[Closed] Win32/Renos.IO

Home Forums Contact

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

register button

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

Closed Topic

Start new topic

[Closed] Win32/Renos.IO, Help

Wooty View Member Profile	Jul 3 2009, 10:04 AM Post #1
New Member Group: New Member Posts: 2 Joined: 3-July 09 Member No.: 86,525 Operating System: Vista	i have seen one another post where someone else was helped i followed the steps here are the findings. if someone could help me that would be great, my windows defenders keeps getting the renos file and i have scanned my computer with eset nod 2 times and it has found nothing Attached File(s) Attach.txt ( 4.96K ) Number of downloads: 310 DDS.txt ( 21.31K ) Number of downloads: 184 Log.malwooty.txt ( 15.96K ) Number of downloads: 180

Wooty View Member Profile	Jul 3 2009, 05:27 PM Post #2
New Member Group: New Member Posts: 2 Joined: 3-July 09 Member No.: 86,525 Operating System: Vista	here is the file from combofix ComboFix 09-07-03.03 - Thomas 04/07/2009 0:07.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3070.2219 [GMT 1:00] Running from: c:\downloads\Combo-Fix.exe AV: ESET Smart Security 4.0 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} SP: ESET Smart Security 4.0 enabled (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Thomas\AppData\Roaming\.# c:\windows\Installer\27bf2.msi c:\windows\Installer\eaf493.msi c:\windows\msa.exe c:\windows\system32\ATIODCLI.exe c:\windows\system32\ATIODE.exe c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job . ((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 ))))))))))))))))))))))))))))))) . 2009-07-03 23:16 . 2009-07-03 23:16 -------- d-----w- c:\users\Thomas\AppData\Local\temp 2009-07-02 18:00 . 2009-07-02 18:00 348160 ----a-w- c:\users\Thomas\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_3440\msvcr71.dll 2009-07-02 17:59 . 2009-07-02 17:59 8212480 ----a-w- c:\users\Thomas\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_3440\fml.exe 2009-07-02 17:32 . 2009-07-02 17:32 -------- d-----w- c:\program files\Ubisoft 2009-06-30 13:52 . 2009-06-30 13:52 -------- d-----w- c:\users\Thomas\AppData\Roaming\fml_live_v1 2009-06-30 13:42 . 2009-06-30 13:42 348160 ----a-w- c:\users\Thomas\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_3436\msvcr71.dll 2009-06-30 13:42 . 2009-06-30 13:42 8212480 ----a-w- c:\users\Thomas\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_3436\fml.exe 2009-06-29 14:42 . 2009-07-03 22:10 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-06-29 14:42 . 2009-06-29 14:42 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2009-06-29 14:39 . 2009-07-03 22:24 -------- d-----w- c:\program files\Anno 1701 2009-06-28 20:13 . 2009-06-28 20:13 -------- d-----w- c:\program files\uTorrent 2009-06-28 20:12 . 2009-07-03 11:35 -------- d-----w- c:\users\Thomas\AppData\Roaming\uTorrent 2009-06-27 12:25 . 2009-06-27 12:35 -------- d-----w- c:\program files\Overlord II 2009-06-27 11:07 . 2009-06-27 11:07 -------- d-----w- c:\programdata\ATI 2009-06-27 10:59 . 2009-06-27 10:59 10134 ----a-r- c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{7113847B-EC8E-C244-66B0-C8C98A855525}\ARPPRODUCTICON.exe 2009-06-27 10:58 . 2009-06-27 10:58 -------- d-----w- C:\ATI 2009-06-27 10:53 . 2009-06-27 10:53 -------- d-----w- c:\users\Thomas\AppData\Roaming\ATI 2009-06-27 10:53 . 2009-06-27 10:53 -------- d-----w- c:\users\Thomas\AppData\Local\ATI 2009-06-27 10:46 . 2009-06-27 10:46 9158 ----a-r- c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe 2009-06-27 10:46 . 2009-06-27 10:46 -------- d-----w- c:\program files\Common Files\ATI Technologies 2009-06-27 10:46 . 2009-06-27 10:46 0 ----a-w- c:\windows\ativpsrm.bin 2009-06-27 10:46 . 2008-07-08 13:37 3107788 ----a-w- c:\windows\system32\atiumdva.dat 2009-06-27 10:45 . 2009-06-27 11:47 -------- d-----w- c:\program files\ATI 2009-06-27 10:45 . 2009-06-27 11:02 -------- d-----w- c:\program files\ATI Technologies 2009-06-25 21:31 . 2009-06-25 21:31 -------- d-----w- c:\windows\system32\ca-ES 2009-06-25 21:31 . 