Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91803 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Win32/SillyDI.PXA


  • This topic is locked This topic is locked
2 replies to this topic

#1 blues

blues

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 02 October 2009 - 11:51 PM

did ca anti virus scan and found Win32/SillyDI.PXA. it said it was infected and has been quarantined but not cleaned. I don't know for sure if it is doing anything but the internet had been running slower than normal recently. also currently have a problem with hatching in autocad. root repeal crashed when scaning c drive. is doing anything going to help me at all or is having the Win32/SillyDI.PXA in ca's quarantine enough. DDS (Ver_09-09-29.01) - NTFSx86 Run by Matt at 13:40:49.25 on Sat 03/10/2009 Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.61.1033.18.2047.894 [GMT 10:00] AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Windows\System32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\CNAB3RPK.EXE C:\Windows\system32\agrsmsvc.exe C:\Windows\System32\svchost.exe -k Akamai C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe C:\Program Files\Intel\Intel Media Share Software\IMSSync.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\System Control Manager\edd.exe C:\Program Files\O2Micro Oz128 Driver\o2flash.exe C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\BisonCam\BisonHK.exe C:\Windows\BisonCam\BsMnt.exe C:\Program Files\System Control Manager\MGSysCtrl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Intel\Intel Media Share Software\ViivMonitor.exe C:\Program Files\CA\CA Internet Security Suite\casc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Windows\System32\rundll32.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Windows\ehome\ehmsas.exe C:\Windows\ehome\ehsched.exe C:\Users\Matt\Program Files\DNA\btdna.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\ehome\ehRecvr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavguiscan.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\mobsync.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\explorer.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Matt\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM uDefault_Page_URL = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM mStart Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM mDefault_Page_URL = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog uRun: [Google Update] "c:\users\matt\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [BitTorrent DNA] "c:\users\matt\program files\dna\btdna.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Skytel] Skytel.exe mRun: [BisonHK] c:\windows\bisoncam\BisonHK.exe mRun: [BsMnt] c:\windows\bisoncam\BsMnt.exe mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [<NO NAME>] mRun: [ViivMonitor] c:\program files\intel\intel media share software\ViivMonitor.exe mRun: [cctray] c:\program files\ca\ca internet security suite\casc.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe" mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [VetStart] "c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe" -r mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe" mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini" mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-7.0.0.517\QOELoader.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background StartupFolder: c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\canonl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CNAB3LAK.EXE mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: c:\windows\system32\VetRedir.dll DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-au.cab DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: PFW - UmxWnp.Dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\eiiwzpry.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - plugin: c:\users\matt\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\users\matt\program files\dna\plugins\npbtdna.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2007-4-4 39680] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-4-3 35712] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-8-6 72184] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-7-8 21504] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312] R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-5-6 128240] R2 IMSSync;Intel® Media Share Synch Service;c:\program files\intel\intel media share software\IMSSync.exe [2007-3-11 368640] R2 NishService;SCM Driver Daemon;c:\program files\system control manager\edd.exe [2007-10-14 40960] R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2008-8-8 1141240] R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2008-8-8 797176] R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-5-23 281080] R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-7-30 190976] R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2007-10-14 19456] R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-9-9 222448] S2 gupdate1c9d1d6414d6e9a;Google Update Service (gupdate1c9d1d6414d6e9a);c:\program files\google\update\GoogleUpdate.exe [2009-5-11 133104] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712] =============== Created