Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 techemically

techemically

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 27 September 2010 - 12:55 PM

I found Trojan.Agent.CX in a dll of one of my PC games. It seems to remove but my PC is acting strange (high CPU usage and hanging) also, I would like to know if there is any way to clean this file as it is needed for operation of my game. I ran DDS and GmeR, the logs are included (sorry i saw no button to attach a zip of these files):

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 8/16/2010 5:15:20 AM
System Uptime: 9/27/2010 10:48:40 AM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5G41T-M
Processor: Intel® Core™2 Quad CPU Q9650 @ 3.00GHz | LGA775 | 3003/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 612 GiB total, 214.749 GiB free.
D: is FIXED (FAT32) - 233 GiB total, 23.17 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel

Class GUID: {d94ee5d8-d189-4994-83d2-f68d7d41b0e6}
Description: Trusted Platform Module 1.2
Device ID: ACPI\IFX0102\1
Manufacturer: (Standard)
Name: Trusted Platform Module 1.2
PNP Device ID: ACPI\IFX0102\1
Service: TPM

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_83FE1043&REV_C0\4&3AA6353D&0&00E1
Manufacturer: Atheros
Name: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
PNP Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_83FE1043&REV_C0\4&3AA6353D&0&00E1
Service: L1C

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Activision®
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AMD Drag and Drop Transcoding
Assassin's Creed
Assassin's Creed II
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2™
Battlefield 2: Special Forces
Battlefield Vietnam™
Battlefield Vietnam: WW2 Mod
BFV Command and Control Server Manager - BFVCC
CamStudio
CamStudio Lossless Codec v1.4
CCleaner
Command & Conquer The First Decade
Counter-Strike: Source
Crayon Physics Deluxe - release 51
Defraggler
EASEUS Partition Master 6.1.1 Home Edition
EASEUS Todo Backup 1.1
Express Gate
Gcabby2
GmoteServer
Google Chrome
Infineon TPM Professional Package
Java Auto Updater
Java™ 6 Update 20
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Monkey Island 2 LeChucks Revenge Special Edition
Mozilla Firefox (3.6.10)
Nostromo Array Programming Software
NVIDIA PhysX
OpenOffice.org 3.2
PC Probe II
Polipo 1.0.4.1
ProxyFirewall 1.0.4 Beta
PunkBuster for Battlefield 1942
PunkBuster for Battlefield Vietnam
QuickTime
Realtek High Definition Audio Driver
Recuva
Savage 2 - A Tortured Soul
SeaMonkey (2.0.7)
Spybot - Search & Destroy
SpywareBlaster 4.4
Star Wars Battlefront II
Steam™
Team Fortress 2
The Godfatherâ„¢ II
The Rosetta Stone
Tom Clancy's Rainbow Six: Lockdown
Tor 0.2.1.26
Transformers™ - War for Cybertron™
TSP_CODEC
Turbo Key
TWIN PS TO PC CONVERTER
Ubisoft Game Launcher
UltraVNC 1.0.8.2
VC Sync (CE) Y!Epic Community Ed. v2.0.0.4
Vidalia 0.2.9
ViviCam V35
VLC media player 1.1.4
WBFS Manager 3.0
WD SmartWare
WebEx
Windows 7 Manager
WinPcap 4.1.2
WinRAR archiver
Wireshark 1.4.0
Y!Supra v1.0.0.60
YahELite 330.1
Yahoo! Messenger
YEpic
ZoneAlarm Extreme Security

==== Event Viewer Messages From Past Week ========

9/27/2010 11:15:09 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
9/27/2010 10:48:53 AM, Error: TPM [14] - The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
9/22/2010 2:06:30 PM, Error: Service Control Manager [7034] - The WD SmartWare Background Service service terminated unexpectedly. It has done this 1 time(s).
9/22/2010 2:06:27 PM, Error: Service Control Manager [7034] - The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

