum\applic~1\mozilla\firefox\profiles\wqn4yyph.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-6-5 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-5 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-6-5 155160]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-6-5 47640]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-6-5 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-6-5 352920]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-6-5 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-06-07 23:04:54 0 d-----w- c:\program files\uTorrent
2010-06-07 23:04:36 0 d-----w- c:\docume~1\chum\applic~1\uTorrent
2010-06-07 03:54:23 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-06-07 03:54:23 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-06-07 03:54:22 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-06-07 03:54:22 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-05 17:53:36 0 d-----w- c:\program files\GPLGS
2010-06-05 17:53:19 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-06-05 17:53:16 0 d-----w- c:\program files\Acro Software
2010-06-05 15:35:59 0 d-----w- c:\docume~1\chum\applic~1\TP
2010-06-05 15:32:42 0 d-----w- c:\docume~1\alluse~1\applic~1\LogMeIn
2010-06-05 15:32:40 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-05 15:32:40 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-06-05 15:32:40 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-05 15:32:37 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-05 15:32:37 1024 ----a-w- C:\.rnd
2010-06-05 15:32:33 0 d-----w- c:\program files\LogMeIn
2010-06-05 15:21:34 0 d-----w- c:\windows\RegisteredPackages
2010-06-05 15:16:53 31812 ----a-w- c:\windows\system32\BMXCtrlState-{00000005-00000000-00000000-00001102-00000004-20021102}.rfx
2010-06-05 15:16:53 31812 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000004-20021102}.rfx
2010-06-05 15:16:53 31440 ----a-w- c:\windows\system32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000004-20021102}.rfx
2010-06-05 15:16:53 31440 ----a-w- c:\windows\system32\BMXState-{00000005-00000000-00000000-00001102-00000004-20021102}.rfx
2010-06-05 15:16:53 11564 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000004-20021102}.rfx
2010-06-05 15:16:43 4931933 ----a-w- c:\windows\{00000005-00000000-00000000-00001102-00000004-20021102}.BAK
2010-06-05 15:16:03 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2010-06-05 15:16:03 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2010-06-05 15:15:30 0 d-----w- c:\program files\Foxit Software
2010-06-05 15:11:32 4931933 ----a-w- c:\windows\{00000005-00000000-00000000-00001102-00000004-20021102}.CDF
2010-06-05 15:11:30 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-06-05 15:11:21 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-06-05 15:11:03 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2010-06-05 15:11:03 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-06-05 15:11:02 82944 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys
2010-06-05 15:11:02 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-06-05 15:11:01 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2010-06-05 15:11:01 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-06-05 15:10:26 0 d-----w- c:\program files\Creative
2010-06-05 15:09:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-05 15:09:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-05 15:09:45 0 d-----w- c:\program files\iPod
2010-06-05 15:09:43 0 d-----w- c:\program files\iTunes
2010-06-05 15:09:43 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-05 15:09:08 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-06-05 15:09:08 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-06-05 15:08:55 0 d-----w- c:\program files\Bonjour
2010-06-05 15:05:09 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-06-05 15:04:31 0 d-----w- c:\windows\system32\CatRoot_bak
2010-06-05 15:02:14 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-05 15:02:06 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-06-05 15:02:06 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-06-05 15:02:06 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-06-05 15:02:05 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-06-05 15:00:25 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-05 15:00:25 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-06-05 14:48:31 0 d-----w- c:\program files\K-Lite Codec Pack
2010-06-05 14:33:40 0 d-----w- c:\docume~1\chum\applic~1\Malwarebytes
2010-06-05 14:33:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-05 14:33:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-05 14:32:51 0 d-----w- c:\program files\ALWIL Software Security
