Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Horse Generic18.ENE & Dropper.Generic2.RVQ


  • This topic is locked This topic is locked
5 replies to this topic

#1 AslamJ

AslamJ

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 11 July 2010 - 04:16 AM

I seemed to have picked up some Malware from where, I have no idea & its affecting my startup files to the extent that my PC is not only slow but necessary startup programs are prevented from running by AVG 9.0.830

DDS Log below - GMER and the second DDS logs are attached

Please help - Much appreciated


DDS (Ver_10-03-17.01) - NTFSx86
Run by Aslam at 22:53:18.93 on 10/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.296 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\DStv ON DEMAND Desktop\DCBin\DCService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DStv ON DEMAND Desktop\DCBin\DCTrayApp.exe
C:\Program Files\Route Sentry\RouteSentry.exe
C:\PROGRA~1\AVG\AVG9\avgtray .exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE
C:\WINDOWS\system32\WISPTIS.EXE
E:\Downloads\Other Downloads\PC Problems\2010-07-10 Files\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://www.myherbalife.com/login/login.jsp...equestid=143285
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2e7d02e9-3191-428d-b367-088a03d40f93} - c:\windows\system32\ddcAqqOG.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - c:\program files\xi\netxfer\NXIEHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: CAB Class: {c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} - c:\windows\system32\C7SrG0Lt.dll
BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\xi\netxfer\NXToolBar.dll
TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {3E1201F4-1707-409F-BB45-A5F192381DA0} - No File
EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [OpenTalk] c:\program files\opentalk\OpenTalk.exe
uRun: [mwrioy] c:\documents and settings\aslam\mwrioy.exe
uRun: [Google Update] "c:\documents and settings\aslam\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [eyeBeam SIP Client]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [VTTimer] VTTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [Samsung LBP SM] "c:\windows\samsung\lasersmmgr\ssmmgr.exe" /autorun
mRun: [S3Trayp] S3trayp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero 7\nero backitup\NBKeyScan.exe"
mRun: [MediaFace Integration] c:\program files\fellowes\mediaface 4.2\SetHook.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AudioDeck] c:\program files\viaudioi\sbadeck\ADeck.exe 1
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\aslam\startm~1\programs\startup\routes~1.lnk - c:\program files\route sentry\RouteSentry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dstvon~1.lnk - c:\program files\dstv on demand desktop\dcbin\DCTrayApp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
IE: Add to AMV/AVI Video Converter... - c:\program files\mp3 player utilities 4.18\amvconverter\grab.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274031151140
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://besimplysmashing.webex.com/client/T27LB/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6676623-8BBD-479C-A51B-05868728708C} - hxxp://download.digitaldm.com/plug-in/myebk/c/digitaldm2.cab
TCP: {190575E2-C3BF-40DB-86B2-1B2B3234B6D0} = 168.210.2.2 196.14.239.2
TCP: {6F467F97-0BFF-4241-8072-C74B422097B2} = 168.210.2.2 196.14.239.2
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ddcAqqOG

