Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Discovered Heuristic Trojan (?) recently, unsure of current status


  • This topic is locked This topic is locked
6 replies to this topic

#1 bouncier

bouncier

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 02 March 2011 - 07:29 AM

The video stopped functioning on certain games and gradually worsened. Flash and java problems gradually arose from nowhere in that everything was functioning approx. a month ago. Games I once played and then was unable to play, all played briefly (for a couple of days) before they became inaccessible once again.

I recently discovered a heuristic (sp?) infection with SuperAntiSpyware. The Microsoft Security Essentials antivirus program was unable to update with latest definitions, (I believe I may have inadvertantly downloaded an unsigned file purporting to be ATI in my attempt to update my drivers). I uninstalled then reinstalled MSSE however every attempt to update the definitions has failed for over a week. I discovered that all windows updates have failed for some time. I discovered Microsoft Security Client which I never authorized on system, and have been unble to determine if it is the same as Microsoft Security Essentials. It appears that they are both antivirus programs offered by MS, but I do not know the difference or where the Security Client came from.

My installer was damaged and every attempt to repair/replace was unsuccessful until a day ago. Gateway timeout warnings, damaged registry and/or .dll files interrupting messages from remote computer (MSSE), application hangs, unable to access network locations, faulty applications such as M.O.M. and Presentation Font Cache (never was aware of Presentation Font app. before) and windows files i.e., appmgmt disappearing; and new and strange files popping up here and there. I try to physically peruse portions of my Windows files/system hoping to familiarize myself of the contents. And of course, the SLOW was worse than experienced ever, but not all the time.

I have had virus/malware previously but believed it had been rid. I know that the previous infection was in my system volume information used by System Restore. Whatever may be infecting my system now appears more aggressive.

You guys are so much appreciated. I have been beating my head against the wall trying to resolve one problem at a time however they started coming at me faster than I could open IE. I am hopeful that the logs will answer most of any questions you may have. I will supply as much more detailed information and may be needed.



DDS (Ver_10-12-12.02) - NTFSx86
Run by bouncier at 1:51:57.42 on Wed 03/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3455.2807 [GMT -7:00]

AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Benubird PDF\BenubirdAssistant.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpeedingUpMyPC\SPMTray.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Juno\qsacc\x1exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rpcrt432.exe
C:\WINDOWS\system32\mmdrv32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\mf3216wow.exe
C:\Program Files\Cobian Backup 10\Cobian.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\bouncier\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://my.juno.com/s/search?r=minisearch
uSearch Bar = hxxp://my.juno.com/s/search?r=minisearch
mDefault_Search_URL = hxxp://my.juno.com/s/search?r=minisearch
mSearch Page = hxxp://my.juno.com/s/search?r=minisearch
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:7900
uInternet Settings,ProxyOverride = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;cf.netzero.net;qs.netzero.net;*.quicken.com;feed.untd.com;*.pogo.com;<local>
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
mSearchAssistant = hxxp://my.juno.com/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\juno\SearchEnh1.dll
BHO: AutorunsDisabled - No File
BHO: {04aa65f9-bdae-40c2-9e24-68de55ad57ba} - c:\windows\system32\atiok3x232.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\juno\qsacc\X1IEBHO.dll
BHO: Juno Toolbar Helper: {fe3098b1-04a3-41fd-8ca9-bea39cb14c87} - c:\program files\juno\ucreg.dll
TB: JunoBar: {5854fac4-5bf0-47dd-b5a9-a5ea8cff3cf4} - c:\program files\juno\Toolbar.dll
uRun: [Juno_uoltray] c:\program files\juno\exec.exe regrun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SPMTray] c:\program files\speedingupmypc\SPMTray.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Benubird PDF] c:\program files\benubird pdf\BenubirdAssistant.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LiveMonitor] c:\program files\msi\live update 3\LMonitor.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mf3216wow.exe] c:\windows\mf3216wow.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mExplorerRun: [RTHDBPL] c:\documents and settings\bouncier\application data\syswin\lsass.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\corelr~1.lnk - c:\program files\corel\wordperfect office 2000\register\Remind32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\corelc~2.lnk - c:\program files\corel\wordperfect office 2000\programs\ccwin9.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\corelc~1.lnk - c:\program files\corel\wordperfect office 2000\programs\alarm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\deskto~1.lnk - c:\program files\corel\wordperfect office 2000\programs\dad9.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
IE: Display All Images with Full Quality - c:\program files\juno\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\juno\qsacc\appres.dll/227
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: {56A69CA0-9C72-4A08-98A9-3AF99BFE3953} = 64.136.52.73 64.136.44.73
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\mimefilt32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Schedule32;Task Scheduler ;c:\windows\system32\rpcrt432.exe [2011-3-1 1327616]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-3-2 67584]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-19 1684736]
S4 MpKsl8a8ff3c9;MpKsl8a8ff3c9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24e4c23c-c5f7-4703-9c7e-e99a678ae6af}\mpksl8a8ff3c9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24e4c23c-c5f7-4703-9c7e-e99a678ae6af}\MpKsl8a8ff3c9.sys [?]

