Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU 100%, evP.exe and other .exe files cloning in task manager, while google redirects


  • This topic is locked This topic is locked
3 replies to this topic

#1 missp

missp

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:55 PM

Posted 09 June 2010 - 04:17 AM

Hi, I tried to post a few minutes ago attaching the log files but I was thrown out in page saying that the site was in maintainance. Now, it shows in posts only my topic without the texts, so I am posting it again.

Dear all,

I am writing on this post because I am fairly certain that my laptop has been infected by malware and I would deeply appreciated it if you could advise me with solutions for the multiple problems caused by them the last 2-3 weeks.

I have a Toshiba laptop, with an

Intel ® Core ™ 2 CPU T7400 @ 2.16 GHz 2.17 GHz Processor , 2,00 Gb RAM run on a 32-bit Windows Vista Home Premium, Service Pack 2.

I had been using in this laptop only the free avast anti-virus and Windows firewall and Defender for 3 years and had no problems, until the first incident occurred apprx 3 weeks ago, when I couldn't type the tone correctly in the Greek alphabet. Searching on the web I found out that it is caused by a trojan which my free avast software could not detect. Then I started a marathon of search and run malware remove program using among others

McAfee Stinger
Trojan Remover
Spyware Doctor
A-squered Free
Spybot S & D
Malwarebytes' Atni-Malware
did a registry clean, downloaded Security Task Manager which couldn't run and nothing spectacular happened until came across a thread of your site suggesting rkill and combo fix and I tried it, admittedly without thinking much of the consequences since I just wanted badly to move on with my work at the time. The typing problem was fixed but new problems with Internet Explorer 8 and Google turned up right after:

In Google search the typed key words disappeared when I hit search. If I remember well that was solved with Dr.WEB_CureIt and HiJackThis) but then iexplore.exe started cloning itself in task manager using all the CPU even when only one window was open, while address were redirected in both IE and Mozilla and certain pages which I could access easily before are no more accessible. Furthermore, I noticed today that it is not any more just the iexplore.exe cloning but almost all other .exe files even after ending their processes (i.e.LVComSer.exe or realtime player etc)

Also, a weird ‘evP.exe’ appeared and disappeared eating up the CPU within a split of a second. And other unknown exe files which did the same with the CPU but they disappeared too soon to memorise them. Looked very quickly for the evP.exe and it seems it is another malware. At the beginning, I feared also the case of a keylogger, having the obsession that it all started when I received 2 e-mails from someone I knew but wanted to avoid, with 2 music files which when I tried to open IE crashed twice.

I hope you will be able to help me to identify what the problem is and how I can solve it. Also, I would be grateful if you could give me some advice of what anti-virus and firewall I should use to protect my computer best.

Thank you very much in advance for your time,

Maria

I provide below the log file of DDS





DDS (Ver_10-03-17.01) - NTFSx86
Run by pesli at 23:20:35,58 on ’¨  08/06/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_13

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\TODDSrv.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\conime.exe
C:\Users\pesli\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k SDRSVC

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.gr/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\pesli\appdata\roaming\mozilla\firefox\profiles\1ov7b97t.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R? Adobe Version Cue CS4;Adobe Version Cue CS4
R? ASPI;Advanced SCSI Programming Interface Driver
R? FontCache;Windows Font Cache Service
R? gupdate;“§ž¨œ©ε˜ Google Update (gupdate)
R? Seagate Sync Service;Seagate Sync Service
S? a2free;a-squared Free Service
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? avast! Mail Scanner;avast! Mail Scanner
S? avast! Web Scanner;avast! Web Scanner
S? FwLnk;FwLnk Driver
S? MacDriveService;MacDriveService
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? MDFSYSNT;MacDrive file system driver
S? MDPMGRNT;MDPMGRNT
S? TabletServicePen;TabletServicePen
S? wacmoumonitor;Wacom Mode Helper

=============== Created Last 30 ================

2010-06-08 22:10:22 0 ----a-w- c:\users\pesli\defogger_reenable
2010-06-06 08:52:50 0 d-----w- c:\programdata\DivX
2010-06-05 22:19:40 0 d-----w- c:\program files\uTorrent
2010-06-05 22:18:18 0 d-----w- c:\users\pesli\appdata\roaming\uTorrent
2010-06-05 22:10:29 0 d-----w- C:\New Folder
2010-05-28 13:15:45 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-05-28 13:15:45 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-05-28 12:58:36 0 d-----w- c:\program files\common files\Macrovision Shared
2010-05-26 21:36:53 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-20 13:29:21 0 d-----w- c:\program files\Trend Micro
2010-05-20 13:18:38 0 d-sh--w- C:\$RECYCLE.BIN
2010-05-20 12:50:02 98816 ----a-w- c:\windows\sed.exe
2010-05-20 12:50:02 77312 ----a-w- c:\windows\MBR.exe
2010-05-20 12:50:02 256512 ----a-w- c:\windows\PEV.exe
2010-05-20 12:50:02 161792 ----a-w- c:\windows\SWREG.exe
2010-05-20 12:22:28 0 d-----w- c:\program files\WOT
2010-05-20 10:10:22 0 d-----w- c:\programdata\SecTaskMan
2010-05-20 10:10:16 0 d-----w- c:\program files\Security Task Manager
2010-05-20 10:10:02 0 d-----w- c:\users\pesli\DoctorWeb
2010-05-19 11:15:48 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-19 11:15:48 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-19 10:20:43 0 d-----w- c:\program files\a-squared Free
2010-05-19 09:30:43 296126683 ----a-w- c:\windows\MEMORY.DMP
2010-05-19 09:28:31 0 d-----w- c:\users\pesli\appdata\roaming\Uniblue
2010-05-19 00:36:17 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-19 00:04:50 0 d-----w- c:\users\pesli\appdata\roaming\Malwarebytes
2010-05-19 00:03:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 00:03:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 00:03:49 0 d-----w- c:\programdata\Malwarebytes
2010-05-19 00:03:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 09:09:42 0 d-----w- c:\program files\Trojan Remover
2010-05-18 08:45:43 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-18 08:45:43 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-18 08:45:43 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-18 08:45:43 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-18 08:45:43 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-05-12 09:08:21 738816 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-05-19 00:09:47 419 ----a-w- c:\program files\rkill.log
2010-05-12 10:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 20:34:10 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-17 19:58:29 86016 ----a-w- c:\windows\inf\infpub.dat
2009-11-17 19:58:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 19:58:29 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-17 19:58:29 143360 ----a-w- c:\windows\inf\infstor.dat
2008-07-02 14:45:46 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:41:23,21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:55 AM

Posted 12 June 2010 - 10:01 AM

Hello and welcome to Bleeping Computer. smile.gif

*Please Subscribe to this Thread to get immediate notification of replies. See HERE

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.

*You must reply within 5 days otherwise this topic will be closed.



=====================================


Please run another DDS scan and post the latest DDS report for my review. Thanks.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:55 AM

Posted 15 June 2010 - 09:00 AM

Hi,

Do you still need our help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:55 AM

Posted 18 June 2010 - 04:13 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users