Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Downloader: Win32/Renos.LX, Win32/Renos.JS, Rogue: Win32/FakeYak


  • This topic is locked This topic is locked
2 replies to this topic

#1 florals

florals

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 31 October 2010 - 04:47 PM

I started getting fake Windows Security Essentials pop ups every time I attempted to open Chrome, saying that WSE had detected a potential threat. I ran task manager and found that hotfix.exe was running, which I ended and was able to use my browsers again. I ran Malwarebytes, cleaned the problems and restarted. The popups have now stopped, but internet explorer opens randomly with ads and MSE is going nuts with reports of Win32/Renos.LX, Win32/Renos.JS and Win32/FakeYak. Malwarebytes has been reporting Trojan.FakeAlert, Trojan.Downloader and Trojan.Dropper. No matter how many times I remove said threats, they are always there after a restart.


DDS (Ver_10-10-31.01) - NTFS_AMD64
Run by Bryony at 21:17:56.29 on 31/10/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3958.2188 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Users\Bryony\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Bryony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Users\Bryony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Users\Bryony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Bryony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Users\Bryony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Bryony\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:6092
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Bryony\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [AdobeBridge]
uRun: [NtWqIVLZEWZU] C:\Users\Bryony\AppData\Local\Temp\Frh.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-3-1 482384]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-1 202752]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2010-10-31 67584]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-3 13336]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-1

2314240]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-1 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-3-1 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-3 291328]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-4-26 1103904]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-3-1 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-30 1255736]

=============== Created Last 30 ================

2010-10-31 21:04:27 -------- d-----w- C:\Users\Bryony\AppData\Local\Safe mirror
2010-10-31 21:03:58 -------- d-----w- C:\Program Files (x86)\Cobian Backup 10
2010-10-31 20:41:41 8006480 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-31 20:41:36 8006480 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{40E0DC48-1A15-444F-9F82-2D4869084760}\mpengine.dll
2010-10-28 11:29:37 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2010-10-28 11:29:34 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-10-28 07:22:10 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4e05bc21cb76702e\InstallManager_WLE_WLE.exe
2010-10-28 07:21:50 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c9c8921b1cb767021\MeshBetaRemover.exe
2010-10-28 07:21:33 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bf5e8ce81cb76701a\DSETUP.dll
2010-10-28 07:21:33 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bf5e8ce81cb76701a\DXSETUP.exe
2010-10-28 07:21:33 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bf5e8ce81cb76701a\dsetup32.dll
2010-10-28 07:21:32 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be0c89811cb767019\DXSETUP.exe
2010-10-28 07:21:31 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be0c89811cb767019\DSETUP.dll
2010-10-28 07:21:31 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be0c89811cb767019\dsetup32.dll
2010-10-28 07:20:37 -------- d-----w- C:\Users\Bryony\AppData\Local\Windows Live
2010-10-28 07:20:10 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-28 07:20:09 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-28 07:20:09 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-28 07:20:09 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-28 07:20:09 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-28 07:20:07 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-28 07:20:07 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-28 07:20:00 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2010-10-27 16:51:54 737280 ----a-w- C:\Windows\iun6002.exe
2010-10-27 16:51:41 -------- d-----w- C:\Program Files (x86)\Karaoke Anything!
2010-10-27 08:04:30 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 08:04:30 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 08:04:30 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 08:04:30 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 08:04:30 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 08:04:30 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 08:04:30 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 08:04:24 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-20 14:55:39 -------- d-----w- C:\Users\Bryony\AppData\Roaming\PCF-VLC
2010-10-20 14:54:21 -------- d-----w- C:\Users\Bryony\AppData\Roaming\Participatory Culture Foundation
2010-10-20 14:44:56 -------- d-----w- C:\Program Files (x86)\Participatory Culture Foundation
2010-10-07 14:15:07 -------- d-----w- C:\Users\Bryony\AppData\Roaming\My Battle for Middle-earth™ II Files

==================== Find3M ====================

2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-21 13:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 13:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-09 22:39:14 2826240 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2010-09-08 10:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 18:03:59 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 21:19:03.27 ===============

Now "a.exe" shows up in processes, and slows my computer down immensely.

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 31 October 2010 - 09:14 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:44 PM

Posted 08 November 2010 - 05:48 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:44 PM

Posted 12 November 2010 - 08:58 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users