Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Security Engineer Hacks Hotel WiFi, Fined for Exposing Admin Password

Featured Deal: Get 92% off The Complete Cisco Network Certification Training Bundle

Photo

Hijack This Log post

Started by caseycj , Aug 06 2010 03:45 PM

  • Please log in to reply
1 reply to this topic

#1 caseycj

caseycj

  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:12:27 PM

Posted 06 August 2010 - 03:45 PM

I am a computer novice, but i have been told that someone may be hacking my computer. One day I was sitting at my computer on the internet, when the screen went blank and froze. A friend came over and found that the computer had been set to open from the CD driver. Being that I had not touched the settings, he said it could have been remotely accessed. And now, here we are.


DDS (Ver_10-03-17.01) - NTFSX64
Run by casey at 15:41:11.88 on Fri 08/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.286 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\iolo\common\lib\ioloServiceManager.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Users\casey\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Program Files (x86)\Cobian Backup 10\Cobian.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\casey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1QDQFVD\Defogger[1].exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\casey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXT0WXHP\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: @c:\program files (x86)\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files (x86)\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
TB: {DD662A0C-12FE-4B38-BA53-247F7EC82F46} - No File
TB: {BE4BD794-7292-4114-A408-F06C56F51049} - No File
uRun: [Google Update] "c:\users\casey\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [Bing Bar] "c:\program files (x86)\msn toolbar\platform\5.0.1423.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [iolo Startup] "c:\program files (x86)\iolo\common\lib\ioloLManager.exe"
StartupFolder: c:\users\casey\appdata\roaming\micros~1\windows\startm~1\programs\startup\cnette~1.lnk - c:\users\casey\appdata\roaming\cbs interactive\cnet techtracker\TechTracker.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Search
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\program files (x86)\avira\antivir desktop\avsda.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
TB-X64: {DD662A0C-12FE-4B38-BA53-247F7EC82F46} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {BE4BD794-7292-4114-A408-F06C56F51049} - No File
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