=============== Created Last 30 ================

2011-03-02 07:47:03 -------- d-----w- c:\docume~1\bouncier\locals~1\applic~1\Safe mirror
2011-03-02 07:46:13 -------- d-----w- c:\program files\Cobian Backup 10
2011-03-02 07:33:51 -------- d-----w- c:\program files\Cobian Backup 8
2011-03-02 06:40:30 519168 --sh--w- c:\windows\mf3216wow.exe
2011-03-02 06:40:30 -------- d-sh--w- c:\windows\system32\BA057A8FC4612FEB0D8141401B9E4E3F
2011-03-02 06:36:47 -------- d-----w- c:\windows\system32\1601329496
2011-03-02 06:36:41 -------- d-sh--w- c:\windows\system32\SysWoW32
2011-03-02 06:36:14 203776 --sh--w- c:\windows\system32\unrar.exe
2011-03-02 06:36:14 -------- d-----w- c:\windows\system32\1927785376
2011-03-02 06:29:28 1076224 --sha-w- c:\windows\system32\FE.tmp
2011-03-02 06:24:51 -------- d-----w- c:\windows\system32\NtmsData
2011-03-02 06:24:49 0 --sha-w- c:\windows\system32\FB.tmp
2011-03-02 06:24:40 1327616 ----a-w- c:\windows\system32\rpcrt432.exe
2011-03-01 23:27:41 -------- d-----w- c:\docume~1\bouncier\applic~1\SpeedingUpMyPC
2011-03-01 23:27:41 -------- d-----w- c:\docume~1\bouncier\applic~1\RegistryKeys
2011-03-01 23:27:38 -------- d-----w- c:\program files\SpeedingUpMyPC
2011-03-01 07:52:24 -------- d-----w- c:\program files\Manhattan Slots
2011-02-28 16:55:58 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-28 06:52:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-02-28 06:52:09 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-02-28 06:52:08 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-02-28 06:52:05 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-02-28 06:52:02 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-02-28 06:50:58 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2011-02-28 06:49:57 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-02-28 06:48:59 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2011-02-28 06:47:59 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2011-02-28 06:46:58 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-02-28 06:46:55 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2011-02-28 06:46:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2011-02-28 06:46:52 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-02-28 06:46:48 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-02-28 06:43:58 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-02-28 06:42:58 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2011-02-28 06:41:58 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-02-28 06:40:58 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2011-02-28 06:39:58 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2011-02-28 06:39:56 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2011-02-28 06:39:53 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2011-02-28 06:39:50 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2011-02-28 06:39:48 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-02-28 06:39:45 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2011-02-28 06:39:43 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-02-28 06:39:40 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2011-02-28 06:39:38 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-02-28 06:39:35 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-02-28 06:39:31 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-02-28 06:39:29 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-02-28 06:39:25 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-02-28 06:12:23 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-02-28 06:12:20 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-02-28 06:12:20 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-02-28 06:12:17 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-02-28 06:12:15 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-02-28 06:12:11 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-02-28 06:12:11 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-02-28 06:12:07 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2011-02-28 06:12:04 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2011-02-28 06:12:02 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2011-02-28 06:10:58 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-02-28 06:09:58 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-02-28 06:08:56 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-02-28 06:07:59 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2011-02-28 06:06:59 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2011-02-27 21:15:23 -------- d-----w- c:\docume~1\bouncier\applic~1\SUPERAntiSpyware.com
