Sloak Posted July 16, 2010 ID:285095 Share Posted July 16, 2010 ok I posted elsewhere and was instructed to run some scans a repost here so here they areand gmer ran but gave me this error firstC:\Windows\system32\config\system: The system cannot find the file specified.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4316Windows 6.1.7600Internet Explorer 8.0.7600.163857/16/2010 1:59:22 AMmbam-log-2010-07-16 (01-59-22).txtScan type: Quick scanObjects scanned: 155939Time elapsed: 3 minute(s), 50 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Program Files (x86)\DP32\display32.exe (Trojan.Backdoor) -> Delete on reboot.C:\Users\Bodie\AppData\Local\Temp\22.exe (Trojan.Downloader) -> Delete on reboot.DDS (Ver_10-03-17.01) - NTFSX64 Run by Bodie at 1:34:17.06 on Fri 07/16/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.6109 [GMT -4:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\SysWOW64\svchost.exe -k AkamaiC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exeC:\Program Files (x86)\MediaMall\MediaMallServer.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\SysWOW64\PnkBstrA.exeC:\Program Files (x86)\Spyware Terminator\sp_rsser.exeC:\Program Files (x86)\ThreatFire\TFService.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\WUDFHost.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exeC:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exeC:\Program Files\Microsoft IntelliPoint\dpupdchk.exeC:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exeC:\Program Files (x86)\ThreatFire\TFTray.exeC:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exeC:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Windows\system32\NOTEPAD.EXEC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Bodie\Desktop\dds.scrC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uSearch Page = uStart Page = hxxp://att.my.yahoo.com/uSearch Bar = mStart Page = hxxp://www.bigseekpro.com/cdcovers/{028D1584-8F44-41D7-BE3E-A9B52DBFA9FC}mLocal Page = c:\windows\syswow64\blank.htmuURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dlluURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dllmURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~2\crawler\toolbar\ctbr.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dllBHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn\YTSingleInstance.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dllTB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileTB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dllTB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~2\crawler\toolbar\ctbr.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [spywareTerminatorUpdate] "c:\program files (x86)\spyware terminator\SpywareTerminatorUpdate.exe"uRun: [DriverMax] "c:\program files (x86)\innovative solutions\drivermax\devices.exe" -agentuRun: [DriverMax_RESTART] "c:\program files (x86)\innovative solutions\drivermax\devices.exe" -RESTARTmRun: [Gateway Photo Frame] c:\program files (x86)\gateway photo frame\ButtonMonitor.exe -AmRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /noguimRun: [amd_dc_opt] c:\program files (x86)\amd\dual-core optimizer\amd_dc_opt.exemRun: [CloneCDTray] "c:\program files (x86)\slysoft\clonecd\CloneCDTray.exe" /smRun: [ThreatFire] c:\program files (x86)\threatfire\TFTray.exemRun: [VirtualCloneDrive] "c:\program files (x86)\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /smRun: [Monitor] "c:\program files (x86)\leapfrog\leapfrog connect\Monitor.exe"mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"StartupFolder: c:\users\bodie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office12\ONENOTEM.EXEStartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Crawler Search - tbr:iemenuIE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CABDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dllDPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cabDPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CABDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dllHandler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\crawler\toolbar\ctbr.