DDS (Ver_10-03-17.01) - NTFSx86
Run by enigma at 11:42:10.20 on Mon 09/27/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3583.2623 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe
C:\Program Files\Infineon\Security Platform Software\ifxtcs.exe
C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\mmc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\enigma\Desktop\SecScn\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Turbo Key] "c:\program files\asus\turbo key\TurboKey.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\loadou~1.lnk - c:\program files\belkin\nostromo\nost_LM.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\enigma\appdata\roaming\mozilla\firefox\profiles\n97d6dt5.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaDownload.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaExtensions.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\enigma\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\enigma\appdata\roaming\mozilla\firefox\profiles\n97d6dt5.default\extensions\{f5e4ac68-1466-4b9f-b043-f40127f993d0}\plugins\npatgpc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-8-16 27016]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-8-16 21896]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2009-7-19 39712]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-6 176128]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-8-16 90112]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-14 319488]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-27 1153368]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2010-8-22 1590216]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-4 6096384]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-4 214016]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-7-23 22821]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-8-16 123784]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2009-10-14 35448]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-8-22 12096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-8-16 14216]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-8-16 15240]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-8-16 8456]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2010-8-15 51712]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

=============== Created Last 30 ================

2010-09-26 19:56:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-22 18:47:43 0 ----a-w- c:\windows\YAHELITE_cookie.INI
2010-09-22 18:45:05 0 d-----w- c:\program files\WinPcap
2010-09-22 18:44:52 0 d-----w- c:\program files\Wireshark
2010-09-21 18:48:38 0 d-----w- c:\program files\NVIDIA Corporation
2010-09-21 18:48:29 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-09-21 18:42:12 0 d-----w- c:\program files\Activision
2010-09-20 20:27:16 73728 ----a-w- c:\windows\system32\dancemat.exe
2010-09-20 20:27:16 55808 ----a-w- c:\windows\system32\devcon.exe
2010-09-20 20:27:16 31183 ----a-w- c:\windows\system32\drivers\danceflt.sys
2010-09-20 20:27:16 24576 ----a-w- c:\windows\system32\ReDlg.exe
2010-09-20 20:27:15 0 d-----w- c:\program files\TWINCONVERTOR
2010-09-20 20:25:47 0 d-----w- c:\users\enigma\appdata\roaming\Ubisoft
2010-09-20 20:25:47 0 d-----w- c:\programdata\Ubisoft
2010-09-17 18:45:19 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-09-17 18:45:18 0 d-----w- c:\program files\SpywareBlaster
2010-09-17 00:38:28 86016 ----a-w- c:\windows\unvise32qt.exe
2010-09-17 00:37:49 0 d-----w- c:\windows\system32\QuickTime
2010-09-17 00:37:07 0 d-----w- c:\programdata\QuickTime
2010-09-17 00:35:54 0 d-----w- c:\program files\The Rosetta Stone
2010-09-09 16:25:00 0 d-----w- c:\program files\VideoLAN
2010-09-09 00:03:55 2217 ----a-w- c:\windows\YAHELITE.INI
2010-09-09 00:03:52 0 d-----w- c:\program files\YahELite
2010-09-06 09:01:27 0 d-----w- c:\program files\Gcabby
2010-09-05 20:34:57 0 d-----w- c:\program files\YEpic
2010-09-03 15:46:53 0 d-----w- c:\users\enigma\appdata\roaming\#ISW.FS#
2010-09-03 01:16:10 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-03 01:13:55 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-03 01:13:44 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-09-03 01:13:39 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-09-03 00:36:57 0 d-----w- c:\windows\system32\URTTEMP
2010-09-02 23:44:14 177 ---h--w- C:\dvmexp.idx
2010-09-01 03:00:14 0 d-----w- c:\programdata\Yahoo!
2010-09-01 02:57:25 0 d-----w- c:\program files\Yahoo!
2010-08-31 22:17:47 0 d-----w- c:\windows\Java
2010-08-31 22:17:46 103424 ----a-w- c:\windows\extrac32.exe
2010-08-31 16:48:45 0 d---a-w- c:\programdata\TEMP
2010-08-31 02:25:03 0 d-----w- c:\users\enigma\appdata\roaming\Y!Supra
2010-08-31 02:25:02 0 d-----w- c:\program files\Y!Supra
2010-08-31 02:24:44 9488 ----a-w- c:\windows\system32\tssoft32.acm
2010-08-31 02:24:43 16144 ----a-w- c:\windows\system32\tsd32.dll
2010-08-31 02:24:43 0 d-----w- c:\program files\Bytescribe
2010-08-31 01:35:30 0 d-----w- c:\users\enigma\appdata\roaming\webex
2010-08-31 01:35:13 0 d-----w- c:\programdata\WebEx
2010-08-31 00:56:30 0 d-----w- c:\program files\SeaMonkey
2010-08-31 00:39:24 0 d-----w- c:\program files\Savage 2 - A Tortured Soul
2010-08-30 17:21:04 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-08-30 17:21:04 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-08-30 17:21:04 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-08-30 17:21:04 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-08-30 17:21:03 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-08-30 17:21:03 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-08-30 17:21:03 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-08-30 16:16:55 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-30 01:29:25 0 d-----w- c:\program files\Yamicsoft
2010-08-29 22:45:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 22:45:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 22:15:03 0 d-----w- c:\users\enigma\appdata\roaming\Crayon Physics Deluxe
2010-08-29 22:14:26 0 d-----w- c:\program files\Crayon Physics Deluxe
2010-08-29 22:10:07 0 d-----w- c:\users\enigma\appdata\roaming\LucasArts
2010-08-29 21:26:17 0 d-----w- c:\program files\Defraggler

