Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef RTK infection


  • Please log in to reply
2 replies to this topic

#1 blade80holo

blade80holo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 04 March 2012 - 09:16 AM

Dear Experts,

I am on a x64 Windows 7 machine. I have a serious infection of Sirefef-OH RTK. consrv.dll keeps popping up in the registry and Windows\System32. Also Windows\Assembly\GAC_32\Desktop.ini and Windows\Assembly\GAC_64 keep getting infected. Also Windows\Assembly\Temp has bad files. The dropper is in one of the Network services.
Thanks for any help you can provide.

Pasted dds log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Administrator at 15:13:15 on 2012-03-04
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.36.1033.18.16297.13181 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\totalcmd\TOTALCMD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1770433N05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xportálás a Microsoft Excel programba - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: mswsock.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 84.2.44.1 84.2.46.1
TCP: Interfaces\{3055DEEC-78F4-4220-83E7-7973B11EBB2B} : DhcpNameServer = 84.2.44.1 84.2.46.1
TCP: Interfaces\{4FF1D68C-DC62-4140-B11A-623CF1ED9B0C} : DhcpNameServer = 84.2.44.1 84.2.46.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\h1desbiv.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-3-4 402336]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-3-4 1117624]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-10 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys --> C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService --> C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2011-4-24 25728]
S3 AVerA706_x64;AVerMedia A706 BDA Service;C:\Windows\system32\DRIVERS\AVerA706_x64.sys --> C:\Windows\system32\DRIVERS\AVerA706_x64.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-10 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-10 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 qcusbser;ZTE USB Device for Legacy Serial Communication;C:\Windows\system32\DRIVERS\hwusbser02.sys --> C:\Windows\system32\DRIVERS\hwusbser02.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
.
=============== Created Last 30 ================
.
2012-03-04 12:44:50 2246608 ----a-w- C:\Windows\PCTBDCore.dll
2012-03-04 12:44:38 339608 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-03-04 12:44:38 145432 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-03-04 12:44:36 14776 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2012-03-04 12:44:34 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-03-04 12:43:10 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-03-04 12:43:10 1096688 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-03-04 12:43:08 367912 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-03-04 12:29:59 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-04 12:21:15 -------- d-----w- C:\cf
2012-03-03 23:05:42 98816 ----a-w- C:\Windows\sed.exe
2012-03-03 23:05:42 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-03 23:05:42 256000 ----a-w- C:\Windows\PEV.exe
2012-03-03 23:05:42 208896 ----a-w- C:\Windows\MBR.exe
2012-03-03 22:14:57 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
2012-03-03 22:14:26 -------- d-----w- C:\ProgramData\AVAST Software
2012-03-03 22:14:26 -------- d-----w- C:\Program Files\AVAST Software
2012-03-03 22:01:22 -------- d-----w- C:\ProgramData\CPA_VA
2012-03-03 21:56:23 409600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Kaspersky Rescue2Usb\rescue2usb.exe
2012-03-03 21:56:23 28160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Kaspersky Rescue2Usb\syslinux.exe
2012-03-03 21:56:23 237849 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Kaspersky Rescue2Usb\grub.exe
2012-03-03 21:53:45 -------- d-----w- C:\ProgramData\Comodo
2012-03-03 21:53:42 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-03-03 21:46:47 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-03-03 21:45:20 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-03-03 21:45:20 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-03-03 21:44:59 -------- d-----w- C:\Users\Administrator\AppData\Roaming\TestApp
2012-03-03 21:44:59 -------- d-----w- C:\ProgramData\PC Tools
2012-03-03 20:54:18 -------- d-----w- C:\Program Files\HitmanPro
2012-03-03 20:54:12 -------- d-----w- C:\ProgramData\HitmanPro
2012-03-03 20:34:53 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-03-03 20:34:44 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-03 19:02:46 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-03 18:57:04 388096 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-03 18:57:04 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-03-03 18:35:26 -------- d-----w- C:\Users\Administrator\AppData\Roaming\PCPro
2012-03-03 18:35:26 -------- d-----w- C:\Users\Administrator\AppData\Roaming\PC Cleaners
2012-03-03 18:35:24 5276432 ----a-w- C:\Windows\uninst.exe
2012-03-03 18:35:22 -------- d-----w- C:\ProgramData\PC1Data
2012-03-03 11:33:35 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-02-27 16:19:38 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-02-27 16:19:35 462672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-15 07:39:56 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 07:39:56 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-14 20:20:33 -------- d-----w- C:\ProgramData\EA Logs