2010-06-05 14:29:14 0 d-----w- c:\program files\Realtek
2010-06-05 14:28:56 0 d-----w- c:\program files\Marvell
2010-06-05 14:27:22 0 d-----w- c:\program files\ATI Technologies
2010-06-05 14:20:17 0 d-sh--w- c:\documents and settings\all users\DRM
2010-06-05 14:20:04 0 d--h--w- c:\program files\WindowsUpdate
2010-06-05 14:18:09 0 d-----w- c:\program files\common files\MSSoap
2010-06-05 14:16:36 0 d-----w- c:\program files\Online Services
2010-06-05 14:16:32 0 d-----w- c:\program files\Messenger
2010-06-05 14:16:24 0 d-----w- c:\program files\MSN Gaming Zone
2010-06-05 14:14:42 0 d-----w- c:\program files\Windows NT
2010-06-05 09:30:04 0 d-----w- c:\program files\common files\ODBC
2010-06-05 09:29:58 0 d-----w- c:\program files\common files\SpeechEngines
2010-06-05 09:29:12 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-06-05 15:10:44 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-05 15:10:44 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-05 14:55:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-05 14:16:40 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-02 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-31 01:49:24 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-22 06:22:42 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-03-18 23:19:58 43520 ----a-w- c:\windows\system32\CTBurst.dll
2010-03-18 23:19:42 11776 ----a-w- c:\windows\system32\inres.dll
2010-03-18 23:19:42 11776 ----a-w- c:\windows\INRES.DLL
2010-03-18 23:19:38 182272 ----a-w- c:\windows\system32\ctdvinst.dll
2010-03-18 23:19:36 86528 ----a-w- c:\windows\system32\ctcoinst.dll
2010-03-18 23:18:32 10752 ----a-w- c:\windows\system32\a3d.dll
2010-03-18 23:18:14 11776 ----a-w- c:\windows\system32\ac3api.dll
2010-03-18 23:07:54 51787 ----a-w- c:\windows\system32\ctdlang.dat
2010-03-18 23:07:54 386852 ----a-w- c:\windows\system32\ctdnlstr.dat
2010-03-18 23:07:18 196096 ----a-w- c:\windows\system32\ctemupia.dll
2010-03-18 23:04:06 176128 ----a-w- c:\windows\system32\ct_oal.dll
2010-03-18 23:04:04 46592 ----a-w- c:\windows\system32\ctasio.dll
2010-03-18 23:04:00 49152 ----a-w- c:\windows\system32\ctdproxy.dll
2010-03-18 23:03:22 69632 ----a-w- c:\windows\system32\ctosuser.dll
2010-03-18 23:03:20 6144 ----a-w- c:\windows\system32\sfman32.dll
2010-03-18 23:03:18 125952 ----a-w- c:\windows\system32\sfms32.dll
2010-03-18 23:03:12 13312 ----a-w- c:\windows\system32\regplib.exe
2010-03-18 23:03:10 64512 ----a-w- c:\windows\system32\piaproxy.dll
2010-03-18 23:02:14 149838 ----a-w- c:\windows\system32\ctbas2w.dat
2010-03-18 23:00:42 274587 ----a-w- c:\windows\system32\ctsbas2w.dat
2010-03-18 23:00:28 241084 ----a-w- c:\windows\system32\CTSBASW.DAT
2010-03-18 23:00:28 115166 ----a-w- c:\windows\system32\CTBASICW.DAT
2010-03-18 22:59:56 53932 ----a-w- c:\windows\system32\ctdaught.dat
2010-03-18 22:59:56 313207 ----a-w- c:\windows\system32\ctstatic.dat
2010-03-18 22:59:54 5120 ----a-w- c:\windows\system32\enlocstr.exe
2010-03-18 22:59:50 10240 ----a-w- c:\windows\system32\killapps.exe
2010-03-18 22:59:28 28672 ----a-w- c:\windows\system32\MIDIDEF.EXE
2010-03-18 22:59:26 33792 ----a-w- c:\windows\system32\devreg.dll
2010-03-15 09:31:48 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-12 18:55:40 17772264 ----a-w- c:\windows\system32\AppSetup.exe
2010-03-10 08:02:04 417792 ----a-w- c:\windows\system32\vbscript.dll

============= FINISH: 22:20:08.84 ===============


Attached Files



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:02 PM

Posted 08 June 2010 - 03:07 AM

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  1. Please either uninstall your p2p program or configure it not to run at start up as long as we are not done.

  2. This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

  3. Download the GMER Rootkit Scanner exe file from here and save it to your desktop.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
    • Click on this link to see a list of programs that should be disabled.
    • Disconnect from the Internet and close all running programs.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
      • Devices.
      • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
      • Show All (this one also should be unchecked)
    • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
    • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
    • Save the file as gmer.log and copy/paste the contents in your next reply.


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:02 PM

Posted 14 June 2010 - 06:28 AM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users