Last 30 ================ 2009-10-01 15:43 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-10-01 15:43 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-10-01 15:41 <DIR> --d----- c:\program files\iPod 2009-10-01 15:41 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-01 15:41 <DIR> --d----- c:\program files\iTunes 2009-10-01 15:41 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-14 12:39 <DIR> --d----- c:\program files\common files\PX Storage Engine 2009-09-14 12:36 <DIR> --d----- c:\windows\system32\IOSUBSYS 2009-09-10 13:41 897,608 a------- c:\windows\system32\drivers\tcpip.sys 2009-09-10 13:41 104,960 a------- c:\windows\system32\netiohlp.dll 2009-09-10 13:41 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-09-10 13:41 19,968 a------- c:\windows\system32\ARP.EXE 2009-09-10 13:41 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-09-10 13:41 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-09-10 13:41 17,920 a------- c:\windows\system32\netevent.dll 2009-09-10 13:41 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-09-10 13:41 10,240 a------- c:\windows\system32\finger.exe 2009-09-10 13:41 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-09-10 13:39 2,501,921 a------- c:\windows\system32\wlan.tmf 2009-09-10 13:39 513,024 a------- c:\windows\system32\wlansvc.dll 2009-09-10 13:39 302,592 a------- c:\windows\system32\wlansec.dll 2009-09-10 13:39 293,376 a------- c:\windows\system32\wlanmsm.dll 2009-09-10 13:39 127,488 a------- c:\windows\system32\L2SecHC.dll 2009-09-10 13:39 2,868,224 a------- c:\windows\system32\mf.dll 2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx 2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts ==================== Find3M ==================== 2009-10-01 15:31 143,360 a------- c:\windows\inf\infstrng.dat 2009-10-01 15:31 86,016 a------- c:\windows\inf\infstor.dat 2009-10-01 15:31 51,200 a------- c:\windows\inf\infpub.dat 2009-09-16 13:45 207,520 a------- c:\users\matt\appdata\roaming\nvModes.dat 2009-08-28 22:39 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-08-28 22:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 22:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 22:38 541,696 a------- c:\windows\apppatch\AcLayers.dll 2009-08-28 22:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-28 20:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-13 20:05 111,856 a------- c:\windows\system32\isafprod.dll 2009-08-12 19:55 161,008 a------- c:\windows\system32\drivers\vetmonnt.sys 2009-08-12 19:55 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys 2009-08-12 19:55 26,352 a------- c:\windows\system32\drivers\vet-filt.sys 2009-08-12 19:55 21,104 a------- c:\windows\system32\drivers\vet-rec.sys 2009-07-31 15:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-07-22 07:52 915,456 a------- c:\windows\system32\wininet.dll 2009-07-22 07:47 109,056 a------- c:\windows\system32\iesysprep.dll 2009-07-22 07:47 71,680 a------- c:\windows\system32\iesetup.dll 2009-07-22 06:13 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-07-18 00:35 71,680 a------- c:\windows\system32\atl.dll 2009-07-14 23:00 313,344 a------- c:\windows\system32\wmpdxm.dll 2009-07-14 22:59 4,096 a------- c:\windows\system32\dxmasf.dll 2009-07-14 22:58 7,680 a------- c:\windows\system32\spwmp.dll 2009-07-14 20:59 8,147,456 a------- c:\windows\system32\wmploc.DLL 2008-10-03 15:38 174 a--sh--- c:\program files\desktop.ini 2008-10-03 15:28 665,600 a------- c:\windows\inf\drvindex.dat 2006-11-02 22:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 22:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 22:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 22:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2008-09-17 20:11 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2008-09-17 20:11 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2008-09-17 20:11 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat ============= FINISH: 13:42:30.95 ===============

    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 05 October 2009 - 11:46 PM

Hi blues,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

JavaRa ...by: Paul McLain and Fred de Vries

Please download JavaRa (Copyright © 2008 RaProducts.org) and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Print these instructions...you won't have Internet access during this particular phase!
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
  • Copy and paste the contents of the JavaRa log, in your next reply.

Download Rooter.exe to your desktop

  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

Please download gmer.zip from Gmer and save it to your desktop.

  • Right click on gmer.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will start extracting.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Double click on gmer.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the Gmer scan log and post it in your next reply.

Note: Do not run any programs while Gmer is running.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#3 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 11 October 2009 - 10:32 AM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users