============= SERVICES / DRIVERS ===============

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2010-7-23 23464]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\avira\antivir desktop\avmailc.exe [2010-7-9 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-7-9 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-7-9 267432]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\avira\antivir desktop\avwebgrd.exe [2010-7-9 405672]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-9 81072]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\cobian backup 10\cbVSCService.exe [2010-8-6 67584]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\common\lib\ioloServiceManager.exe [2010-7-23 711352]
R2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\common\lib\ioloServiceManager.exe [2010-7-23 711352]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 148008]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 450048]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]
S2 PremierOpinion;PremierOpinion;c:\program files (x86)\premieropinion\pmservice.exe /service --> c:\program files (x86)\premieropinion\pmservice.exe [?]
S2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 149544]
S2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 205352]
S3 lvpepf64;Volume Adapter;c:\windows\system32\drivers\lv302a64.sys [2008-7-26 15768]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2008-7-26 790424]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-7-26 50072]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-8 1255736]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-08-06 19:39:47 0 ----a-w- c:\users\casey\defogger_reenable
2010-08-06 19:15:22 0 d-----w- c:\program files (x86)\Cobian Backup 10
2010-08-05 18:25:30 0 d-----w- c:\users\casey\appdata\roaming\Malwarebytes
2010-08-05 18:25:15 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-05 18:25:15 0 d-----w- c:\programdata\Malwarebytes
2010-08-05 18:25:15 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-05 18:11:56 0 d-----w- c:\program files (x86)\Exterminate It!
2010-08-05 16:05:38 0 d-----w- c:\program files (x86)\Trend Micro
2010-08-03 00:02:51 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-02 08:03:26 0 d-----w- c:\programdata\Hewlett-Packard
2010-08-01 15:28:32 0 d-----w- c:\users\casey\appdata\roaming\Azureus
2010-08-01 15:28:04 0 d-----w- c:\program files (x86)\Vuze
2010-08-01 15:28:00 0 d-----w- c:\program files (x86)\Vuze_Remote
2010-07-29 17:00:58 0 d-----w- c:\users\casey\appdata\roaming\CBS Interactive
2010-07-24 05:59:58 65536 --sha-w- c:\users\casey\NTUSER.DAT{2b7ecc98-9689-11df-be25-001e33306eb0}.TM.blf
2010-07-24 05:59:58 524288 --sha-w- c:\users\casey\NTUSER.DAT{2b7ecc98-9689-11df-be25-001e33306eb0}.TMContainer00000000000000000002.regtrans-ms
2010-07-24 05:59:58 524288 --sha-w- c:\users\casey\NTUSER.DAT{2b7ecc98-9689-11df-be25-001e33306eb0}.TMContainer00000000000000000001.regtrans-ms
2010-07-24 05:35:52 0 ----a-w- C:\install.rdf
2010-07-23 18:30:30 406 ----a-w- c:\windows\syswow64\ioloBootDefrag.cfg
2010-07-23 18:30:02 23464 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2010-07-23 18:30:01 0 d-----w- C:\iolo
2010-07-23 18:29:39 106672 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-07-23 18:29:34 46080 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-07-23 18:29:34 15360 ----a-w- c:\windows\system32\smrgdf.exe
2010-07-23 18:29:31 0 d-----w- c:\program files (x86)\iolo
2010-07-23 18:24:19 74703 ----a-w- c:\windows\syswow64\mfc45.dll
2010-07-23 18:24:03 0 d-----w- c:\users\casey\appdata\roaming\iolo
2010-07-23 18:24:03 0 d-----w- c:\programdata\iolo
2010-07-21 11:19:08 0 d-----w- C:\Foxit Software
2010-07-21 11:18:51 0 d-----w- c:\users\casey\appdata\roaming\Foxit Software
2010-07-21 11:18:51 0 d-----w- c:\program files (x86)\Foxit Software
2010-07-20 13:42:23 0 d-----w- c:\programdata\PhotoMail
2010-07-20 13:42:23 0 d-----w- c:\program files (x86)\PhotoMail Maker
2010-07-20 13:41:06 0 d-----w- c:\programdata\IncrediMail
2010-07-20 13:41:05 0 d-----w- c:\programdata\IM
2010-07-19 21:36:30 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-07-19 21:36:22 0 d-----w- c:\program files\Synaptics
2010-07-19 21:34:48 0 d-----w- c:\windows\syswow64\x64
2010-07-19 21:34:47 1002008 ----a-w- c:\windows\syswow64\igxpun.exe
2010-07-19 19:43:04 0 d-----w- c:\program files (x86)\OneRiot
2010-07-19 19:38:31 0 d-----w- c:\program files (x86)\Conduit
2010-07-15 13:09:27 0 d-----w- c:\program files (x86)\common files\Symantec Shared
2010-07-15 13:07:23 0 d-----w- c:\users\casey\appdata\roaming\Avira
2010-07-15 12:58:21 0 d-----w- c:\programdata\Norton
2010-07-15 12:58:20 0 d-----w- c:\programdata\Symantec
2010-07-15 12:58:16 0 d-----w- c:\programdata\NortonInstaller
2010-07-15 09:55:45 0 d-----w- c:\program files\Google
2010-07-15 09:55:28 0 d-----w- c:\programdata\Google
2010-07-15 09:55:06 0 d-----w- c:\windows\syswow64\Adobe
2010-07-14 06:33:01 0 d-----w- c:\users\casey\appdata\roaming\iWin
2010-07-14 06:32:51 0 d-----w- c:\programdata\Trymedia
2010-07-14 05:54:48 632 --sha-r- c:\users\casey\ntuser.pol
2010-07-13 17:21:21 144384 ----a-w- c:\windows\system32\cdd.dll
2010-07-13 10:55:05 0 d-----w- c:\programdata\MumboJumbo
2010-07-13 10:51:45 64 ----a-w- c:\windows\GPlrLanc.dat
2010-07-13 10:51:45 17542 ------w- c:\windows\FRGN.ico
2010-07-13 10:51:33 0 d-----w- c:\programdata\Free Ride Games
2010-07-13 10:45:54 0 d-----w- c:\program files (x86)\iWin
2010-07-13 10:44:37 0 d-----w- c:\program files (x86)\Atrinsic