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dllTB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileTB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No FileTB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No FileEB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No FilemRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exemRun-x64: [skytel] c:\program files\realtek\audio\hda\Skytel.exemRun-x64: [itype] "c:\program files\microsoft intellitype pro\itype.exe"mRun-x64: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"============= SERVICES / DRIVERS ===============R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-5-20 65072]R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-5-20 59880]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-5 121936]R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 27136]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-27 203264]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-5 20048]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-5 61008]R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-13 40384]R2 MediaMall Server;MediaMall Server;c:\program files (x86)\mediamall\MediaMallServer.exe [2010-3-18 3827056]R2 OrbisClient.Services;LabSim Configuration and Security;c:\program files (x86)\testout\orbis\OrbisClient.Services.exe [2010-3-23 14336]R2 ThreatFire;ThreatFire;c:\program files (x86)\threatfire\tfservice.exe service --> c:\program files (x86)\threatfire\TFService.exe service [?]R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-5-27 6856192]R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-5-27 264192]R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-13 40384]R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-13 40384]R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n64.sys [2009-10-20 1478176]R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-5-20 41888]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2010-7-9 402720]S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-4-5 133104]S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2010-5-5 25832]S3 DfSdkS;Defragmentation-Service;c:\program files (x86)\ashampoo\ashampoo winoptimizer 2010 advanced\DfSdkS.exe [2010-7-9 544768]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-1 1255736]=============== Created Last 30 ================2010-07-16 05:07:22 0 d-----w- c:\programdata\Gosu2010-07-16 05:04:50 20 ----a-w- c:\users\bodie\defogger_reenable2010-07-15 12:50:02 0 d-----w- c:\program files (x86)\UltraISO2010-07-15 12:50:02 0 d-----w- c:\program files (x86)\common files\EZB Systems2010-07-14 18:46:05 144384 ----a-w- c:\windows\system32\cdd.dll2010-07-13 20:48:37 0 d-----w- c:\users\bodie\appdata\roaming\Ascaron Entertainment2010-07-13 20:42:55 0 d-----w- c:\program files (x86)\Ascaron Entertainment2010-07-13 18:58:25 0 d-----w- c:\program files (x86)\1C Company2010-07-13 17:35:22 125456 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys2010-07-13 16:20:01 0 d-----w- c:\program files (x86)\Strategy First2010-07-13 15:55:51 38848 ----a-w- c:\windows\avastSS.scr2010-07-13 