Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Palevo Worm?


  • This topic is locked This topic is locked
2 replies to this topic

#1 isep

isep

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 11 November 2010 - 01:53 AM

Symptoms are identical to those found in: http://silkenhut.com/random-pop-ups-opened-by-internet-explorer-virus/
except malwarebytes could find nothing
-popups opening in new tabs in chrome
-recently slowed windows startup (is this from defogger? :S)

Also GMER.exe freezes continually during scan.


DDS (Ver_10-11-10.01) - NTFSx86
Run by Elan at 23:54:45.20 on Wed 11/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1927 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Riot Games\League of Legends\lol.launcher.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Documents and Settings\Elan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Elan\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\Elan\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
mWinlogon: Taskman=c:\documents and settings\elan\utre.exe
uWinlogon: Shell=explorer.exe,c:\documents and settings\elan\utre.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Google Update] "c:\documents and settings\elan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\google\google~4\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\elan\applic~1\mozilla\firefox\profiles\dmctzgpg.default\
FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\elan\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\elan\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\elan\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-27 218592]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-1 11608]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2009-6-14 339328]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2009-6-14 55168]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-1 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-1 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-1 60936]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2009-8-3 191848]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2009-8-3 169320]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2009-9-1 1966008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-15 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101105.003\naveng.sys [2010-11-5 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101105.003\navex15.sys [2010-11-5 1371184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-27 136176]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-10-27 30192]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-10-26 81680]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2009-9-1 116664]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-10-27 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-10-27 1142224]

