Jump to content


Photo

DJCamouflage

Started by DJCamouflage , Jul 26 2009 01:48 AM

  • This topic is locked This topic is locked
2 replies to this topic

#1 DJCamouflage

DJCamouflage

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 26 July 2009 - 01:48 AM

sorry to hijack the thread but it had yet to be replied to in a month I have a very similar infection and thought you may be able to help me. i've included the dds log and zipped attach file. Thanks in advance


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:18 AM, on 26/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Camo\LOCALS~1\Temp\Rar$EX00.109\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Camo\Desktop\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe"
O4 - HKCU\..\Run: [Steam] "f:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.beatport.com
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1179460581591
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5170 bytes






DDS (Ver_09-06-26.01) - NTFSx86 MINIMAL
Run by Camo at 10:31:42.40 on Sun 26/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2047.1741 [GMT 10:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Camo\LOCALS~1\Temp\Rar$EX00.109\HijackThis.exe
G:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [BlazeServoTool] "c:\program files\blazevideo\blazedtv 2.5a\MediaDetector.exe"
uRun: [Steam] "f:\games\steam\steam.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [muBlinder] c:\documents and settings\camo\desktop\mublinder\muBlinder.exe -startup
StartupFolder: c:\docume~1\camo\startm~1\programs\startup\my_aut~1.lnk - c:\program files\warkeys\autowarkey\autohotkey\AutoHotkey.exe
StartupFolder: c:\docume~1\camo\startm~1\programs\startup\warkey~1.lnk - c:\program files\warkeys\autowarkey\autohotkey\AutoHotkey.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\corece~1.lnk - c:\program files\msi\core center\CoreCenter.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\digicell.lnk - c:\program files\msi\digicell\DigiCell.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: beatport.com
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179460581591
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {38101905-d80f-4788-96f6-986a8186178a} - c:\windows\system32\flashd32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\camo\applic~1\mozilla\firefox\profiles\1ptthm2q.default\
FF - component: c:\program files\mozilla firefox\components\WWShow.dll
FF - plugin: c:\documents and settings\camo\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
S1 676b026c;676b026c;c:\windows\system32\drivers\676b026c.sys --> c:\windows\system32\drivers\676b026c.sys [?]
S1 zlwexmnbrmtu7;zlwexmnbrmtu7.sys;c:\windows\system32\drivers\zlwexmnbrmtu7.sys --> c:\windows\system32\drivers\zlwexmnbrmtu7.sys [?]
S2 csiscanner;CSIScanner; [x]
S2 sfx;sfx;c:\windows\system32\SvchoSt.ExE -k sfx [2001-8-23 34816]
S3 DigiCellDriver;DigiCellDriver;c:\program files\msi\digicell\NTGLM7X.sys [2005-9-5 26112]
S3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\EC168BDA.sys [2009-6-14 107264]
S3 nakb;nakb;f:\business2\nakb.sys [2008-1-9 29184]
S3 nenum13E;nenum13E;\??\c:\docume~1\camo\locals~1\temp\nenum13e.sys --> c:\docume~1\camo\locals~1\temp\nenum13E.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-6-3 17408]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-7 34064]
S3 PCAlertDriver;PCAlertDriver;c:\program files\msi\core center\NTGLM7X.sys [2007-5-19 26624]
S3 pgtigzips;pgtigzips;f:\business2\pgtigzips.sys [2008-1-7 29184]
S3 qxn;qxn;\??\f:\business\qxn.sys --> f:\business\qxn.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 tbidp;tbidp;\??\f:\copy of business\tbidp.sys --> f:\copy of business\tbidp.sys [?]
S3 trs;trs;f:\business2\trs.sys [2008-1-9 29184]
S3 umh;umh;f:\business2\umh.sys [2008-1-9 29184]
S3 wxyoucanq;wxyoucanq;f:\business2\wxyoucanq.sys [2008-1-8 29184]
S4 ICF;ICF;c:\windows\system32\svchost.exe:exe.exe []
S4 Microsoft System Management;Microsoft System Management; [x]