15:38:40 0 d-----w- c:\program files (x86)\Legend - Hand of God2010-07-12 06:38:43 0 d-----w- c:\program files (x86)\Pixelgame2010-07-12 06:38:35 306688 ----a-w- c:\windows\IsUninst.exe2010-07-11 12:55:05 0 d-----w- c:\program files (x86)\Monte Cristo2010-07-11 11:18:04 22230 ----a-w- c:\windows\syswow64\MK_BugReport[1_02][Oct-26-2006-15_03_03]100711_7184.dmp2010-07-11 11:18:03 765 ----a-w- c:\windows\syswow64\MK_BugReport[1_02][Oct-26-2006-15_03_03]100711_7183.er2010-07-11 11:17:08 784 ----a-w- c:\windows\syswow64\MK_BugReport[1_02][Oct-26-2006-15_03_03]100711_7178.er2010-07-11 11:17:08 22230 ----a-w- c:\windows\syswow64\MK_BugReport[1_02][Oct-26-2006-15_03_03]100711_7178.dmp2010-07-11 09:23:14 0 d-----w- c:\program files (x86)\NAMCO BANDAI Games2010-07-11 04:23:05 0 d-----w- c:\program files (x86)\Atari2010-07-09 07:27:03 0 d-----w- c:\users\bodie\appdata\roaming\Ashampoo2010-07-09 07:23:43 0 d-----w- c:\programdata\ashampoo2010-07-09 06:23:20 34304 ----a-w- c:\windows\system32\DfSdkBt.exe2010-07-09 06:23:20 28160 ----a-w- c:\windows\syswow64\DfSdkBt32.exe2010-07-09 06:23:18 0 d-----w- c:\program files (x86)\Ashampoo2010-07-09 05:31:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_point64k_01009.Wdf2010-07-09 05:30:29 34160 ----a-w- c:\windows\system32\drivers\point64k.sys2010-07-09 05:30:29 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll2010-07-09 05:30:28 501536 ----a-w- c:\windows\system32\yk62x64.dll2010-07-09 05:30:28 402720 ----a-w- c:\windows\system32\drivers\yk62x64.sys2010-07-09 04:52:13 0 d-----w- c:\programdata\Innovative Solutions2010-07-09 04:52:08 0 d-----w- c:\program files (x86)\Innovative Solutions2010-07-09 04:46:25 0 d-----w- c:\program files (x86)\Crawler2010-07-09 04:46:17 0 d-----w- c:\users\bodie\appdata\roaming\Spyware Terminator2010-07-09 04:46:16 0 d-----w- c:\programdata\Spyware Terminator2010-07-09 04:46:16 0 d-----w- c:\program files (x86)\Spyware Terminator2010-07-07 22:27:27 0 d-----w- c:\program files (x86)\JoWood2010-07-07 19:43:31 0 d-----w- c:\program files (x86)\Kalypso2010-07-06 04:34:26 0 d-----w- c:\users\bodie\appdata\roaming\The Chosen2010-07-06 04:34:25 0 d-----w- c:\users\bodie\appdata\roaming\Frater2010-07-06 04:34:05 0 d-----w- c:\program files (x86)\The Chosen2010-07-05 16:46:11 0 d-----w- c:\program files\WMV9_VCM2010-07-05 16:25:24 0 d-----w- c:\program files (x86)\Playlogic2010-06-30 03:10:03 652477081 ----a-w- c:\windows\MEMORY.DMP2010-06-29 23:51:10 0 d-----w- c:\users\bodie\appdata\roaming\HandBrake2010-06-29 23:51:07 0 d-----w- c:\program files (x86)\Handbrake2010-06-27 10:39:25 0 d-----w- c:\programdata\ATI2010-06-26 23:38:41 0 d-----w- c:\users\bodie\appdata\roaming\WB Games2010-06-26 23:27:37 0 d-----w- c:\program files (x86)\WB Games2010-06-26 18:24:46 0 d-----w- c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP2010-06-25 22:45:34 0 d-----w- C:\8d6e6ac55b19058b1f12f75d11f12010-06-25 12:59:19 0 d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP2010-06-25 12:52:38 0 d-----w- c:\program files (x86)\Activision2010-06-24 07:00:50 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll2010-06-24 07:00:50 49472 ----a-w- c:\windows\syswow64\netfxperf.dll2010-06-24 07:00:50 48960 ----a-w- c:\windows\system32\netfxperf.dll2010-06-24 07:00:50 444752 ----a-w- c:\windows\system32\mscoree.dll2010-06-24 07:00:50 320352 ----a-w- c:\windows\system32\PresentationHost.exe2010-06-24 07:00:50 297808 ----a-w- c:\windows\syswow64\mscoree.dll2010-06-24 07:00:50 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe2010-06-24 07:00:50 1942856 ----a-w- c:\windows\system32\dfshim.dll2010-06-24 