Jump to content

Recommended Posts

ok I posted elsewhere and was instructed to run some scans a repost here so here they are

and gmer ran but gave me this error first

C:\Windows\system32\config\system: The system cannot find the file specified.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4316

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

7/16/2010 1:59:22 AM

mbam-log-2010-07-16 (01-59-22).txt

Scan type: Quick scan

Objects scanned: 155939

Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files (x86)\DP32\display32.exe (Trojan.Backdoor) -> Delete on reboot.

C:\Users\Bodie\AppData\Local\Temp\22.exe (Trojan.Downloader) -> Delete on reboot.

DDS (Ver_10-03-17.01) - NTFSX64

Run by Bodie at 1:34:17.06 on Fri 07/16/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.6109 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files (x86)\MediaMall\MediaMallServer.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe

C:\Program Files (x86)\ThreatFire\TFService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files (x86)\ThreatFire\TFTray.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Bodie\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =

uStart Page = hxxp://att.my.yahoo.com/

uSearch Bar =

mStart Page = hxxp://www.bigseekpro.com/cdcovers/{028D1584-8F44-41D7-BE3E-A9B52DBFA9FC}

mLocal Page = c:\windows\syswow64\blank.htm

uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dll

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~2\crawler\toolbar\ctbr.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dll

TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~2\crawler\toolbar\ctbr.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [spywareTerminatorUpdate] "c:\program files (x86)\spyware terminator\SpywareTerminatorUpdate.exe"

uRun: [DriverMax] "c:\program files (x86)\innovative solutions\drivermax\devices.exe" -agent

uRun: [DriverMax_RESTART] "c:\program files (x86)\innovative solutions\drivermax\devices.exe" -RESTART

mRun: [Gateway Photo Frame] c:\program files (x86)\gateway photo frame\ButtonMonitor.exe -A

mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [amd_dc_opt] c:\program files (x86)\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [CloneCDTray] "c:\program files (x86)\slysoft\clonecd\CloneCDTray.exe" /s

mRun: [ThreatFire] c:\program files (x86)\threatfire\TFTray.exe

mRun: [VirtualCloneDrive] "c:\program files (x86)\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [Monitor] "c:\program files (x86)\leapfrog\leapfrog connect\Monitor.exe"

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\bodie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Crawler Search - tbr:iemenu

IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab

DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\crawler\toolbar\ctbr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File

TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe

mRun-x64: [skytel] c:\program files\realtek\audio\hda\Skytel.exe

mRun-x64: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun-x64: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-5-20 65072]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-5-20 59880]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-5 121936]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 27136]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-27 203264]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-5 20048]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-5 61008]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-13 40384]

R2 MediaMall Server;MediaMall Server;c:\program files (x86)\mediamall\MediaMallServer.exe [2010-3-18 3827056]

R2 OrbisClient.Services;LabSim Configuration and Security;c:\program files (x86)\testout\orbis\OrbisClient.Services.exe [2010-3-23 14336]

R2 ThreatFire;ThreatFire;c:\program files (x86)\threatfire\tfservice.exe service --> c:\program files (x86)\threatfire\TFService.exe service [?]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-5-27 6856192]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-5-27 264192]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-13 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-13 40384]

R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n64.sys [2009-10-20 1478176]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-5-20 41888]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2010-7-9 402720]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-4-5 133104]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2010-5-5 25832]

S3 DfSdkS;Defragmentation-Service;c:\program files (x86)\ashampoo\ashampoo winoptimizer 2010 advanced\DfSdkS.exe [2010-7-9 544768]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-1 1255736]

=============== Created Last 30 ================

2010-07-16 05:07:22 0 d-----w- c:\programdata\Gosu

2010-07-16 05:04:50 20 ----a-w- c:\users\bodie\defogger_reenable

2010-07-15 12:50:02 0 d-----w- c:\program files (x86)\UltraISO

2010-07-15 12:50:02 0 d-----w- c:\program files (x86)\common files\EZB Systems

2010-07-14 18:46:05 144384 ----a-w- c:\windows\system32\cdd.dll

2010-07-13 20:48:37 0 d-----w- c:\users\bodie\appdata\roaming\Ascaron Entertainment