2011-02-27 21:15:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-26 22:00:26 756776 ----a-w- c:\program files\OneCareCleanup.exe
2011-02-25 19:06:55 885024 ----a-w- c:\program files\JavaSetup6u24.exe
2011-02-23 22:25:39 6912 ------w- c:\windows\system32\drivers\FlashSys.sys
2011-02-23 22:25:39 18359 ------w- c:\windows\system32\Ntaccess.sys
2011-02-23 22:25:39 13368 ------w- c:\windows\system32\FlashVxd.vxd
2011-02-23 22:25:39 -------- d-----w- c:\program files\MSI
2011-02-21 01:13:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-21 01:13:39 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-20 18:49:59 69194 -c--a-w- c:\windows\system32\dllcache\el656cd5.sys
2011-02-20 18:48:59 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys
2011-02-20 18:47:59 39680 -c--a-w- c:\windows\system32\dllcache\cb325.sys
2011-02-20 18:46:59 104832 -c--a-w- c:\windows\system32\dllcache\atiraged.dll
2011-02-20 18:31:36 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-02-20 17:41:04 -------- d-----w- c:\windows\pss
2011-02-20 09:42:52 0 --sha-w- c:\windows\system32\124.tmp
2011-02-20 09:29:20 0 ---ha-w- c:\documents and settings\bouncier\lmogjqbdfo.tmp
2011-02-20 09:27:09 176640 ----a-w- c:\windows\system32\miglibnt32.exe
2011-02-20 09:26:47 0 --sha-w- c:\windows\system32\11B.tmp
2011-02-20 09:26:45 244224 ----a-w- c:\windows\system32\mimefilt32.dll
2011-02-20 09:26:45 1327616 ----a-w- c:\windows\system32\mmdrv32.exe
2011-02-20 09:26:45 -------- d-sh--w- c:\docume~1\bouncier\applic~1\SysWin
2011-02-20 09:26:44 1327616 ----a-w- c:\windows\system32\ntlsapi32.exe
2011-02-20 09:26:43 402944 ----a-w- c:\windows\system32\atiok3x232.dll
2011-02-20 09:26:43 176640 ----a-w- c:\windows\system32\mimefilt32.exe
2011-02-20 07:24:58 -------- d-----w- c:\documents and settings\bouncier\Shared
2011-02-20 07:24:47 -------- d-----w- c:\documents and settings\bouncier\Incomplete
2011-02-20 07:24:37 -------- d-----w- c:\docume~1\bouncier\applic~1\FrostWire
2011-02-20 01:48:06 0 ----a-w- c:\windows\ativpsrm.bin
2011-02-20 01:13:23 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-02-20 01:04:49 45056 ----a-w- c:\windows\system32\aticalrt.dll
2011-02-20 01:04:49 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2011-02-20 01:04:48 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2011-02-20 01:04:48 45056 ----a-w- c:\windows\system32\aticalcl.dll
2011-02-20 01:04:48 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2011-02-20 01:04:48 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2011-02-20 01:04:48 118784 ----a-w- c:\windows\system32\atibrtmon.exe
2011-02-19 19:50:40 -------- d-----w- c:\docume~1\bouncier\applic~1\Configuration
2011-02-19 19:43:03 -------- d-----w- c:\program files\DriverGuide Toolkit
2011-02-19 13:46:34 405504 ----a-w- c:\windows\vncutil.exe
2011-02-19 13:46:33 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-02-19 13:46:33 122880 ----a-w- c:\windows\RtkAudioService.exe
2011-02-19 13:46:31 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-02-19 13:46:31 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-02-19 04:53:34 39936 ----a-w- c:\windows\system32\RHCoInstXP.dll
2011-02-19 04:53:34 3733760 ----a-w- c:\windows\system32\drivers\RtKHDMI.sys
2011-02-19 03:21:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\UAB
2011-02-19 03:21:41 -------- d-----w- c:\docume~1\bouncier\locals~1\applic~1\PC_Drivers_Headquarters
2011-02-19 03:04:30 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2011-02-18 23:55:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers Headquarters
2011-02-16 06:31:05 -------- d-----w- c:\docume~1\bouncier\applic~1\RadarSync