2010-07-12 04:36:28 9728 ----a-w- c:\windows\syswow64\TCMSVR.dll
2010-07-12 04:36:28 152848 ----a-w- c:\windows\syswow64\Comdlg32.ocx
2010-07-12 04:36:28 1081616 ----a-w- c:\windows\syswow64\mscomctl.ocx
2010-07-12 04:36:27 0 d-----w- c:\program files (x86)\TOSHIBA
2010-07-12 04:35:28 0 d-----w- c:\windows\Driver Cache
2010-07-10 22:02:43 0 d-----w- c:\program files (x86)\Virtual Earth 3D
2010-07-09 16:00:28 16 ----a-w- c:\windows\popcinfo.dat
2010-07-09 15:38:48 0 d---a-w- c:\programdata\TEMP
2010-07-09 15:38:39 0 d-----w- c:\users\casey\appdata\roaming\SpinTop
2010-07-09 15:09:42 81072 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-09 15:09:39 0 d-----w- c:\programdata\Avira
2010-07-09 15:09:39 0 d-----w- c:\program files (x86)\Avira
2010-07-09 14:39:53 0 d-----w- c:\program files\common files\Authentium
2010-07-09 14:39:53 0 d-----w- c:\program files (x86)\common files\Authentium
2010-07-09 12:33:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-07-09 10:04:53 0 d-----w- c:\windows\system32\appmgmt
2010-07-09 10:00:49 499712 ----a-w- c:\windows\syswow64\msvcp71.dll
2010-07-09 10:00:49 348160 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-07-09 07:35:03 0 d-----w- c:\programdata\Sun
2010-07-09 07:34:51 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-09 07:34:51 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-09 07:34:51 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-09 07:34:51 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-09 07:33:27 0 d-----w- c:\program files (x86)\Ask.com
2010-07-09 07:11:04 0 d-----w- c:\program files (x86)\FMC
2010-07-09 06:01:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-07-09 05:33:06 0 d-----w- c:\program files (x86)\Advanced Registry Optimizer
2010-07-09 03:29:46 0 d-----w- c:\programdata\Yahoo!
2010-07-09 03:28:57 0 d-----w- c:\program files (x86)\Yahoo!
2010-07-09 03:28:04 0 d-----w- c:\program files (x86)\Free Offers from Freeze.com
2010-07-09 02:55:43 0 d-----w- c:\programdata\2B324
2010-07-09 02:55:41 0 d-----w- c:\users\casey\appdata\roaming\MusicNet
2010-07-09 02:43:31 77 ----a-w- c:\windows\st_affiliate.ini
2010-07-09 02:40:29 0 d-----w- c:\program files (x86)\iMesh Applications
2010-07-09 02:31:01 0 d-----w- c:\users\casey\appdata\roaming\BitTorrent
2010-07-09 02:30:55 0 d-----w- c:\program files (x86)\BitTorrent
2010-07-09 02:19:14 0 d-----w- c:\programdata\NCH Swift Sound
2010-07-09 02:08:19 0 d-----w- c:\program files (x86)\NCH Swift Sound
2010-07-09 00:05:24 0 d-----w- c:\program files (x86)\Myxer
2010-07-08 23:26:55 0 d-----w- c:\program files (x86)\Microsoft
2010-07-08 23:26:49 0 d-----w- c:\program files (x86)\MSN Toolbar
2010-07-08 23:26:32 78376 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2010-07-08 23:25:42 0 d-----w- c:\program files (x86)\Bing Bar Installer
2010-07-08 23:25:41 0 d-sh--w- c:\windows\Installer
2010-07-08 15:55:03 0 d-----w- c:\windows\syswow64\Macromed
2010-07-08 13:53:50 0 d-----w- c:\windows\syswow64\Wat
2010-07-08 13:53:50 0 d-----w- c:\windows\system32\Wat
2010-07-08 13:25:43 0 d-----w- c:\program files\common files\logishrd
2010-07-08 13:13:42 0 d-----w- c:\windows\Panther
2010-07-08 13:08:13 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-07-08 13:08:13 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-07-08 13:04:47 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-07-08 13:04:47 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-07-08 13:04:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-08 13:04:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-07-08 13:04:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-08 13:04:47 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-07-08 13:04:47 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-07-08 13:04:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-07-08 13:04:47 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-07-08 13:04:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-08 13:01:49 0 d-----w- C:\Windows.old
2010-07-08 12:57:10 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-07-08 12:49:02 11406336 ----a-w- c:\windows\syswow64\wmp.dll
2010-07-08 12:47:59 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-07-08 12:47:38 46592 ----a-w- c:\windows\system32\msasn1.dll
2010-07-08 12:47:38 34816 ----a-w- c:\windows\syswow64\msasn1.dll
2010-07-08 12:47:19 716800 ----a-w- c:\windows\syswow64\jscript.dll
2010-07-08 12:47:19 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-07-08 12:47:19 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-07-08 12:44:54 139264 ----a-w- c:\windows\system32\cabview.dll
2010-07-08 12:44:54 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-07-08 12:25:36 0 d-sh--w- C:\Recovery

==================== Find3M ====================

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-09 09:46:00 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:45:57 552960 ----a-w- c:\windows\system32\msdri.dll
2010-05-09 09:14:55 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:42:19.71 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Florida
  • Local time:12:27 PM

Posted 14 August 2010 - 08:23 AM

Hello caseycj

Welcome to BleepingComputer smile.gif
==========================
QUOTE
A friend came over and found that the computer had been set to open from the CD driver. Being that I had not touched the settings, he said it could have been remotely accessed.
Can you explain what you mean by "had been set to open from the CD driver"
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·