=============== Created Last 30 ================

2010-11-10 03:26:46 -------- d-----w- c:\program files\Ventrilo
2010-11-10 03:26:31 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-11-06 05:13:20 -------- d-----r- c:\program files\Skype
2010-11-05 23:39:41 -------- d-----w- c:\program files\DellTPad
2010-11-05 23:39:35 155136 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-11-05 23:39:35 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-11-05 23:39:35 100418 ----a-w- c:\windows\system32\Vxdif.dll
2010-11-03 05:26:59 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-11-03 05:10:23 -------- d--h--w- c:\windows\msdownld.tmp
2010-11-03 04:39:16 -------- d-----w- c:\program files\Sun
2010-11-02 14:50:27 -------- d-sh--w- c:\documents and settings\elan\PrivacIE
2010-11-01 20:18:49 -------- d-----w- c:\windows\system32\NtmsData
2010-11-01 15:07:21 -------- d-----w- c:\docume~1\elan\applic~1\Avira
2010-11-01 15:02:45 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-01 15:02:42 -------- d-----w- c:\program files\Avira
2010-11-01 15:02:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-11-01 14:54:22 -------- d-----w- c:\docume~1\elan\locals~1\applic~1\Mozilla
2010-10-31 14:17:02 -------- d-----w- c:\windows\system32\ReinstallBackups
2010-10-30 22:59:52 -------- d-----w- c:\docume~1\elan\applic~1\Xfire
2010-10-30 22:59:48 -------- d-----w- c:\program files\Xfire
2010-10-29 17:30:29 -------- d-----w- c:\docume~1\elan\applic~1\Malwarebytes
2010-10-29 17:30:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-29 17:30:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-29 17:30:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-29 17:30:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-28 06:28:26 -------- d-----w- c:\program files\VideoLAN
2010-10-28 04:11:55 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-28 04:11:53 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-28 04:11:53 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-28 04:11:49 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-28 04:11:27 -------- d-----w- c:\program files\Spyware Doctor
2010-10-28 04:11:27 -------- d-----w- c:\program files\common files\PC Tools
2010-10-28 04:11:27 -------- d-----w- c:\docume~1\elan\applic~1\PC Tools
2010-10-28 04:11:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-10-28 03:01:48 -------- d-----w- c:\documents and settings\elan\workspace
2010-10-28 02:57:47 -------- d-----w- c:\program files\eclipse
2010-10-26 21:21:36 40960 ----a-r- c:\docume~1\elan\applic~1\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-10-26 21:21:36 40960 ----a-r- c:\docume~1\elan\applic~1\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\ARPPRODUCTICON.exe
2010-10-26 21:21:35 -------- d-----w- c:\program files\Project64 1.6
2010-10-26 21:16:24 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-10-26 21:15:48 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-10-26 21:15:39 81680 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2010-10-26 21:15:39 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2010-10-26 21:15:39 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-10-26 21:14:49 255496 ----a-w- c:\windows\system32\MijFrc.dll
2010-10-26 21:14:49 -------- d-----w- c:\docume~1\elan\applic~1\MotioninJoy
2010-10-26 21:14:48 -------- d-----w- c:\program files\MotioninJoy
2010-10-21 13:52:22 -------- d-sh--w- c:\documents and settings\elan\IETldCache
2010-10-21 02:17:33 13312 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-10-21 02:17:04 -------- d-----w- c:\windows\ie8updates
2010-10-21 02:16:43 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-10-21 02:16:42 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-21 02:16:42 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-21 02:14:37 -------- dc-h--w- c:\windows\ie8
2010-10-19 23:52:08 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-10-19 23:52:04 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-10-19 23:52:02 16384 ----a-w- c:\windows\system32\ipsink.ax
2010-10-19 23:52:02 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-10-19 23:52:00 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-10-19 23:51:58 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-10-19 23:51:55 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-10-19 23:51:53 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-10-19 23:51:48 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-10-19 23:51:40 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-10-19 23:51:40 28672 ----a-w- c:\windows\system32\vidcap.ax
2010-10-19 23:51:40 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-10-19 23:51:39 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2010-10-19 23:51:39 61952 ----a-w- c:\windows\system32\kstvtune.ax
2010-10-19 23:51:39 43008 ----a-w- c:\windows\system32\ksxbar.ax
2010-10-19 23:51:39 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-10-19 15:39:19 -------- d-----w- c:\program files\BitTorrent
2010-10-19 15:38:57 -------- d-----w- c:\docume~1\elan\applic~1\BitTorrent
2010-10-19 13:31:31 -------- d-----w- C:\fadecc5c1719c9f71fe6c8
2010-10-18 23:51:23 -------- d-----w- c:\docume~1\elan\locals~1\applic~1\Identities
2010-10-18 23:08:02 -------- d-----w- c:\docume~1\elan\locals~1\applic~1\Adobe
2010-10-18 23:05:22 -------- d-----w- c:\docume~1\elan\applic~1\OpenOffice.org
2010-10-18 23:04:07 -------- d-----w- c:\program files\JRE
2010-10-18 23:04:01 -------- d-----w- c:\program files\OpenOffice.org 3
2010-10-18 23:03:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-18 23:03:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-17 00:29:00 -------- d-----w- c:\docume~1\elan\applic~1\TS3Client
2010-10-17 00:26:54 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-10-16 22:26:30 -------- d-----w- c:\docume~1\elan\applic~1\LolClient
2010-10-16 22:24:11 -------- d-----w- c:\program files\common files\DivX Shared
2010-10-16 22:23:39 -------- d-----w- c:\program files\DivX
2010-10-16 22:23:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-10-16 22:22:20 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-10-16 22:22:20 77824 ----a-w- c:\windows\system32\xvid.ax
2010-10-16 22:22:20 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-16 22:22:20 -------- d-----w- c:\program files\Xvid
2010-10-16 22:00:28 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-10-16 22:00:28 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-10-16 22:00:27 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-10-16 22:00:27 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-10-16 22:00:24 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-10-16 22:00:22 -------- d-----w- c:\windows\Logs
2010-10-16 21:59:14 -------- d-----w- C:\Riot Games
2010-10-16 21:44:49 -------- d-----w- c:\docume~1\elan\locals~1\applic~1\PMB Files
2010-10-16 21:44:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
2010-10-16 21:44:33 -------- d-----w- c:\program files\Pando Networks
2010-10-16 18:38:25 -------- d-----w- c:\documents and settings\elan\Games
2010-10-16 17:46:03 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-10-16 17:46:02 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-10-16 17:46:00 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-10-15 06:22:05 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-10-15 06:21:40 58880 ------w- c:\windows\system32\dllcache\atl.dll
2010-10-15 06:20:36 357248 ------w- c:\windows\system32\dllcache\srv.sys
2010-10-15 06:20:22 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-15 06:20:05 457216 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-10-15 06:19:26 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-15 06:19:08 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-10-15 06:19:08 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-10-15 06:19:01 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-10-15 06:19:01 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-10-15 06:19:01 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-10-15 06:19:01 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-10-15 06:19:01 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-10-15 06:19:01 35328 ------w- c:\windows\system32\dllcache\sc.exe
2010-10-15 06:19:01 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-10-15 06:19:01 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-10-15 06:19:01 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-10-15 06:18:48 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-10-15 06:18:46 2190080 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-10-15 06:18:46 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-10-15 06:18:46 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-10-15 06:14:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-10-15 06:14:03 -------- d-----w- c:\docume~1\elan\locals~1\applic~1\Symantec
2010-10-15 06:13:58 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-10-15 06:13:34 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-10-15 06:13:34 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-10-15 06:13:31 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 06:13:30 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 06:13:30 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 06:13:17 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-10-15 06:12:59 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-15 06:12:59 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-15 06:12:51 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-10-15 06:12:41 -------- d-----w- c:\program files\Symantec
2010-10-15 06:12:35 -------- d-----w- c:\program files\Symantec AntiVirus
2010-10-15 06:12:35 -------- d-----w- c:\program files\common files\Symantec Shared
2010-10-15 06:12:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-10-15 06:04:15 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-10-15 06:04:06 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-10-15 06:04:02 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-10-14 17:12:15 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-10-14 17:12:15 -------- d-----w- c:\windows\nview
2010-10-14 17:11:34 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-10-14 17:11:33 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2010-10-14 17:11:33 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2010-10-14 17:11:33 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2010-10-14 17:11:33 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2010-10-14 17:11:33 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2010-10-14 17:11:33 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2010-10-14 17:11:28 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2010-10-14 17:11:28 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2010-10-14 17:01:56 -------- d-----w- C:\DELL
2010-10-14 16:58:08 -------- d-----w- c:\docume~1\elan\locals~1\applic~1\Temp
2010-10-14 16:58:06 -------- d-----w- c:\docume~1\elan\locals~1\applic~1\Google
2010-10-14 16:57:08 -------- d-----w- c:\docume~1\elan\locals~1\applic~1\Deployment

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:38:48 1861888 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 06:05:07 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 23:55:44.12 ===============

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:58 AM

Posted 18 November 2010 - 08:16 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:58 AM

Posted 23 November 2010 - 08:34 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users