==================== Find3M ====================

2011-02-25 05:06:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-19 08:41:34 1200128 ----a-w- c:\windows\RtkUpd.exe
2011-02-19 06:57:51 880640 ----a-w- c:\windows\system32\RTSndMgr.CPL
2011-02-19 06:57:51 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2011-02-19 06:57:51 1826816 ----a-w- c:\windows\SkyTel.exe
2011-02-19 06:57:51 1482752 ----a-w- c:\windows\RtlUpd.exe
2011-02-19 06:57:50 9715200 ----a-w- c:\windows\RTLCPL.EXE
2011-02-19 06:57:50 18702336 ----a-w- c:\windows\RTHDCPL.EXE
2011-02-19 06:57:48 2808832 ----a-w- c:\windows\ALCWZRD.EXE
2011-02-19 06:57:48 278528 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2011-02-19 06:57:48 2170880 ----a-w- c:\windows\MicCal.exe
2011-02-19 06:57:47 831488 ----a-w- c:\windows\RtlExUpd.dll
2011-02-19 06:57:47 57344 ----a-w- c:\windows\ALCMTR.EXE
2011-02-03 00:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 1:52:10.75 ===============

Attached Files


Edited by Budapest, 02 March 2011 - 09:07 PM.


BC AdBot (Login to Remove)

 


#2 bouncier

bouncier
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 08 March 2011 - 06:10 PM

I assume that you are waiting for me to say it's okay to go ahead, it is. Sorry I took so long, I didn't realize I needed to let you know....Shellie

#3 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 AM

Posted 10 March 2011 - 10:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#4 bouncier

bouncier
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 20 March 2011 - 01:54 AM