2009-06-25 21:31 -------- d-----w- c:\windows\system32\eu-ES 2009-06-25 21:31 . 2009-06-25 21:31 -------- d-----w- c:\windows\system32\vi-VN 2009-06-25 21:20 . 2009-06-25 21:20 -------- d-----w- c:\windows\system32\EventProviders 2009-06-25 21:17 . 2009-04-11 06:32 180712 ----a-w- c:\windows\system32\drivers\msiscsi.sys 2009-06-25 09:23 . 2009-06-25 09:25 -------- d-----w- c:\users\Thomas\AppData\Local\Microsoft Games 2009-06-23 21:50 . 2009-06-24 18:24 -------- d-----w- c:\users\Thomas\AppData\Roaming\My Games 2009-06-21 15:13 . 2009-06-21 15:13 -------- d-----w- c:\users\Thomas\AppData\Roaming\The Creative Assembly 2009-06-19 13:53 . 2009-06-19 13:53 -------- d-----w- c:\program files\PowerISO 2009-06-18 17:55 . 2009-06-18 17:55 -------- d-----w- c:\program files\Atari 2009-06-15 19:18 . 2009-06-27 20:56 -------- d-----w- c:\users\Thomas\AppData\Local\My Games 2009-06-15 18:25 . 2009-06-27 09:27 -------- d-----w- c:\users\Thomas\AppData\Roaming\Firaxis Games 2009-06-15 09:38 . 2009-06-15 09:38 -------- d-----w- c:\users\Thomas\AppData\Roaming\Nero 2009-06-15 09:38 . 2009-06-15 09:38 -------- d-----w- c:\users\Thomas\AppData\Local\Xenocode 2009-06-13 18:15 . 2009-06-13 18:15 -------- d-----w- c:\program files\AC3Filter 2009-06-12 08:06 . 2009-06-12 08:06 -------- d-sh--w- c:\windows\ftpcache 2009-06-11 18:31 . 2009-06-11 18:31 -------- d-----w- c:\program files\netloader.in 2009-06-08 20:52 . 2009-06-13 16:32 -------- d-----w- c:\users\Thomas\AppData\Roaming\DivX 2009-06-08 20:51 . 2009-06-08 20:51 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-06-08 20:51 . 2009-06-08 20:52 -------- d-----w- c:\program files\DivX 2009-06-08 20:51 . 2009-06-08 20:51 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-06-08 18:49 . 2009-06-08 18:49 -------- d-----w- c:\windows\Thomson.0000 2009-06-07 23:08 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin 2009-06-07 21:01 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll 2009-06-07 21:01 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll 2009-06-07 21:01 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll 2009-06-07 21:01 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2009-06-07 21:01 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2009-06-07 21:01 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2009-06-07 20:46 . 2009-06-07 20:46 -------- d-----w- C:\PerfLogs 2009-06-07 20:03 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll 2009-06-07 19:59 . 2009-06-07 19:59 -------- d-----w- c:\users\Thomas\AppData\Roaming\InstallShield 2009-06-07 18:58 . 2009-06-07 21:09 -------- d-----w- c:\programdata\Media Center Programs 2009-06-07 12:42 . 2009-06-07 12:42 -------- d-----w- c:\programdata\DAEMON Tools Lite 2009-06-07 12:41 . 2009-06-07 12:41 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-06-07 12:41 . 2009-06-07 12:41 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-06-07 12:31 . 2009-06-07 12:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-06-07 12:31 . 2009-06-07 12:43 -------- d-----w- c:\users\Thomas\AppData\Roaming\DAEMON Tools Lite 2009-06-07 12:28 . 2009-06-07 12:29 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2009-06-07 12:28 . 2009-06-07 12:28 -------- d-----w- c:\windows\system32\xlive 2009-06-07 12:23 . 2009-06-07 12:48 -------- d-----w- c:\users\Thomas\AppData\Local\Fallout3 2009-06-07 09:40 . 2009-07-03 23:02 -------- d-----w- C:\Downloads 2009-06-07 09:38 . 2009-07-03 23:02 -------- d-----w- c:\users\Thomas\AppData\Roaming\Orbit 2009-06-07 09:38 . 2009-06-07 09:38 -------- d-----w- c:\program files\Orbitdownloader 2009-06-07 08:46 . 2008-01-19 07:29 705536 ----a-w- c:\windows\system32\imagesp1.dll 2009-06-07 08:46 . 2008-01-19 07:36 116736 ----a-w- c:\windows\system32\sstpsvc.dll 2009-06-07 08:46 . 2008-01-19 07:36 175104 ----a-w- c:\windows\system32\winrscmd.dll 2009-06-07 08:44 . 2008-01-19 07:42 52792 ----a-w- c:\windows\system32\drivers\volmgr.sys 2009-06-07 08:43 . 2008-01-19 07:34 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll 2009-06-07 08:43 . 