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aslam\applic~1\mozilla\firefox\profiles\wt0kqugr.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - component: c:\documents and settings\aslam\application data\mozilla\firefox\profiles\wt0kqugr.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\aslam\application data\mozilla\firefox\profiles\wt0kqugr.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\aslam\application data\mozilla\firefox\profiles\wt0kqugr.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\free download manager\firefox\extension\components\component.dll
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\aslam\application data\mozilla\firefox\profiles\wt0kqugr.default\extensions\maps@ovi.com\plugins\npNMapG.dll
FF - plugin: c:\documents and settings\aslam\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-12-24 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-12-24 52224]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-31 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-26 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-17 242896]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-6-7 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-6-7 166632]
R2 AFL;DStv ON DEMAND Desktop Download Manager;c:\program files\dstv on demand desktop\dcbin\DCService.exe [2010-5-4 75792]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-17 308064]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-14 50704]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-6-7 840936]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2008-2-13 31424]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-12-24 654848]
S2 AFLnapagent;DStv ON DEMAND Desktop Download Manager AFLnapagent;c:\windows\system32\1042q.exe srv --> c:\windows\system32\1042q.exe srv [?]
S2 Applerpcapd;Apple Mobile Device Applerpcapd;c:\windows\system32\1042q.exe srv --> c:\windows\system32\1042q.exe srv [?]
S2 AudioSrvRemoteAccess;Windows Audio AudioSrvRemoteAccess;c:\windows\system32\1042q.exe srv --> c:\windows\system32\1042q.exe srv [?]
S2 clr_optimization_v2.0.50727_32AFL;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32AFL;c:\windows\system32\1042q.exe srv --> c:\windows\system32\1042q.exe srv [?]
S2 gupdate1c997609f7a0b40;Google Update Service (gupdate1c997609f7a0b40);c:\program files\google\update\GoogleUpdate.exe [2009-2-25 133104]
S2 gusvcSENS;Google Software Updater gusvcSENS;c:\windows\system32\1042q.exe srv --> c:\windows\system32\1042q.exe srv [?]
S2 naflic;naflic;c:\windows\temp\urqzbxdjeslyld.sys [2010-6-20 78592]
S2 NetDDEmnmsrvc;Network DDE NetDDEmnmsrvc;c:\windows\system32\1042q.exe srv --> c:\windows\system32\1042q.exe srv [?]
S2 SCardSvrSpooler;Smart Card SCardSvrSpooler;c:\windows\system32\1042q.exe srv --> c:\windows\system32\1042q.exe srv [?]
S2 TlntSvrRasAuto;Telnet TlntSvrRasAuto;c:\windows\system32\1042q.exe srv --> c:\windows\system32\1042q.exe srv [?]
S2 TrkWksMessenger;Distributed Link Tracking Client TrkWksMessenger;c:\windows\system32\1042q.exe srv --> c:\windows\system32\1042q.exe srv [?]
S3 QuorumService;Quorum;c:\program files\nch swift sound\quorum\quorum.exe [2008-5-13 667652]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2008-5-14 160640]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2008-5-14 5248]

=============== Created Last 30 ================

2010-07-10 20:40:33 74 ----a-w- c:\documents and settings\aslam\defogger_reenable
2010-07-10 20:35:48 122880 ----a-w- c:\windows\system32\C7SrG0Lt.dll
2010-07-04 10:10:38 197 --s-a-w- c:\windows\system32\1540807049.dat
2010-06-27 15:52:08 72 ----a-w- c:\windows\MediaManager.INI
2010-06-27 15:42:16 0 d-----w- c:\program files\MP3 Player Utilities 4.18
2010-06-24 17:38:44 0 d-----w- c:\program files\Trend Micro
2010-06-20 10:35:59 38916 ----a-w- c:\windows\system32\VTTimer.exe
2010-06-20 10:35:59 38916 ----a-w- c:\windows\system32\S3trayp.exe
2010-06-19 11:21:51 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2010-06-19 11:21:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Applications
2010-06-14 16:03:54 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2010-06-14 16:03:54 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-06-14 16:03:54 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-06-14 16:03:54 100880 ----a-w- c:\windows\system32\Packet.dll
2010-06-14 16:03:54 0 d-----w- c:\docume~1\aslam\applic~1\Apowersoft
2010-06-14 16:03:48 0 d-----w- c:\program files\Apowersoft

==================== Find3M ====================

2010-07-10 20:41:45 112 ----a-w- c:\docume~1\alluse~1\applic~1\mbvgA00Iw.dat
2010-06-20 10:36:07 38912 ----a-w- c:\windows\fonts\JfHND.com
2010-06-09 03:44:13 70148 ----a-w- c:\docume~1\alluse~1\applic~1\lve07581.exe
2010-06-02 17:22:37 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-25 20:28:13 54824 ---ha-w- c:\windows\system32\mlfcache.dat
2005-03-28 15:54:22 28672 ----a-w- c:\windows\inf\pbwizUninst.exe
2008-09-09 11:06:10 56 --sh--r- c:\windows\system32\762E53F9CF.sys
2008-06-10 18:25:36 373698 --sha-w- c:\windows\system32\GOqqAcdd.ini2
2009-09-06 10:46:43 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 22:55:27.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 AM

Posted 14 July 2010 - 06:57 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 AslamJ

AslamJ
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 17 July 2010 - 05:13 PM

Whole computer crashed with BSOD Message - irql_not_less_or_equal since I logged call - Busy recovering so error might no longer exist once I reformat - Will keep you informed.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 AM

Posted 17 July 2010 - 06:56 PM

Okay. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 AM

Posted 20 July 2010 - 06:57 PM

How did that go?
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 AM

Posted 22 July 2010 - 07:47 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users