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by bouncier at 23:32:41.23 on Sat 03/19/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3455.2869 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Benubird PDF\BenubirdAssistant.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Juno\qsacc\x1exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\bouncier\Application Data\U3\2584800F49113C2B\LaunchPad.exe
C:\Program Files\Cobian Backup 10\Cobian.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Documents and Settings\bouncier\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://my.juno.com/s/search?r=minisearch
uSearch Bar = hxxp://my.juno.com/s/search?r=minisearch
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://my.juno.com/s/search?r=minisearch
mSearch Page = hxxp://my.juno.com/s/search?r=minisearch
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:7900
uInternet Settings,ProxyOverride = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;cf.netzero.net;qs.netzero.net;*.quicken.com;feed.untd.com;*.pogo.com;<local>
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
mSearchAssistant = hxxp://my.juno.com/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\juno\SearchEnh1.dll
BHO: {04aa65f9-bdae-40c2-9e24-68de55ad57ba} - c:\windows\system32\atiok3x232.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\juno\qsacc\X1IEBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Juno Toolbar Helper: {fe3098b1-04a3-41fd-8ca9-bea39cb14c87} - c:\program files\juno\ucreg.dll
TB: JunoBar: {5854fac4-5bf0-47dd-b5a9-a5ea8cff3cf4} - c:\program files\juno\Toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Juno_uoltray] c:\program files\juno\exec.exe regrun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LiveMonitor] c:\program files\msi\live update 3\LMonitor.exe
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [Benubird PDF] c:\program files\benubird pdf\BenubirdAssistant.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mExplorerRun: [RTHDBPL] c:\documents and settings\bouncier\application data\syswin\lsass.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\corelr~1.lnk - c:\program files\corel\wordperfect office 2000\register\Remind32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\corelc~2.lnk - c:\program files\corel\wordperfect office 2000\programs\ccwin9.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\corelc~1.lnk - c:\program files\corel\wordperfect office 2000\programs\alarm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\deskto~1.lnk - c:\program files\corel\wordperfect office 2000\programs\dad9.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
IE: Display All Images with Full Quality - c:\program files\juno\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\juno\qsacc\appres.dll/227
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {56A69CA0-9C72-4A08-98A9-3AF99BFE3953} = 64.136.44.74 64.136.52.74
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\mimefilt32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S1 MpKsl8a8ff3c9;MpKsl8a8ff3c9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24e4c23c-c5f7-4703-9c7e-e99a678ae6af}\mpksl8a8ff3c9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24e4c23c-c5f7-4703-9c7e-e99a678ae6af}\MpKsl8a8ff3c9.sys [?]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-3-19 67584]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-19 1684736]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-2-28 14336]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-3-17 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-3-17 11104]
.
=============== Created Last 30 ================
.
2011-03-20 04:52:20 -------- d-----w- c:\docume~1\bouncier\locals~1\applic~1\Safe mirror
2011-03-20 01:40:45 -------- d-----w- c:\docume~1\bouncier\applic~1\Blitware
2011-03-20 01:40:44 -------- d-----w- c:\program files\Driver Robot
2011-03-19 23:19:40 -------- d-----w- C:\PE.Explorer_setup
2011-03-19 23:19:38 -------- d-----w- C:\File Shredder
2011-03-19 23:19:38 -------- d-----w- C:\Alex Feinman
2011-03-18 01:15:57 -------- d-----w- c:\program files\Yahoo!
2011-03-17 19:20:16 725064 ----a-w- c:\windows\system32\pwNative.exe
2011-03-17 19:20:16 16472 ------w- c:\windows\system32\pwdrvio.sys
2011-03-17 19:20:15 11104 ------w- c:\windows\system32\pwdspio.sys
2011-03-17 19:17:56 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 5.2
2011-03-17 18:48:57 8246408 ----a-w- c:\program files\pwhe52.exe
2011-03-15 06:57:11 -------- d-----w- c:\program files\PE Explorer1
2011-03-15 06:48:52 -------- d-----w- c:\program files\Auslogics
2011-03-15 06:41:15 -------- d-----w- c:\program files\Application Verifier
2011-03-15 03:34:36 4177272 ----a-w- c:\program files\procexp.exe
2011-03-15 02:44:22 449840 ----a-w- c:\program files\FixitCenter_Run.exe
2011-03-15 00:11:33 -------- d-----w- c:\docume~1\bouncier\locals~1\applic~1\Help
2011-03-14 15:14:54 -------- d-----w- c:\program files\Microsoft Security Essentials
2011-03-12 05:01:37 -------- d-----w- c:\program files\Alex Feinman
2011-03-12 05:00:17 -------- d-----w- c:\program files\Esl
2011-03-12 05:00:14 -------- d-----w- c:\program files\Resource
2011-03-12 05:00:11 -------- d-----w- c:\program files\Setup Files
2011-03-12 05:00:11 -------- d-----w- c:\program files\Reader
2011-03-12 03:48:38 -------- d-----w- c:\windows\setup.pss
2011-03-11 07:18:50 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-03-11 05:45:28 -------- d-----w- c:\program files\Eraser
2011-03-11 05:20:43 -------- dc----w- c:\docume~1\bouncier\locals~1\applic~1\MigWiz
2011-03-11 05:20:12 -------- d-----w- c:\program files\Windows Easy Transfer 7