2008-01-19 07:36 357888 ----a-w- c:\windows\system32\wbemcomn.dll 2009-06-07 08:43 . 2008-01-19 07:36 129536 ----a-w- c:\windows\system32\sqmapi.dll 2009-06-07 08:43 . 2008-01-19 07:36 139264 ----a-w- c:\windows\system32\SmiInstaller.dll 2009-06-07 08:43 . 2008-01-19 07:35 35328 ----a-w- c:\windows\system32\mspatcha.dll 2009-06-07 08:43 . 2008-01-19 07:34 305152 ----a-w- c:\windows\system32\msdelta.dll 2009-06-07 08:43 . 2008-01-19 07:34 258560 ----a-w- c:\windows\system32\dpx.dll 2009-06-06 21:01 . 2009-06-17 21:44 -------- d-----w- c:\users\Thomas\AppData\Roaming\Apple Computer 2009-06-06 21:01 . 2009-06-13 16:34 -------- d-----w- c:\users\Thomas\AppData\Local\Apple Computer 2009-06-06 18:52 . 2009-06-06 18:52 -------- d-----w- c:\users\Thomas\AppData\Local\Blizzard Entertainment 2009-06-06 15:54 . 2009-06-06 15:54 -------- d-----w- c:\program files\SopCast 2009-06-06 14:39 . 2009-06-06 14:39 -------- d-----w- c:\program files\ReflexiveArcade 2009-06-06 14:32 . 2009-06-06 14:32 -------- d-----w- c:\users\Thomas\AppData\Local\ESET 2009-06-06 11:59 . 2009-07-02 17:25 -------- d-----w- c:\program files\Common Files\Steam 2009-06-06 11:59 . 2009-07-03 18:04 -------- d-----w- c:\program files\Steam 2009-06-06 10:12 . 2009-06-06 10:12 -------- d-----w- c:\program files\ESET 2009-06-06 09:51 . 2009-06-06 09:51 61440 ----a-w- c:\windows\system32\winipsec.dll 2009-06-06 09:51 . 2009-06-06 09:51 272896 ----a-w- c:\windows\system32\polstore.dll 2009-06-06 09:43 . 2009-06-06 09:43 2048 ----a-w- c:\windows\system32\msxml3r.dll 2009-06-06 09:37 . 2006-11-02 09:46 8704 ----a-w- c:\windows\system32\hccoin.dll 2009-06-06 09:34 . 2009-06-06 09:34 6656 ----a-w- c:\windows\system32\kbd106n.dll 2009-06-06 09:32 . 2009-06-06 09:32 9728 ----a-w- c:\windows\system32\lsass.exe 2009-06-06 09:30 . 2009-06-06 09:30 37888 ----a-w- c:\windows\system32\printcom.dll 2009-06-06 09:30 . 2009-06-06 09:30 14848 ----a-w- c:\windows\system32\wshrm.dll 2009-06-06 09:28 . 2009-06-06 09:28 84480 ----a-w- c:\windows\system32\INETRES.dll 2009-06-06 09:25 . 2009-06-06 09:25 2048 ----a-w- c:\windows\system32\msxml6r.dll 2009-06-06 09:16 . 2009-06-06 09:16 -------- d-----w- c:\program files\Intel 2009-06-06 09:16 . 2008-05-01 15:35 53248 ----a-w- c:\windows\system32\CSVer.dll 2009-06-06 09:16 . 2009-06-06 09:16 -------- d-----w- C:\Intel 2009-06-05 21:41 . 2009-06-05 22:11 -------- d-----w- c:\users\Public\Games 2009-06-05 21:40 . 2009-06-05 21:40 -------- d-----w- c:\programdata\Blizzard 2009-06-05 21:00 . 2009-06-05 21:09 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-06-05 19:46 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2009-06-05 19:21 . 2009-06-07 21:44 -------- d-----w- C:\Warhammer Online - Age of Reckoning 2009-06-05 19:10 . 2009-07-02 17:59 348160 ----a-w- c:\users\Thomas\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\msvcr71.dll 2009-06-05 19:10 . 2009-07-02 17:59 1073152 ----a-w- c:\users\Thomas\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\fml_launcher.exe 2009-06-05 19:08 . 2009-06-05 19:08 -------- d-----w- c:\users\Thomas\AppData\Roaming\Sports Interactive 2009-06-05 19:08 . 2009-06-05 19:08 -------- d-----w- c:\program files\Sports Interactive 2009-06-05 19:05 . 2009-06-05 19:05 51224 ----a-w- c:\windows\system32\wuauclt.exe 2009-06-05 19:05 . 2009-06-05 19:05 43544 ----a-w- c:\windows\system32\wups2.dll 2009-06-05 19:05 . 2009-06-05 19:05 1524736 ----a-w- c:\windows\system32\wucltux.dll 2009-06-05 19:05 . 2009-06-05 19:05 1809944 ----a-w- c:\windows\system32\wuaueng.dll 2009-06-05 19:05 . 2009-06-05 19:05 83456 ----a-w- c:\windows\system32\wudriver.dll 2009-06-05 19:05 . 2009-06-05 19:05 561688 ----a-w- c:\windows\system32\wuapi.dll 2009-06-05 19:05 . 2009-06-05 19:05 34328 ----a-w- c:\windows\system32\wups.dll 2009-06-05 19:04 . 2009-06-05 19:04 31232 ----a-w- c:\windows\system32\wuapp.exe 2009-06-05 19:04 . 2009-06-05 19:04 162064 ----a-w- c:\windows\system32\wuwebv.dll 2009-06-05 18:47 . 2008-06-30 17:28 47616 ----a-w- c:\windows\system32\drivers\L1E60x86.sys 2009-06-05 18:47 . 