Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojan.FreeAV


  • This topic is locked This topic is locked
5 replies to this topic

#1 JGrimaldi

JGrimaldi

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 21 June 2010 - 07:11 PM

Believe infected with Trojan.FreeAV on 6/19/10.
Ran SuperAntiSPyware, it found it(along with some cookies). After it cleaned, couldn't access internet with IE or Chrome.
Changed LAN/Proxy settings back to what they should be. IE connects, Chrome only connects if started with the --no-sandbox workaround.

Randomly getting new windows opening with whatever my last search term was. Obvious fake links to more Malware.
There's a reg entry for Proxy server http=127.0.0.1:5555 that I think is causing it. I figued rather than piecemeal the rest of it out, now is a good time to ask for help.

Thank you(in advance) for looking over the logs.

DDS file:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Jason at 19:06:44.40 on Mon 06/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1455 [GMT -4:00]

AV: avast! antivirus 4.8.1368 [VPS 100621-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\Jason\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\N3U21ATJ\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\jason\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\jason\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Web-Based Email Tools - hxxp://email04.secureserver.net/Download.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256429969937
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2010-4-6 20104]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-19 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-19 138680]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-10-24 10384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-19 352920]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-4-12 9472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-22 135664]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys --> c:\windows\system32\drivers\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys --> c:\windows\system32\drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2010-4-6 25864]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\jason\locals~1\temp\gpu-z.sys --> c:\docume~1\jason\locals~1\temp\GPU-Z.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2010-4-6 23048]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2009-11-21 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2009-11-21 218608]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2010.sp1d\RpcAgentSrv.exe [2010-6-1 93336]

=============== Created Last 30 ================

2010-06-21 22:40:01 0 d-----w- c:\program files\Trend Micro
2010-06-21 19:24:07 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-21 19:24:01 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-19 23:51:04 0 d-----w- C:\reg dlls
2010-06-19 22:30:23 0 d-----w- c:\docume~1\jason\applic~1\SUPERAntiSpyware.com
2010-06-13 01:43:25 0 d-----w- c:\docume~1\jason\applic~1\Dropbox
2010-06-11 05:58:09 0 d-----w- c:\program files\StarCraft
2010-06-10 21:48:05 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-01 17:28:38 37888 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2010-06-01 17:28:38 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2010-06-01 17:20:38 0 d-----w- c:\windows\system32\appmgmt
2010-06-01 17:12:07 32 ----a-w- c:\windows\0
2010-06-01 17:12:07 0 ----a-w- c:\windows\system32\0
2010-06-01 17:12:03 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-06-01 17:12:02 0 d-----w- c:\program files\Nokia
2010-06-01 17:11:59 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-06-01 17:11:50 0 d-----w- c:\program files\PC Connectivity Solution
2010-06-01 16:26:03 0 d-----w- c:\program files\SiSoftware
2010-05-29 14:07:14 101120 -c--a-w- c:\windows\system32\dllcache\bthpan.sys
2010-05-29 14:07:14 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2010-05-29 14:07:05 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2010-05-29 14:07:05 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2010-05-29 14:07:04 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-05-29 14:07:04 28160 ----a-w- c:\windows\system32\irmon.dll
2010-05-29 14:07:04 17024 -c--a-w- c:\windows\system32\dllcache\bthenum.sys
2010-05-29 14:07:04 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys
2010-05-29 14:07:04 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-05-29 14:07:04 151552 ----a-w- c:\windows\system32\irftp.exe
2010-05-29 14:07:03 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-05-29 14:07:03 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-05-29 14:06:56 18944 -c--a-w- c:\windows\system32\dllcache\bthusb.sys
2010-05-29 14:06:56 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2010-05-23 05:23:01 0 d-----w- c:\windows\Performance
2010-05-23 05:22:25 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 19:07:55.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:21 AM

Posted 28 June 2010 - 01:16 AM

Hi,

If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 JGrimaldi

JGrimaldi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 01 July 2010 - 10:08 PM

I apologize for the delay. I willpost a new DDS shortly.

Thank you, again.

#4 JGrimaldi

JGrimaldi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 01 July 2010 - 10:14 PM

Here it is:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Jason at 23:11:05.83 on Thu 07/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1142 [GMT -4:00]

AV: avast! antivirus 4.8.1368 [VPS 100701-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\Jason\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\S942X9DA\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\jason\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [fyqqiytq] c:\documents and settings\jason\local settings\application data\dnngjecpl\idnhyuntssd.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [fyqqiytq] c:\documents and settings\jason\local settings\application data\dnngjecpl\idnhyuntssd.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\jason\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Web-Based Email Tools - hxxp://email04.secureserver.net/Download.CAB
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256429969937
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2010-4-6 20104]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-19 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-19 138680]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-10-24 10384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-19 352920]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-4-12 9472]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\admini~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\admini~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-22 135664]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys --> c:\windows\system32\drivers\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys --> c:\windows\system32\drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2010-4-6 25864]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\jason\locals~1\temp\gpu-z.sys --> c:\docume~1\jason\locals~1\temp\GPU-Z.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2010-4-6 23048]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2009-11-21 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2009-11-21 218608]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2010.sp1d\RpcAgentSrv.exe [2010-6-1 93336]
S3 SASENUM;SASENUM;\??\c:\docume~1\admini~1\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASENUM.SYS [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-6-22 77312]

=============== Created Last 30 ================

2010-06-22 15:43:05 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2010-06-22 15:41:44 0 d-----w- c:\program files\PCPitstop
2010-06-22 15:29:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-21 22:40:01 0 d-----w- c:\program files\Trend Micro
2010-06-21 19:24:07 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-21 19:24:01 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-19 23:51:04 0 d-----w- C:\reg dlls
2010-06-19 22:30:23 0 d-----w- c:\docume~1\jason\applic~1\SUPERAntiSpyware.com
2010-06-13 01:43:25 0 d-----w- c:\docume~1\jason\applic~1\Dropbox
2010-06-11 05:58:09 0 d-----w- c:\program files\StarCraft
2010-06-10 21:48:05 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 23:12:06.63 ===============

Attached Files



#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:21 AM

Posted 02 July 2010 - 02:44 AM

uTorrent
LimeWire


Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck all but sections option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Edited by Blade81, 02 July 2010 - 02:44 AM.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:21 AM

Posted 13 July 2010 - 01:05 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users