07:00:50 1130824 ----a-w- c:\windows\syswow64\dfshim.dll2010-06-24 07:00:50 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll2010-06-23 19:39:18 1736608 ----a-w- c:\windows\system32\ntdll.dll2010-06-23 19:39:18 1289528 ----a-w- c:\windows\syswow64\ntdll.dll2010-06-23 19:36:52 961024 ----a-w- c:\windows\system32\CPFilters.dll2010-06-23 19:36:52 641536 ----a-w- c:\windows\syswow64\CPFilters.dll2010-06-23 19:36:52 552960 ----a-w- c:\windows\system32\msdri.dll2010-06-23 19:36:52 288256 ----a-w- c:\windows\system32\MSNP.ax2010-06-23 19:36:52 258560 ----a-w- c:\windows\system32\mpg2splt.ax2010-06-23 19:36:52 204288 ----a-w- c:\windows\syswow64\MSNP.ax2010-06-23 19:36:52 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax2010-06-23 08:44:15 0 d-----w- c:\program files (x86)\Akella2010-06-19 18:54:32 0 d-----w- c:\windows\8A83AE5FF59B4E1FBF2A49185A42ED1B.TMP2010-06-19 18:54:05 0 d-----w- c:\program files\DIFX2010-06-19 18:45:35 0 d-----w- c:\programdata\Leapfrog2010-06-19 18:45:35 0 d-----w- c:\program files (x86)\LeapFrog2010-06-19 04:33:57 0 d-----w- c:\program files (x86)\common files\Akamai2010-06-19 04:33:52 0 d-----w- c:\program files (x86)\LEGO Software2010-06-19 04:33:30 1060864 ----a-w- c:\windows\syswow64\mfc71.dll2010-06-16 13:26:00 0 d-----w- C:\Perfect World Entertainment==================== Find3M ====================2010-07-13 18:45:37 857 ---ha-w- c:\users\bodie\appdata\roaming\Bodielog.dat2010-06-28 20:57:12 165032 ----a-w- c:\windows\syswow64\aswBoot.exe2010-06-28 20:33:00 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2010-06-10 02:20:18 103736 ----a-w- c:\windows\syswow64\PnkBstrB.exe2010-06-10 02:20:13 669184 ----a-w- c:\windows\syswow64\pbsvc.exe2010-06-10 02:20:13 66872 ----a-w- c:\windows\syswow64\PnkBstrA.exe2010-06-02 08:55:30 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll2010-06-02 08:55:30 74072 ----a-w- c:\windows\syswow64\XAPOFX1_5.dll2010-06-02 08:55:30 527192 ----a-w- c:\windows\syswow64\XAudio2_7.dll2010-06-02 08:55:30 518488 ----a-w- c:\windows\system32\XAudio2_7.dll2010-06-02 08:55:30 239960 ----a-w- c:\windows\syswow64\xactengine3_7.dll2010-06-02 08:55:30 176984 ----a-w- c:\windows\system32\xactengine3_7.dll2010-05-27 17:39:12 6856192 ----a-w- c:\windows\system32\drivers\atikmdag.sys2010-05-27 17:25:54 19901952 ----a-w- c:\windows\system32\atio6axx.dll2010-05-27 17:05:28 15180800 ----a-w- c:\windows\syswow64\atioglxx.dll2010-05-27 17:02:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe2010-05-27 17:02:46 511488 ----a-w- c:\windows\syswow64\aticfx32.dll2010-05-27 17:02:04 592384 ----a-w- c:\windows\system32\aticfx64.dll2010-05-27 17:00:20 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll2010-05-27 17:00:10 458752 ----a-w- c:\windows\system32\atieclxx.exe2010-05-27 16:59:40 203264 ----a-w- c:\windows\system32\atiesrxx.exe2010-05-27 16:58:42 120320 ----a-w- c:\windows\system32\atitmm64.dll2010-05-27 16:58:24 421376 ----a-w- c:\windows\system32\atipdl64.dll2010-05-27 16:58:18 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll2010-05-27 16:58:10 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll2010-05-27 16:58:06 12288 ----a-w- c:\windows\system32\atimuixx.dll2010-05-27 16:58:02 59392 ----a-w- c:\windows\system32\atiedu64.dll2010-05-27 16:57:58 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll2010-05-27 16:54:56 3668480 ----a-w- c:\windows\syswow64\atidxx32.dll2010-05-27 16:46:52 4294656 ----a-w- c:\windows\system32\atidxx64.dll2010-05-27 16:41:12 43008 ----a-w- c:\windows\system32\aticalrt64.dll2010-05-27 16:41:10 53248 ----a-w- c:\windows\syswow64\aticalrt.dll2010-05-27 16:41:06 39936 ----a-w- c:\windows\system32\aticalcl64.dll2010-05-27 16:41:04 53248 ----a-w- c:\windows\syswow64\aticalcl.dll2010-05-27 16:40:58 5264896 ----a-w- c:\windows\system32\aticaldd64.dll2010-05-27 16:39:54 4096000 ----a-w- c:\windows\syswow64\aticaldd.dll2010-05-27 16:37:44 3798528 ----a-w- c:\windows\syswow64\atiumdag.dll2010-05-27 16:37:08 2752512 ----a-w- c:\windows\system32\atiumd6a.dll2010-05-27 16:35:18 55296 ----a-w- c:\windows\system32\coinst.dll2010-05-27 16:32:06 4917248 ----a-w- c:\windows\system32\atiumd64.dll2010-05-27 16:31:38 3025408 ----a-w- c:\windows\syswow64\atiumdva.dll2010-05-27 16:26:00 335872 ----a-w- c:\windows\system32\atiadlxx.dll2010-05-27 16:25:54 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll2010-05-27 16:25:46 14848 ----a-w- c:\windows\system32\atig6pxx.dll2010-05-27 16:25:44 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll2010-05-27 16:25:44 12800 ----a-w- c:\windows\system32\atiglpxx.dll2010-05-27 16:25:40 18432 ----a-w- c:\windows\system32\atig6txx.dll2010-05-27 16:25:38 16896 ----a-w- c:\windows\syswow64\atigktxx.dll2010-05-27 16:25:36 264192 ----a-w- c:\windows\system32\drivers\atikmpag.sys2010-05-27 16:25:00 38912 ----a-w- c:\windows\system32\atiuxp64.dll2010-05-27 16:24:56 30208 ----a-w- c:\windows\syswow64\atiuxpag.dll2010-05-27 16:24:50 30208 ----a-w- c:\windows\system32\atiu9p64.dll2010-05-27 16:24:46 22528 ----a-w- c:\windows\syswow64\atiu9pag.dll2010-05-27 16:24:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll2010-05-27 16:20:50 54272 ----a-w- c:\windows\system32\atimpc64.dll2010-05-27 16:20:50 54272 ----a-w- c:\windows\system32\amdpcom64.dll2010-05-27 16:20:46 52736 ----a-w- c:\windows\syswow64\atimpc32.dll2010-05-27 16:20:46 52736 ----a-w- c:\windows\syswow64\amdpcom32.dll2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll2010-05-26 15:41:02 511328 ----a-w- c:\windows\system32\d3dx10_43.dll2010-05-26 15:41:02 470880 ----a-w- c:\windows\syswow64\d3dx10_43.dll2010-05-26 15:41:02 276832 ----a-w- c:\windows\system32\d3dx11_43.dll2010-05-26 15:41:02 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll2010-05-26 15:41:02 248672 ----a-w- c:\windows\syswow64\d3dx11_43.dll2010-05-26 15:41:02 2106216 ----a-w- c:\windows\syswow64\D3DCompiler_43.dll2010-05-26 15:41:02 1998168 ----a-w- c:\windows\syswow64\D3DX9_43.dll2010-05-26 15:41:02 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll2010-05-26 15:41:02 1868128 ----a-w- c:\windows\syswow64\d3dcsx_43.dll2010-05-26 15:41:00 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll2010-05-21 18:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll2010-05-20 03:43:21 153376 ----a-w- c:\windows\syswow64\javaws.exe2010-05-20 03:43:21 145184 ----a-w- c:\windows\syswow64\javaw.exe2010-05-20 03:43:21 145184 ----a-w- c:\windows\syswow64\java.exe2010-05-20 03:43:20 411368 ----a-w- c:\windows\syswow64\deployJava1.dll2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys2010-04-29 15:37:26 2137 ----a-w- c:\windows\syswow64\atipblag.dat2010-04-29 15:37:26 2137 ----a-w- c:\windows\system32\atipblag.dat2010-04-27 18:45:56 72856 ----a-w- c:\windows\syswow64\xliveinstallhost.exe2010-04-27 18:45:56 187544 ----a-w- c:\windows\syswow64\xliveinstall.dll2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat2010-01-30 22:47:48 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat2010-01-30 21:39:41 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe============= FINISH: 1:37:02.54 ===============awaiting reply thanks in advanceAttach.zipark.zip Link to post Share on other sites More sharing options...