2009-06-05 18:47 -------- d-----w- c:\windows\system32\Atheros_L1e 2009-06-05 18:47 . 2009-07-03 22:10 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-05 18:46 . 2006-10-18 05:44 7680 ----a-w- c:\windows\system32\drivers\ASACPI.sys 2009-06-05 18:46 . 2007-12-28 07:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS 2009-06-05 18:11 . 2009-06-27 13:09 -------- d-----w- c:\program files\SpeedFan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-27 10:44 . 2009-06-05 17:49 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-27 10:42 . 2009-06-05 18:45 1356 ----a-w- c:\users\Thomas\AppData\Local\d3d9caps.dat 2009-06-27 09:20 . 2009-06-05 18:05 31966 ----a-w- c:\programdata\nvModes.dat 2009-06-25 21:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar 2009-06-25 21:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-06-25 21:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar 2009-06-25 21:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery 2009-06-25 21:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration 2009-06-25 21:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender 2009-06-25 21:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-06-09 09:05 . 2009-06-09 09:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-06-08 19:01 . 2009-06-08 19:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-06-07 20:38 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2009-06-07 20:38 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2009-06-07 08:34 . 2009-06-06 19:22 -------- d-----w- c:\programdata\Apple 2009-06-06 21:01 . 2009-06-06 21:01 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-06 21:01 . 2009-06-06 21:01 -------- d-----w- c:\program files\iTunes 2009-06-06 21:01 . 2009-06-06 21:01 -------- d-----w- c:\program files\iPod 2009-06-06 21:01 . 2009-06-06 19:22 -------- d-----w- c:\program files\Common Files\Apple 2009-06-06 21:01 . 2009-06-06 19:24 -------- d-----w- c:\programdata\Apple Computer 2009-06-06 19:24 . 2009-06-06 19:24 -------- d-----w- c:\program files\Bonjour 2009-06-06 19:24 . 2009-06-06 19:24 -------- d-----w- c:\program files\QuickTime 2009-06-06 19:23 . 2009-06-06 19:23 -------- d-----w- c:\program files\Apple Software Update 2009-06-05 18:45 . 2009-06-05 18:45 48600 ----a-w- c:\users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-05 17:49 . 2009-06-05 17:49 319456 ----a-w- c:\windows\DIFxAPI.dll 2009-06-05 17:49 . 2009-06-05 17:49 -------- d-----w- c:\program files\Realtek 2009-06-05 17:49 . 2009-06-05 17:49 315392 ----a-w- c:\windows\HideWin.exe 2009-05-30 11:50 . 2009-05-30 11:50 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-05-29 12:36 . 2009-05-29 12:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-05-29 12:36 . 2009-05-29 12:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-05-16 04:01 . 2009-05-16 04:01 4933632 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2009-05-16 03:24 . 2009-05-16 03:24 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2009-05-16 03:24 . 2009-05-16 03:24 335872 ----a-w- c:\windows\system32\atieclxx.exe 2009-05-16 03:23 . 2009-05-16 03:23 176128 ----a-w- c:\windows\system32\atiesrxx.exe 2009-05-16 03:22 . 2008-07-08 14:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2009-05-16 03:22 . 2008-07-08 14:09 356352 ----a-w- c:\windows\system32\atipdlxx.dll 2009-05-16 03:22 . 2009-05-16 03:22 278528 ----a-w- c:\windows\system32\Oemdspif.dll 2009-05-16 03:22 . 2009-05-16 03:22 11776 ----a-w- c:\windows\system32\atimuixx.dll 2009-05-16 03:22 . 2008-07-08 14:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2009-05-16 03:19 . 2009-05-16 03:19 2411008 ----a-w- c:\windows\system32\atidxx32.dll 2009-05-16 03:08 . 2008-07-08 13:55 3064832 ----a-w- c:\windows\system32\atiumdag.dll 2009-05-16 02:53 . 2008-07-08 13:38 2847744 ----a-w- c:\windows\system32\atiumdva.dll 2009-05-16 02:42 . 2009-05-16 02:42 51712 ----a-w- c:\windows\system32\atimpc32.dll 2009-05-16 02:42 . 2009-05-16 02:42 51712 ----a-w- c:\windows\system32\amdpcom32.dll 2009-05-16 02:41 . 