=============== Created Last 30 ================

2009-07-26 09:44 104 a------- c:\windows\system32\NvApps.xml
2009-07-26 09:43 2,184 a------- c:\windows\system32\wpa.dbl
2009-07-25 10:24 0 a------- c:\windows\exctrlst.INI
2009-07-25 09:53 <DIR> --d----- c:\program files\Resource Kit
2009-07-25 09:35 <DIR> --d----- c:\program files\Protection System
2009-07-25 08:15 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\RegCure
2009-07-24 22:55 360,064 a------- c:\windows\system32\drivers\tcpip.sys
2009-07-23 15:37 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-23 15:37 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-07-23 14:22 <DIR> --d----- c:\windows\ERUNT
2009-07-23 12:02 <DIR> --d----- c:\program files\WWShow
2009-07-23 11:57 <DIR> --d----- c:\program files\Jcore
2009-07-23 09:23 <DIR> --d----- c:\program files\FreeFixer
2009-07-23 09:10 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\14060004
2009-07-23 08:55 <DIR> --d----- c:\program files\sFX
2009-07-23 08:55 36,864 ----h--- c:\windows\system32\flashd32.dll
2009-07-19 17:47 <DIR> --d----- c:\program files\The KMPlayer
2009-07-08 20:18 <DIR> --d----- C:\etax2009
2009-07-08 05:29 <DIR> --d----- C:\VundoFix Backups
2009-07-08 04:43 140,288 a------- c:\windows\music.exe
2009-07-06 18:51 <DIR> --d----- c:\program files\AltBinz
2009-07-01 21:44 <DIR> --d----- c:\documents and settings\camo\Downloads
2009-07-01 21:44 <DIR> --d----- c:\docume~1\camo\applic~1\NewsLeecher

==================== Find3M ====================

2009-07-25 09:31 34,816 a------- c:\windows\system32\svchost.exe
2009-06-25 09:53 69,120 a------- C:\dse.exe
2009-06-21 14:49 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2009-06-21 14:49 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-21 08:46 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-17 00:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-17 00:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 20:46 6,235,384 a------- c:\windows\LCD Demo.exe
2009-06-16 20:46 37,232 a------- c:\windows\ASScrProlog.exe
2009-06-16 20:45 262,512 a------- c:\windows\ASUS LCD ScreenSaver Uninstaller.exe
2009-06-16 20:45 524,288 a------- c:\windows\Asus_LCD_ScreenSaver.scr
2009-06-16 20:45 606,848 a------- c:\windows\flashax.exe
2009-06-16 20:45 12,288 a------- c:\windows\impborl.dll
2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:28 188,484 a------- c:\windows\system32\nvsvc32.exe
2009-06-10 08:28 163,840 a------- c:\windows\system32\nvcolor.exe
2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll
2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll
2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-04 05:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 13:36 1,419,232 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-29 13:36 17,408 a------- c:\windows\system32\drivers\netaapl.sys
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-08 01:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 14:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 14:55 78,336 a------- c:\windows\system32\ieencode.dll
2004-02-07 10:22 227 a------- c:\program files\INSTALL.LOG
2002-07-29 19:43 23,357 a---h--- c:\program files\folder.htt
2002-07-29 19:43 271 ---sh--- c:\program files\desktop.ini
2008-11-02 23:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102720081103\index.dat
2008-11-02 23:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110320081104\index.dat

============= FINISH: 10:34:16.09 ===============

Attached Files


#2 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 26 July 2009 - 05:41 PM

what other forums have you posted at
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#3 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 05 August 2009 - 04:06 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here
Back to Resolved/Inactive HijackThis Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Lavasoft Support Forums
  2. Archived Topics
  3. Archives: Resolved/Inactive Topics
  4. Resolved/Inactive HijackThis Logs
  5. Terms of Service