2011-03-11 01:37:24 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-11 01:37:24 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-11 01:37:10 -------- d-----w- c:\program files\Manhattan Slots
2011-03-11 01:37:05 -------- d-----w- c:\program files\3Dice Casino
2011-03-11 01:36:00 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-11 01:34:57 -------- d-----w- c:\windows\system32\Adobe
2011-03-10 19:15:49 369152 ----a-w- C:\ISORecorderV2RC1.msi
2011-03-08 09:20:58 -------- d-----w- c:\program files\Microsoft Security Client(2)
2011-03-08 08:58:49 -------- d-----w- c:\program files\Microsoft
2011-03-07 15:17:01 -------- d-----w- c:\program files\common files\Java(2)
2011-03-07 15:16:37 -------- d-----w- c:\program files\Java(2)
2011-03-07 13:53:10 -------- d-----w- c:\docume~1\bouncier\applic~1\PE Explorer
2011-03-07 13:53:07 -------- d-----w- c:\program files\PE Explorer
2011-03-07 13:02:24 -------- d-----w- c:\program files\Sun
2011-03-07 12:57:32 -------- d-----w- C:\TEMP
2011-03-07 11:26:18 -------- d-----w- c:\docume~1\bouncier\applic~1\Uniblue
2011-03-07 11:10:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sun(2)
2011-03-07 11:09:37 -------- d-----w- C:\IISDebugTools
2011-03-07 08:19:33 1075712 --sha-w- c:\windows\system32\615.tmp
2011-03-05 19:08:08 0 ----a-w- c:\windows\system32\581.tmp
2011-03-05 19:08:08 0 ----a-w- c:\windows\system32\580.tmp
2011-03-04 23:08:08 1075712 --sha-w- c:\windows\system32\327.tmp
2011-03-04 04:08:41 1075712 --sha-w- c:\windows\system32\EF.tmp
2011-03-03 18:34:48 1085952 --sha-w- c:\windows\system32\761.tmp
2011-03-03 18:25:16 1085952 --sha-w- c:\windows\system32\75D.tmp
2011-03-03 09:11:05 1077760 --sha-w- c:\windows\system32\53A.tmp
2011-03-03 01:56:25 -------- d-----w- c:\program files\ilivid
2011-03-02 18:11:43 1077760 --sha-w- c:\windows\system32\123.tmp
2011-03-02 15:05:05 -------- d-----w- c:\program files\3Dice Casino(2)
2011-03-02 14:52:17 -------- d-----w- c:\program files\Windows Installer Clean Up(2)
2011-03-02 14:31:08 -------- d-----w- c:\program files\MSECACHE
2011-03-02 07:46:13 -------- d-----w- c:\program files\Cobian Backup 10
2011-03-02 07:33:51 -------- d-----w- c:\program files\Cobian Backup 8
2011-03-02 06:40:30 -------- d-----w- c:\windows\system32\BA057A8FC4612FEB0D8141401B9E4E3F
2011-03-02 06:36:47 -------- d-----w- c:\windows\system32\1601329496
2011-03-02 06:36:41 -------- d-----w- c:\windows\system32\SysWoW32
2011-03-02 06:36:14 -------- d-----w- c:\windows\system32\1927785376
2011-03-02 06:29:28 1076224 --sha-w- c:\windows\system32\FE.tmp
2011-03-02 06:24:51 -------- d-----w- c:\windows\system32\NtmsData
2011-03-02 06:24:49 0 --sha-w- c:\windows\system32\FB.tmp
2011-03-01 23:27:38 -------- d-----w- c:\program files\SpeedingUpMyPC
2011-02-28 06:52:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-02-28 06:52:09 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-02-28 06:52:08 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-02-28 06:52:05 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-02-28 06:52:02 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-02-28 06:50:58 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2011-02-28 06:49:57 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-02-28 06:48:59 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2011-02-28 06:47:59 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2011-02-28 06:46:58 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-02-28 06:46:55 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2011-02-28 06:46:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2011-02-28 06:46:52 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-02-28 06:46:48 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-02-28 06:43:58 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-02-28 06:42:58 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2011-02-28 06:41:58 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-02-28 06:40:58 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2011-02-28 06:39:58 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2011-02-28 06:39:56 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2011-02-28 06:39:53 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2011-02-28 06:39:50 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2011-02-28 06:39:48 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-02-28 06:39:45 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2011-02-28 06:39:43 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-02-28 06:39:40 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2011-02-28 06:39:38 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-02-28 06:39:35 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-02-28 06:39:31 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-02-28 06:39:29 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-02-28 06:39:25 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-02-28 06:12:23 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-02-28 06:12:20 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-02-28 06:12:20 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-02-28 06:12:17 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-02-28 06:12:15 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-02-28 06:12:11 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-02-28 06:12:11 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-02-28 06:12:07 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2011-02-28 06:12:04 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2011-02-28 06:12:02 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2011-02-28 06:10:58 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-02-28 06:09:58 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-02-28 06:08:56 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-02-28 06:07:59 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2011-02-28 06:06:59 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2011-02-27 21:15:23 -------- d-----w- c:\docume~1\bouncier\applic~1\SUPERAntiSpyware.com