Sloak Posted July 23, 2010 Author ID:288886 Share Posted July 23, 2010 6 days and no reply I still need help please am I infected bad?I think I finaly got rid of the 22.exeand the display32.exe by running in safe mode but I was wanting someone to read my loggs and tell me if I'm infected elsewere Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 23, 2010 Root Admin ID:288893 Share Posted July 23, 2010 You don't appear to be infected all that bad.Please uninstall this as the logs show it's not compatible with your system: Spyware TerminatorIt also shows that you may have an older version of SuperAntispyware installed as it says the driver is not compatible eitehr. SASKUTILI don't see it in your Add/Remove list though.Also, not saying these are Malware but you may want to consider if you really need or want these toolbars as they can often help lead you to getting an infection from some of them due to advertising or similar activity.Zynga ToolbarCrawler ToolbarI'm not a big fan of any toolbars though myself. Update and Scan with Malwarebytes' Anti-MalwareStart MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.Update Malwarebytes' Anti-Malware Select the Update tabClick Update[*]When the update is complete, select the Scanner tab[*]Select Perform quick scan, then click Scan.[*]When the scan is complete, click OK, then Show Results to view the results.[*]Be sure that everything is checked, and click Remove Selected.[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply If you accidently close it, the log file is saved here and will be named like this:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtThen post back the MBAM log.Let me know how the computer is running now and if there are still any signs of an infection or not. Link to post Share on other sites More sharing options...
Sloak Posted July 23, 2010 Author ID:289127 Share Posted July 23, 2010 Ok I removed the tool bars and the spyware terminator and fixed the failed install of super anti spyware Then I ran malwarebytes and thi is the logMalwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4316Windows 6.1.7600Internet Explorer 8.0.7600.163857/23/2010 9:38:06 AMmbam-log-2010-07-23 (09-38-06).txtScan type: Quick scanObjects scanned: 155614Time elapsed: 4 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Program Files (x86)\DP32\display32.exe (Trojan.Backdoor) -> Delete on reboot.C:\Users\Bodie\AppData\Local\Temp\22.exe (Trojan.Downloader) -> Delete on reboot.theese 2 keep coming up even after a reboot Tried several timesall in all systems running Fine so what do I do now are these files false positives I cannot locate the files I'm running win 7 home premium 64 bitawaiting your reply and thanks in advance Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 24, 2010 Root Admin ID:289419 Share Posted July 24, 2010 Well let's see if we can get a better look at what's going on there.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSITx64.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) Link to post Share on other sites More sharing options...
Sloak Posted July 24, 2010 Author ID:289834 Share Posted July 24, 2010 The following loggs are attached thanks again for your helpinfo.txtlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 26, 2010 Root Admin ID:290469 Share Posted July 26, 2010 Please run the following.It can take several hours, so please be patient and allow it to run it's full course.Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner **Note**To optimize scanning time and produce a more sensible report for review: Close any open programsTurn off the real time scanner of any existing antivirus program while performing the online scan.Click Accept, when prompted to download and install the program files and database of malware definitions. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save Report As... button. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 30, 2010 Root Admin ID:292688 Share Posted July 30, 2010 Are you still with us? Link to post Share on other sites More sharing options...
Sloak Posted July 30, 2010 Author ID:292863 Share Posted July 30, 2010 Are you still with us?yes sorry had to catch up some school work and labs will be running the scans either tonight or tomarrow and post back sorry about the delay and I rteally appreaciate your help Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 3, 2010 Root Admin ID:294694 Share Posted August 3, 2010 Were you able to finish the scan? Please post the log. Thanks. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 5, 2010 Root Admin ID:295832 Share Posted August 5, 2010 Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you. Link to post Share on other sites More sharing options...
Recommended Posts