==================== Find3M ====================

2010-08-22 17:50:55 23872 ----a-w- c:\windows\system32\mv2.dll
2010-08-22 17:50:55 12096 ----a-w- c:\windows\system32\drivers\mv2.sys
2010-08-18 03:22:40 1540 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-08-16 22:31:53 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-16 20:33:44 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-16 20:05:48 737280 ----a-w- c:\windows\iun6002.exe
2010-08-16 16:36:42 695578 ----a-w- c:\windows\system32\unins000.exe
2010-08-16 12:11:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-08-04 07:21:44 6096384 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-08-04 06:55:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-04 06:54:52 519680 ----a-w- c:\windows\system32\aticfx32.dll
2010-08-04 06:52:06 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-04 06:51:38 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-08-04 06:51:12 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-08-04 06:50:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-08-04 06:49:52 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-04 06:49:50 15845888 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-04 06:49:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-04 06:49:36 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-08-04 06:49:28 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-04 06:46:34 3899392 ----a-w- c:\windows\system32\atidxx32.dll
2010-08-04 06:28:28 4021760 ----a-w- c:\windows\system32\atiumdag.dll
2010-08-04 06:26:02 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-04 06:25:52 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-04 06:24:36 4341248 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-04 06:23:44 65536 ----a-w- c:\windows\system32\coinst.dll
2010-08-04 06:21:40 3324416 ----a-w- c:\windows\system32\atiumdva.dll
2010-08-04 06:16:08 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-04 06:15:56 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-08-04 06:15:50 16896 ----a-w- c:\windows\system32\atigktxx.dll
2010-08-04 06:15:30 214016 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-08-04 06:15:04 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-08-04 06:14:50 27648 ----a-w- c:\windows\system32\atiu9pag.dll
2010-08-04 06:14:28 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-08-04 06:14:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-08-04 06:09:24 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-04 06:09:24 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 23:42:50 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-07-15 13:44:20 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-07-15 13:44:20 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-07-15 13:44:20 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-07-15 13:44:08 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 11:42:48.22 ===============

EDIT: Moved from AII to Malware Removal Logs ~ Hamluis.

Edited by hamluis, 27 September 2010 - 01:34 PM.
Move to Log forum from Windows 7 ~ OB


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:06 AM

Posted 01 October 2010 - 04:19 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 AM

Posted 07 October 2010 - 04:22 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users