2012-02-14 19:05:38 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-02-14 19:05:37 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Origin
2012-02-13 20:15:37 -------- d-----w- C:\Users\Administrator\AppData\Roaming\DarknessII
2012-02-08 21:39:59 -------- d-----w- C:\Users\Administrator\AppData\Roaming\DarknessIIDemo
2012-02-05 14:53:42 -------- d-----w- C:\Users\Administrator\AppData\Local\BigHugeEngine
2012-02-05 14:30:37 -------- d-----w- C:\ProgramData\Origin
2012-02-03 15:51:04 -------- d-----w- C:\85f3735bc42db8ac83079fc1ebcc
2012-02-03 15:45:25 -------- d-----w- C:\Users\Administrator\AppData\Roaming\cYo
2012-02-03 15:45:25 -------- d-----w- C:\Users\Administrator\AppData\Local\cYo
2012-02-03 15:41:10 -------- d-----w- C:\Program Files\ComicRack
.
==================== Find3M ====================
.
2012-03-03 21:50:21 451347 ----a-w- C:\DUMP4920.tmp
2012-02-18 07:48:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-19 18:58:57 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 01:16:13 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-12-10 01:16:07 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-12-10 01:16:07 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-12-10 01:16:07 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-12-10 01:16:07 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-12-06 03:45:40 10720256 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-12-06 03:18:38 25371136 ----a-w- C:\Windows\System32\atio6axx.dll
2011-12-06 03:17:50 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-12-06 03:17:36 778752 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-12-06 03:16:00 933888 ----a-w- C:\Windows\System32\aticfx64.dll
2011-12-06 03:12:52 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-12-06 03:12:36 494080 ----a-w- C:\Windows\System32\atieclxx.exe
2011-12-06 03:11:56 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-12-06 03:10:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-12-06 03:10:20 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-12-06 03:10:12 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-12-06 03:10:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-12-06 03:09:56 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-12-06 03:09:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-12-06 03:09:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-12-06 03:06:38 6159872 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-12-06 02:56:40 19125760 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-12-06 02:51:22 7520768 ----a-w- C:\Windows\System32\atidxx64.dll
2011-12-06 02:39:58 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-12-06 02:39:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-12-06 02:39:12 4072960 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-12-06 02:34:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-12-06 02:34:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-12-06 02:34:16 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-12-06 02:34:14 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-12-06 02:34:00 13738496 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-12-06 02:33:36 5919232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-12-06 02:29:30 11484672 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-12-06 02:28:50 4206592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-12-06 02:24:02 7511040 ----a-w- C:\Windows\System32\atiumd64.dll
2011-12-06 02:18:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-12-06 02:13:02 509952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-12-06 02:12:52 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-12-06 02:12:38 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-12-06 02:12:34 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-12-06 02:12:34 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-12-06 02:12:30 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-12-06 02:12:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-12-06 02:12:14 327168 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-12-06 02:11:24 42496 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-12-06 02:11:16 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-12-06 02:11:10 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-12-06 02:11:02 29696 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-12-06 02:10:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-12-05 21:04:06 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-12-05 21:04:00 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-12-05 21:03:54 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-12-05 21:03:52 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-12-05 21:03:42 17580544 ----a-w- C:\Windows\System32\amdocl64.dll
2011-12-05 21:03:04 14499328 ----a-w- C:\Windows\SysWow64\amdocl.dll
.
============= FINISH: 15:13:30,31 ===============


Best regards,
Blade80holo

BC AdBot (Login to Remove)

 


#2 blade80holo

blade80holo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 04 March 2012 - 06:34 PM

Dear Experts,

I reinstalled, please close the thread, thank you for your time.

Best regards,
Blade80holo

#3 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:08:34 PM

Posted 05 March 2012 - 09:06 AM

Thanks for letting us know.

Good luck,blade80holo!

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users