2009-05-16 02:41 172032 ----a-w- c:\windows\system32\atiadlxx.dll 2009-05-16 02:40 . 2009-05-16 02:40 11376640 ----a-w- c:\windows\system32\atioglxx.dll 2009-05-16 02:27 . 2009-05-16 02:27 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2009-05-16 02:00 . 2009-05-16 02:00 53248 ----a-w- c:\windows\system32\aticalrt.dll 2009-05-16 02:00 . 2009-05-16 02:00 53248 ----a-w- c:\windows\system32\aticalcl.dll 2009-05-16 01:59 . 2009-05-16 01:59 3174400 ----a-w- c:\windows\system32\aticaldd.dll 2009-05-14 14:49 . 2009-05-14 14:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys 2009-05-14 14:49 . 2009-05-14 14:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys 2009-05-14 14:49 . 2009-05-14 14:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys 2009-05-14 14:47 . 2009-05-14 14:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-05-14 14:41 . 2009-05-14 14:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-05-09 05:50 . 2009-06-09 19:21 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-09 05:34 . 2009-06-09 19:21 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-05-05 19:33 . 2009-05-05 19:33 118784 ----a-w- c:\windows\system32\atibtmon.exe 2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-30 23:08 . 2009-04-30 23:08 1505824 ----a-w- c:\windows\system32\nvcpluir.dll 2009-04-30 23:08 . 2009-04-30 23:08 1194528 ----a-w- c:\windows\system32\nvcplui.exe 2009-04-30 23:08 . 2009-04-30 23:08 1358368 ----a-w- c:\windows\system32\nvsvsr.dll 2009-04-30 23:08 . 2009-04-30 23:08 1292832 ----a-w- c:\windows\system32\nvsvs.dll 2009-04-30 21:02 . 2009-04-30 21:02 9850016 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2009-04-30 21:02 . 2009-04-30 21:02 983552 ----a-w- c:\windows\system32\nvapi.dll 2009-04-30 21:02 . 2009-04-30 21:02 795104 ----a-w- c:\windows\system32\dpinst.exe 2009-04-30 21:02 . 2009-04-30 21:02 7593472 ----a-w- c:\windows\system32\nvd3dum.dll 2009-04-30 21:02 . 2009-04-30 21:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll 2009-04-30 21:02 . 2009-04-30 21:02 457248 ----a-w- c:\windows\system32\nvudisp.exe 2009-04-30 21:02 . 2009-04-30 21:02 3128320 ----a-w- c:\windows\system32\nvwgf2um.dll 2009-04-30 21:02 . 2009-04-30 21:02 1704960 ----a-w- c:\windows\system32\nvcuda.dll 2009-04-30 21:02 . 2009-04-30 21:02 143360 ----a-w- c:\windows\system32\nvcod146.dll 2009-04-30 21:02 . 2009-04-30 21:02 143360 ----a-w- c:\windows\system32\nvcod.dll 2009-04-30 21:02 . 2009-04-30 21:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-04-30 21:02 . 2009-04-30 21:02 10366976 ----a-w- c:\windows\system32\nvoglv32.dll 2009-04-24 05:43 . 2009-04-24 05:43 95544 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys 2009-04-23 19:04 . 2009-04-23 19:04 189051 ----a-w- c:\windows\system32\atiicdxx.dat 2009-04-23 12:15 . 2009-06-09 19:21 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:14 . 2009-06-09 19:21 623616 ----a-w- c:\windows\system32\localspl.dll 2009-04-21 23:20 . 2009-04-21 23:20 14311680 ----a-w- c:\windows\system32\xlive.dll 2009-04-21 23:20 . 2009-04-21 23:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll 2009-04-21 11:39 . 2009-06-09 19:21 2034688 ----a-w- c:\windows\system32\win32k.sys 2009-04-11 06:33 . 2009-06-25 21:18 986600 ----a-w- c:\windows\system32\winload.exe 2009-04-11 06:33 . 2009-06-25 21:18 926184 ----a-w- c:\windows\system32\winresume.exe 2009-04-11 06:33 . 2009-06-25 21:17 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys 2009-04-11 06:33 . 2009-06-25 21:18 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-04-11 06:33 . 2009-06-25 21:18 614376 ----a-w- c:\windows\system32\ci.dll 2009-04-11 06:28 . 2009-06-25 21:18 56320 ----a-w- c:\windows\system32\xmlfilter.dll 2009-04-11 06:27 . 2009-06-25 21:18 441344 ----a-w- c:\windows\system32\SearchIndexer.exe 2009-04-11 06:22 . 2009-06-25 21:17 7168 ----a-w- c:\windows\system32\f3ahvoas.dll 2009-04-11 06:21 . 2009-06-25 21:17 37376 ----a-w- c:\windows\system32\cdd.dll 2009-04-11 05:42 . 2009-06-25 21:17 93696 ----a-w- c:\windows\system32\drivers\bridge.sys 2009-04-11 05:03 . 