2011-02-27 21:15:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-26 22:00:26 756776 ----a-w- c:\program files\OneCareCleanup.exe
2011-02-25 19:06:55 885024 ----a-w- c:\program files\JavaSetup6u24.exe
2011-02-23 22:25:39 6912 ------w- c:\windows\system32\drivers\FlashSys.sys
2011-02-23 22:25:39 18359 ------w- c:\windows\system32\Ntaccess.sys
2011-02-23 22:25:39 13368 ------w- c:\windows\system32\FlashVxd.vxd
2011-02-23 22:25:39 -------- d-----w- c:\program files\MSI
2011-02-20 18:49:59 69194 -c--a-w- c:\windows\system32\dllcache\el656cd5.sys
2011-02-20 18:48:59 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys
2011-02-20 18:47:59 39680 -c--a-w- c:\windows\system32\dllcache\cb325.sys
2011-02-20 18:46:59 104832 -c--a-w- c:\windows\system32\dllcache\atiraged.dll
2011-02-20 18:31:36 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-02-20 17:41:04 -------- d-----w- c:\windows\pss
2011-02-20 09:42:52 0 --sha-w- c:\windows\system32\124.tmp
2011-02-20 09:29:20 0 ---ha-w- c:\documents and settings\bouncier\lmogjqbdfo.tmp
2011-02-20 09:27:09 176640 ----a-w- c:\windows\system32\miglibnt32.exe
2011-02-20 09:26:47 0 --sha-w- c:\windows\system32\11B.tmp
2011-02-20 09:26:45 244224 ----a-w- c:\windows\system32\mimefilt32.dll
2011-02-20 09:26:45 1327616 ----a-w- c:\windows\system32\mmdrv32.exe
2011-02-20 09:26:45 -------- d-sh--w- c:\docume~1\bouncier\applic~1\SysWin
2011-02-20 09:26:44 1327616 ----a-w- c:\windows\system32\ntlsapi32.exe
2011-02-20 09:26:43 402944 ----a-w- c:\windows\system32\atiok3x232.dll
2011-02-20 09:26:43 176640 ----a-w- c:\windows\system32\mimefilt32.exe
2011-02-20 07:24:58 -------- d-----w- c:\documents and settings\bouncier\Shared
2011-02-20 07:24:47 -------- d-----w- c:\documents and settings\bouncier\Incomplete
2011-02-20 07:24:37 -------- d-----w- c:\docume~1\bouncier\applic~1\FrostWire
2011-02-20 01:48:06 0 ----a-w- c:\windows\ativpsrm.bin
2011-02-20 01:13:23 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-02-20 01:04:49 45056 ----a-w- c:\windows\system32\aticalrt.dll
2011-02-20 01:04:49 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2011-02-20 01:04:48 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2011-02-20 01:04:48 45056 ----a-w- c:\windows\system32\aticalcl.dll
2011-02-20 01:04:48 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2011-02-20 01:04:48 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2011-02-20 01:04:48 118784 ----a-w- c:\windows\system32\atibrtmon.exe
2011-02-19 19:50:40 -------- d-----w- c:\docume~1\bouncier\applic~1\Configuration
2011-02-19 19:43:03 -------- d-----w- c:\program files\DriverGuide Toolkit
2011-02-19 13:46:34 405504 ----a-w- c:\windows\vncutil.exe
2011-02-19 13:46:33 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-02-19 13:46:33 122880 ----a-w- c:\windows\RtkAudioService.exe
2011-02-19 13:46:31 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-02-19 13:46:31 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-02-19 04:53:34 39936 ----a-w- c:\windows\system32\RHCoInstXP.dll
2011-02-19 04:53:34 3733760 ----a-w- c:\windows\system32\drivers\RtKHDMI.sys
2011-02-19 03:21:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\UAB
2011-02-19 03:21:41 -------- d-----w- c:\docume~1\bouncier\locals~1\applic~1\PC_Drivers_Headquarters
2011-02-19 03:04:30 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2011-02-18 23:55:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers Headquarters
.
==================== Find3M ====================
.
2011-02-25 05:06:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-19 08:41:34 1200128 ----a-w- c:\windows\RtkUpd.exe
2011-02-19 06:57:51 880640 ----a-w- c:\windows\system32\RTSndMgr.CPL
2011-02-19 06:57:51 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2011-02-19 06:57:51 1826816 ----a-w- c:\windows\SkyTel.exe
2011-02-19 06:57:51 1482752 ----a-w- c:\windows\RtlUpd.exe
2011-02-19 06:57:50 9715200 ----a-w- c:\windows\RTLCPL.EXE
2011-02-19 06:57:50 18702336 ----a-w- c:\windows\RTHDCPL.EXE
2011-02-19 06:57:48 2808832 ----a-w- c:\windows\ALCWZRD.EXE
2011-02-19 06:57:48 278528 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2011-02-19 06:57:48 2170880 ----a-w- c:\windows\MicCal.exe
2011-02-19 06:57:47 831488 ----a-w- c:\windows\RtlExUpd.dll
2011-02-19 06:57:47 57344 ----a-w- c:\windows\ALCMTR.EXE
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 00:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 23:33:08.06 ===============

Attached Files



#5 bouncier

bouncier
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 22 March 2011 - 03:09 AM

Hey guys, you can forget this one. I've moved on. I do want to tell anyone listening, that there is a "should not see me" flash on Windows XP when you are shutting down your system. It will occasionally flash briefly. This is not a virus unless somebody copied the programmer who named the file that we aren't supposed to see and named his virus after it. :)

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:54 AM

Posted 23 March 2011 - 04:22 AM

Hello, please let me know if you still need help with this.

FYI, I see some lines that definitely are malware leftovers in your log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:54 AM

Posted 06 April 2011 - 07:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users