2010-07-13 20:42:55 0 d-----w- c:\program files (x86)\Ascaron Entertainment

2010-07-13 18:58:25 0 d-----w- c:\program files (x86)\1C Company

2010-07-13 17:35:22 125456 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys

2010-07-13 16:20:01 0 d-----w- c:\program files (x86)\Strategy First

2010-07-13 15:55:51 38848 ----a-w- c:\windows\avastSS.scr

2010-07-13 15:38:40 0 d-----w- c:\program files (x86)\Legend - Hand of God

2010-07-12 06:38:43 0 d-----w- c:\program files (x86)\Pixelgame

2010-07-12 06:38:35 306688 ----a-w- c:\windows\IsUninst.exe

2010-07-11 12:55:05 0 d-----w- c:\program files (x86)\Monte Cristo

2010-07-11 11:18:04 22230 ----a-w- c:\windows\syswow64\MK_BugReport[1_02][Oct-26-2006-15_03_03]100711_7184.dmp

2010-07-11 11:18:03 765 ----a-w- c:\windows\syswow64\MK_BugReport[1_02][Oct-26-2006-15_03_03]100711_7183.er

2010-07-11 11:17:08 784 ----a-w- c:\windows\syswow64\MK_BugReport[1_02][Oct-26-2006-15_03_03]100711_7178.er

2010-07-11 11:17:08 22230 ----a-w- c:\windows\syswow64\MK_BugReport[1_02][Oct-26-2006-15_03_03]100711_7178.dmp

2010-07-11 09:23:14 0 d-----w- c:\program files (x86)\NAMCO BANDAI Games

2010-07-11 04:23:05 0 d-----w- c:\program files (x86)\Atari

2010-07-09 07:27:03 0 d-----w- c:\users\bodie\appdata\roaming\Ashampoo

2010-07-09 07:23:43 0 d-----w- c:\programdata\ashampoo

2010-07-09 06:23:20 34304 ----a-w- c:\windows\system32\DfSdkBt.exe

2010-07-09 06:23:20 28160 ----a-w- c:\windows\syswow64\DfSdkBt32.exe

2010-07-09 06:23:18 0 d-----w- c:\program files (x86)\Ashampoo

2010-07-09 05:31:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_point64k_01009.Wdf

2010-07-09 05:30:29 34160 ----a-w- c:\windows\system32\drivers\point64k.sys

2010-07-09 05:30:29 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

2010-07-09 05:30:28 501536 ----a-w- c:\windows\system32\yk62x64.dll

2010-07-09 05:30:28 402720 ----a-w- c:\windows\system32\drivers\yk62x64.sys

2010-07-09 04:52:13 0 d-----w- c:\programdata\Innovative Solutions

2010-07-09 04:52:08 0 d-----w- c:\program files (x86)\Innovative Solutions

2010-07-09 04:46:25 0 d-----w- c:\program files (x86)\Crawler

2010-07-09 04:46:17 0 d-----w- c:\users\bodie\appdata\roaming\Spyware Terminator

2010-07-09 04:46:16 0 d-----w- c:\programdata\Spyware Terminator

2010-07-09 04:46:16 0 d-----w- c:\program files (x86)\Spyware Terminator

2010-07-07 22:27:27 0 d-----w- c:\program files (x86)\JoWood

2010-07-07 19:43:31 0 d-----w- c:\program files (x86)\Kalypso

2010-07-06 04:34:26 0 d-----w- c:\users\bodie\appdata\roaming\The Chosen

2010-07-06 04:34:25 0 d-----w- c:\users\bodie\appdata\roaming\Frater

2010-07-06 04:34:05 0 d-----w- c:\program files (x86)\The Chosen

2010-07-05 16:46:11 0 d-----w- c:\program files\WMV9_VCM

2010-07-05 16:25:24 0 d-----w- c:\program files (x86)\Playlogic

2010-06-30 03:10:03 652477081 ----a-w- c:\windows\MEMORY.DMP

2010-06-29 23:51:10 0 d-----w- c:\users\bodie\appdata\roaming\HandBrake

2010-06-29 23:51:07 0 d-----w- c:\program files (x86)\Handbrake

2010-06-27 10:39:25 0 d-----w- c:\programdata\ATI

2010-06-26 23:38:41 0 d-----w- c:\users\bodie\appdata\roaming\WB Games

2010-06-26 23:27:37 0 d-----w- c:\program files (x86)\WB Games

2010-06-26 18:24:46 0 d-----w- c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP

2010-06-25 22:45:34 0 d-----w- C:\8d6e6ac55b19058b1f12f75d11f1

2010-06-25 12:59:19 0 d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP

2010-06-25 12:52:38 0 d-----w- c:\program files (x86)\Activision

2010-06-24 07:00:50 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll

2010-06-24 07:00:50 49472 ----a-w- c:\windows\syswow64\netfxperf.dll

2010-06-24 07:00:50 48960 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-24 07:00:50 444752 ----a-w- c:\windows\system32\mscoree.dll

2010-06-24 07:00:50 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-24 07:00:50 297808 ----a-w- c:\windows\syswow64\mscoree.dll

2010-06-24 07:00:50 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe

2010-06-24 07:00:50 1942856 ----a-w- c:\windows\system32\dfshim.dll

2010-06-24 07:00:50 1130824 ----a-w- c:\windows\syswow64\dfshim.dll

2010-06-24 07:00:50 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-23 19:39:18 1736608 ----a-w- c:\windows\system32\ntdll.dll

2010-06-23 19:39:18 1289528 ----a-w- c:\windows\syswow64\ntdll.dll

2010-06-23 19:36:52 961024 ----a-w- c:\windows\system32\CPFilters.dll

2010-06-23 19:36:52 641536 ----a-w- c:\windows\syswow64\CPFilters.dll

2010-06-23 19:36:52 552960 ----a-w- c:\windows\system32\msdri.dll

2010-06-23 19:36:52 288256 ----a-w- c:\windows\system32\MSNP.ax

2010-06-23 19:36:52 258560 ----a-w- c:\windows\system32\mpg2splt.ax

2010-06-23 19:36:52 204288 ----a-w- c:\windows\syswow64\MSNP.ax

2010-06-23 19:36:52 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax

2010-06-23 08:44:15 0 d-----w- c:\program files (x86)\Akella

2010-06-19 18:54:32 0 d-----w- c:\windows\8A83AE5FF59B4E1FBF2A49185A42ED1B.TMP

2010-06-19 18:54:05 0 d-----w- c:\program files\DIFX

2010-06-19 18:45:35 0 d-----w- c:\programdata\Leapfrog

2010-06-19 18:45:35 0 d-----w- c:\program files (x86)\LeapFrog

2010-06-19 04:33:57 0 d-----w- c:\program files (x86)\common files\Akamai

2010-06-19 04:33:52 0 d-----w- c:\program files (x86)\LEGO Software

2010-06-19 04:33:30 1060864 ----a-w- c:\windows\syswow64\mfc71.dll

2010-06-16 13:26:00 0 d-----w- C:\Perfect World Entertainment

==================== Find3M ====================

2010-07-13 18:45:37 857 ---ha-w- c:\users\bodie\appdata\roaming\Bodielog.dat

2010-06-28 20:57:12 165032 ----a-w- c:\windows\syswow64\aswBoot.exe

2010-06-28 20:33:00 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-06-10 02:20:18 103736 ----a-w- c:\windows\syswow64\PnkBstrB.exe

2010-06-10 02:20:13 669184 ----a-w- c:\windows\syswow64\pbsvc.exe

2010-06-10 02:20:13 66872 ----a-w- c:\windows\syswow64\PnkBstrA.exe

2010-06-02 08:55:30 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2010-06-02 08:55:30 74072 ----a-w- c:\windows\syswow64\XAPOFX1_5.dll