2009-06-25 21:18 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2009-04-11 05:03 . 2009-06-25 21:18 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell] @="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" [HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}] 2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2009-06-10 1217784] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-06-13 6183456] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "BindDirectlyToPropertySetStorage"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:24,63,c8,1b,dd,f5,c9,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{9C7AE463-8DDA-47B5-976B-4D8B2C6CCCA9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{78456E9F-0F5D-4FAB-8DD6-DEB34FF8D7DF}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{D74C466E-2B7C-47E2-AF31-4958181D0F47}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{B236ED80-3619-4ACF-A4F7-B0CEC147B460}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{C4DD8DFE-9F7A-4534-97D1-EAB646E4CBEB}"= UDP:c:\program files\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet "{312B763A-474F-4754-B6BD-DEAB6D0B6A25}"= TCP:c:\program files\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet "{E93C8958-588E-476C-9A73-E983EF6A01BC}"= UDP:c:\program files\Steam\steamapps\common\fallout 3\FalloutLauncher.exe:Fallout 3 "{394A5436-C0BD-4CE4-98D4-BBBD4DDE80F3}"= TCP:c:\program files\Steam\steamapps\common\fallout 3\FalloutLauncher.exe:Fallout 3 "{85263136-7580-410E-8F52-67E0A464BA41}"= UDP:c:\program files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe:Sid Meier's Civilization IV "{C9135D52-7D2F-46D9-9ECE-AF4A0A98FA8B}"= TCP:c:\program files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe:Sid Meier's Civilization IV "{1CE61E88-3AE7-45AE-AC34-87594AEACC7A}"= UDP:c:\program files\Steam\steamapps\common\civilization iv colonization\Colonization.exe:Sid Meier's Civilization IV: Colonization "{2F850B8F-A37C-4F4D-BE81-CDD8A9F78EDC}"= TCP:c:\program files\Steam\steamapps\common\civilization iv colonization\Colonization.exe:Sid Meier's Civilization IV: Colonization "{CC3353D7-D0D5-47B7-8708-529F1C8FDBC9}"= UDP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords.exe:Sid Meier's Civilization IV: Warlords "{C236CED1-0938-41A0-BCFD-1ED296C2BA85}"= TCP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords.exe:Sid Meier's Civilization IV: Warlords "{5CC8FBC7-8E04-4B9B-93E4-E76200BBFF64}"= UDP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization IV: Warlords "{FBF6C28B-C91E-4281-82DA-95EA9AD926BA}"= TCP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization IV: Warlords "{E9FA9DCE-D057-4602-A36D-71CB8366E933}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{51E17B4B-F945-4B98-AF04-43E5C80CBAA1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{6D66657E-B14F-46C9-8C07-3206992D7CBC}"= UDP:c:\program files\Steam\steamapps\common\empire total war\Empire.exe:Empire: Total War "{648A74A9-7B5F-4FBF-830E-09B27D2EB9EC}"= TCP:c:\program files\Steam\steamapps\common\empire total war\Empire.exe:Empire: Total War "{B573C5D2-A83D-4E14-8780-A13F8790E79D}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor "{3DE13B76-2477-4FE7-B507-9742919D5F4F}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe::Enabled:Orbit "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe::Enabled:Orbit R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14/05/2009 15:47 107256] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16/05/2009 04:23 176128] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14/05/2009 15:47 731840] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [24/04/2009 06:43 95544] R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [05/06/2009 19:47 47616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\u89j7ebc.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-04 00:16 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-07-03 0:17 ComboFix-quarantined-files.txt 2009-07-03 23:17 Pre-Run: 158,189,191,168 bytes free Post-Run: 160,890,699,776 bytes free 351 --- E O F --- 2009-07-02 14:32