2010-06-02 08:55:30 527192 ----a-w- c:\windows\syswow64\XAudio2_7.dll

2010-06-02 08:55:30 518488 ----a-w- c:\windows\system32\XAudio2_7.dll

2010-06-02 08:55:30 239960 ----a-w- c:\windows\syswow64\xactengine3_7.dll

2010-06-02 08:55:30 176984 ----a-w- c:\windows\system32\xactengine3_7.dll

2010-05-27 17:39:12 6856192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2010-05-27 17:25:54 19901952 ----a-w- c:\windows\system32\atio6axx.dll

2010-05-27 17:05:28 15180800 ----a-w- c:\windows\syswow64\atioglxx.dll

2010-05-27 17:02:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2010-05-27 17:02:46 511488 ----a-w- c:\windows\syswow64\aticfx32.dll

2010-05-27 17:02:04 592384 ----a-w- c:\windows\system32\aticfx64.dll

2010-05-27 17:00:20 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll

2010-05-27 17:00:10 458752 ----a-w- c:\windows\system32\atieclxx.exe

2010-05-27 16:59:40 203264 ----a-w- c:\windows\system32\atiesrxx.exe

2010-05-27 16:58:42 120320 ----a-w- c:\windows\system32\atitmm64.dll

2010-05-27 16:58:24 421376 ----a-w- c:\windows\system32\atipdl64.dll

2010-05-27 16:58:18 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll

2010-05-27 16:58:10 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll

2010-05-27 16:58:06 12288 ----a-w- c:\windows\system32\atimuixx.dll

2010-05-27 16:58:02 59392 ----a-w- c:\windows\system32\atiedu64.dll

2010-05-27 16:57:58 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll

2010-05-27 16:54:56 3668480 ----a-w- c:\windows\syswow64\atidxx32.dll

2010-05-27 16:46:52 4294656 ----a-w- c:\windows\system32\atidxx64.dll

2010-05-27 16:41:12 43008 ----a-w- c:\windows\system32\aticalrt64.dll

2010-05-27 16:41:10 53248 ----a-w- c:\windows\syswow64\aticalrt.dll

2010-05-27 16:41:06 39936 ----a-w- c:\windows\system32\aticalcl64.dll

2010-05-27 16:41:04 53248 ----a-w- c:\windows\syswow64\aticalcl.dll

2010-05-27 16:40:58 5264896 ----a-w- c:\windows\system32\aticaldd64.dll

2010-05-27 16:39:54 4096000 ----a-w- c:\windows\syswow64\aticaldd.dll

2010-05-27 16:37:44 3798528 ----a-w- c:\windows\syswow64\atiumdag.dll

2010-05-27 16:37:08 2752512 ----a-w- c:\windows\system32\atiumd6a.dll

2010-05-27 16:35:18 55296 ----a-w- c:\windows\system32\coinst.dll

2010-05-27 16:32:06 4917248 ----a-w- c:\windows\system32\atiumd64.dll

2010-05-27 16:31:38 3025408 ----a-w- c:\windows\syswow64\atiumdva.dll

2010-05-27 16:26:00 335872 ----a-w- c:\windows\system32\atiadlxx.dll

2010-05-27 16:25:54 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll

2010-05-27 16:25:46 14848 ----a-w- c:\windows\system32\atig6pxx.dll

2010-05-27 16:25:44 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll

2010-05-27 16:25:44 12800 ----a-w- c:\windows\system32\atiglpxx.dll

2010-05-27 16:25:40 18432 ----a-w- c:\windows\system32\atig6txx.dll

2010-05-27 16:25:38 16896 ----a-w- c:\windows\syswow64\atigktxx.dll

2010-05-27 16:25:36 264192 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2010-05-27 16:25:00 38912 ----a-w- c:\windows\system32\atiuxp64.dll

2010-05-27 16:24:56 30208 ----a-w- c:\windows\syswow64\atiuxpag.dll

2010-05-27 16:24:50 30208 ----a-w- c:\windows\system32\atiu9p64.dll

2010-05-27 16:24:46 22528 ----a-w- c:\windows\syswow64\atiu9pag.dll

2010-05-27 16:24:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2010-05-27 16:20:50 54272 ----a-w- c:\windows\system32\atimpc64.dll