Tomk View Member Profile	Jul 7 2009, 12:26 PM Post #3
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,284 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Hi Wooty, My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. uTorrent You have uTorrent, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/commun...protection.mspx http://www.techweb.com/wire/160500554 [url=http://www.internetworldstats.com/articles/art053.htm]http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. If you wish to keep it, please do not use it until your computer is cleaned. Download Rooter.exe to your desktop Then doubleclick it to start the tool A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here Download TFC to your desktop Close any open windows. Double click the TFC icon to run the program TFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted. The program should not take long to finish it's job Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean Then Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it). Also "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.

Tomk View Member Profile	Jul 13 2009, 10:13 PM Post #4
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,284 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

« Next Oldest · Infections Removal · Next Newest »

Closed Topic

Start new topic

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies	Topic Starter	Views	Last Action
		Infections Removal [Closed] Kaspersky Log	2	ArtemusGordon	56	Today, 09:41 AM Last post by: LDTate
		Infections Removal [Closed] hijack this logfile	5	livewiredrinker	71	Today, 09:23 AM Last post by: SweetTech
		Infections Removal WIN32 Infection - I think	1	KristyK	39	Today, 09:23 AM Last post by: CatByte
		Infections Removal recurring Win32.kstp trojan, may be rootkit? 12	15	JoHawk	255	Yesterday, 07:19 PM Last post by: JoHawk

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 16th March 2010 - 11:19 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy

Powered By IP.Board © 2010 IPS, Inc.