2010-05-27 16:20:50 54272 ----a-w- c:\windows\system32\amdpcom64.dll

2010-05-27 16:20:46 52736 ----a-w- c:\windows\syswow64\atimpc32.dll

2010-05-27 16:20:46 52736 ----a-w- c:\windows\syswow64\amdpcom32.dll

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-26 15:41:02 511328 ----a-w- c:\windows\system32\d3dx10_43.dll

2010-05-26 15:41:02 470880 ----a-w- c:\windows\syswow64\d3dx10_43.dll

2010-05-26 15:41:02 276832 ----a-w- c:\windows\system32\d3dx11_43.dll

2010-05-26 15:41:02 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2010-05-26 15:41:02 248672 ----a-w- c:\windows\syswow64\d3dx11_43.dll

2010-05-26 15:41:02 2106216 ----a-w- c:\windows\syswow64\D3DCompiler_43.dll

2010-05-26 15:41:02 1998168 ----a-w- c:\windows\syswow64\D3DX9_43.dll

2010-05-26 15:41:02 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll

2010-05-26 15:41:02 1868128 ----a-w- c:\windows\syswow64\d3dcsx_43.dll

2010-05-26 15:41:00 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll

2010-05-21 18:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-20 03:43:21 153376 ----a-w- c:\windows\syswow64\javaws.exe

2010-05-20 03:43:21 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-05-20 03:43:21 145184 ----a-w- c:\windows\syswow64\java.exe

2010-05-20 03:43:20 411368 ----a-w- c:\windows\syswow64\deployJava1.dll

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 15:37:26 2137 ----a-w- c:\windows\syswow64\atipblag.dat

2010-04-29 15:37:26 2137 ----a-w- c:\windows\system32\atipblag.dat

2010-04-27 18:45:56 72856 ----a-w- c:\windows\syswow64\xliveinstallhost.exe

2010-04-27 18:45:56 187544 ----a-w- c:\windows\syswow64\xliveinstall.dll

2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2010-01-30 22:47:48 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-01-30 21:39:41 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 1:37:02.54 ===============

awaiting reply

thanks in advance

Attach.zip

ark.zip

Link to post
Share on other sites

6 days and no reply I still need help please am I infected bad?

I think I finaly got rid of the 22.exe

and the display32.exe by running in safe mode but I was wanting someone to read my loggs and tell me if I'm infected elsewere

Link to post
Share on other sites

  • Root Admin

You don't appear to be infected all that bad.

Please uninstall this as the logs show it's not compatible with your system: Spyware Terminator

It also shows that you may have an older version of SuperAntispyware installed as it says the driver is not compatible eitehr. SASKUTIL

I don't see it in your Add/Remove list though.

Also, not saying these are Malware but you may want to consider if you really need or want these toolbars as they can often help lead you to getting an infection from some of them due to advertising or similar activity.

Zynga Toolbar

Crawler Toolbar

I'm not a big fan of any toolbars though myself.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log.

Let me know how the computer is running now and if there are still any signs of an infection or not.

Link to post
Share on other sites

Ok I removed the tool bars and the spyware terminator and fixed the failed install of super anti spyware

Then I ran malwarebytes and thi is the log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4316

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

7/23/2010 9:38:06 AM

mbam-log-2010-07-23 (09-38-06).txt

Scan type: Quick scan

Objects scanned: 155614

Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files (x86)\DP32\display32.exe (Trojan.Backdoor) -> Delete on reboot.

C:\Users\Bodie\AppData\Local\Temp\22.exe (Trojan.Downloader) -> Delete on reboot.

theese 2 keep coming up even after a reboot Tried several times

all in all systems running Fine

so what do I do now are these files false positives I cannot locate the files

I'm running win 7 home premium 64 bit

awaiting your reply and thanks in advance

Link to post
Share on other sites

  • Root Admin

Well let's see if we can get a better look at what's going on there.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSITx64.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Link to post
Share on other sites

  • Root Admin

Please run the following.

It can take several hours, so please be patient and allow it to run it's full course.

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.