|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
10-16-2009, 03:09 AM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 1
OS: vista 32bit
|
yet another Malware attack.
Hi all,
Another malware problem for you all. Thanks in advance to the mods and volunteers. On starting firefox, I get a series of problems. - one or more Internet explorer pages will open and direct me to different anti-spyware pages and others such as: hxxp://media2.tmlatn.com/images/defaults41/approved/404.html or hxxp://www.freelottocasino.com/index.asp?src=mglotto&prt=lotto_111211 or hxxp://best-scanpc.com/vista/?code=934 or hxxp://www.pcsecurityshield.com/lp/shield-deluxe-27.aspx?trk=WTK&affid=541 Previously the bestscanpc website was the most frequent page brought up, however now it is more the pcsecurityshield and media.2.tmlan.com. In clicking links after a google search - I also at random get re-directed to different websites. (this hasn't happened recently though) Also NOD32 keeps on bringing up a message quite frequently but it seems to be at random. I'm a little worried about this one as it seems to always come up when im on a password page - note the file starts with pw too!. I've attached an doc which shows the pop up message. Also i'm not sure if it is related, however i've only noticed it happening recently. whenever I start my pc up and log in - the error message comes up saying that windows explorer and stopped responding (the one where it automatically checks for a solution). It then leaves me with a blackened screen where I can only go to task manager or ctrl-alt-del. Restarting the laptop does nothing. Instead I ctrl-alt-del, log off then log back on and then I can operate the laptop again. I've tried adaware, norton, spybot, spydoctor and am currently using nod32. (all uninstalled except nod32.) I've attached event log of nod 32 in the same doc attached. i've clean/checked for errors in the registry using CleanMyPc and CCleaner (both still installed.) I've previously had both bittorrent and limewire pro installed (now uninstalled) Currently on Vista. my brother (who is now interstate) tried to fix it using logs from hijackthis, but no solution was found. Please find attached the DDS logs. DDS (Ver_09-10-13.01) - NTFSx86 Run by Poonani at 18:20:48.23 on Fri 16/10/2009 Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_13 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3068.1665 [GMT 11:00] AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe C:\Windows\SMINST\BLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\dllhost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\dllhost.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Windows\System32\msdtc.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Poonani\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.au/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll uRun: [Registry Cleaner Scheduler] "c:\program files\cleanmypc\registry cleaner\RCHelper.exe" /startup uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTunerWrapper.exe" /S mRun: [RandMAC] c:\program files\madmacs\MadMACs.exe doittoit mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll AppInit_DLLs: c:\windows\system32\dmvdsitf32.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\poonani\appdata\roaming\mozilla\firefox\profiles\ledfcp9j.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\users\poonani\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\users\poonani\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_e2247046\AEstSrv.exe [2009-3-2 81920] R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224] R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 24880] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-1 341328] R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-11-2 7168] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-5-21 193840] R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-25 52736] R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-1 81296] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592] R3 Salmosa03;Razer Salmosa USB Filter Driver;c:\windows\system32\drivers\Salmosa.sys [2009-6-29 9344] R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-2 9216] S3 CrystalSysInfo;CrystalSysInfo;c:\program files\mediacoder ipod edition\SysInfo.sys [2007-9-26 15152] S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016] S4 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe /service --> c:\program files\relevantknowledge\rlservice.exe [?] ============== File Associations =============== txtfile=c:\windows\notepad.exe %1 =============== Created Last 30 ================ 2009-10-16 18:16 <DIR> --dsh--- c:\windows\system32\LocalService 2009-10-16 14:38 1,638,912 a------- c:\windows\system32\mshtml.tlb 2009-10-16 14:38 71,680 a------- c:\windows\system32\iesetup.dll 2009-10-16 14:38 57,667 a------- c:\windows\system32\ieuinit.inf 2009-10-16 14:37 604,672 a------- c:\windows\system32\WMSPDMOD.DLL 2009-10-09 17:55 2,367 a--sh--- c:\windows\system32\E5D5.tmp 2009-10-09 14:28 195,440 -------- c:\windows\system32\MpSigStub.exe 2009-10-08 00:56 2,367 a--sh--- c:\windows\system32\3B7B.tmp 2009-10-08 00:47 1,519 a--sh--- c:\windows\system32\GroupPolicy000.dat 2009-10-07 19:59 2,421,760 a------- c:\windows\system32\wucltux.dll 2009-10-07 19:58 87,552 a------- c:\windows\system32\wudriver.dll 2009-10-07 19:58 171,608 a------- c:\windows\system32\wuwebv.dll 2009-10-07 19:58 33,792 a------- c:\windows\system32\wuapp.exe 2009-09-28 23:45 5,702 a---h--- c:\windows\nod32restoretemdono.reg 2009-09-28 23:45 568 a---h--- c:\windows\nod32fixtemdono.reg 2009-09-28 23:38 <DIR> --d----- c:\programdata\ESET 2009-09-28 23:38 <DIR> --d----- c:\program files\ESET 2009-09-28 22:53 <DIR> --d----- c:\users\poonani\appdata\roaming\CleanMyPC Software 2009-09-28 22:53 <DIR> --d----- c:\program files\CleanMyPC 2009-09-28 22:49 <DIR> --d----- c:\program files\Trend Micro 2009-09-25 15:30 261,480 a------- c:\windows\system32\xactengine2_7.dll 2009-09-25 15:30 3,495,784 a------- c:\windows\system32\d3dx9_33.dll 2009-09-25 15:30 255,848 a------- c:\windows\system32\xactengine2_6.dll 2009-09-25 15:30 15,128 a------- c:\windows\system32\x3daudio1_1.dll 2009-09-25 15:26 118,520 a------- c:\windows\system32\PxInsI64.exe 2009-09-25 15:26 115,960 a------- c:\windows\system32\PxCpyI64.exe 2009-09-25 15:24 <DIR> --d----- c:\programdata\Sony Corporation 2009-09-25 15:24 <DIR> --d----- c:\progra~2\Sony Corporation 2009-09-24 21:03 0 a------- c:\windows\system32\164C.tmp 2009-09-24 21:03 0 a------- c:\windows\system32\160D.tmp 2009-09-22 18:32 <DIR> --d----- c:\programdata\Spybot - Search & Destroy 2009-09-22 18:32 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-09-22 18:32 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy 2009-09-22 02:19 <DIR> --d----- c:\program files\Audacity 2009-09-21 19:25 0 a------- c:\windows\system32\A442.tmp 2009-09-21 19:25 0 a------- c:\windows\system32\A412.tmp 2009-09-20 21:37 17,971 a------- c:\windows\GnuHashes.ini 2009-09-20 21:30 1,372 a------- c:\windows\system32\ds75Jx8Jztkx1SF.vbs 2009-09-20 21:29 121,856 a------- c:\windows\system32\dmvdsitf32.dll 2009-09-20 21:29 1,372 a------- c:\windows\system32\SKGpxWURaMPUv.vbs 2009-09-20 20:51 <DIR> --d----- c:\program files\Lame for Audacity ==================== Find3M ==================== 2009-10-16 18:17 312,511 a------- c:\programdata\nvModes.dat 2009-10-16 18:17 312,511 a------- c:\progra~2\nvModes.dat 2009-10-16 17:53 1,814 a------- c:\windows\bthservsdp.dat 2009-10-09 14:29 143,360 a------- c:\windows\inf\infstrng.dat 2009-10-09 14:29 51,200 a------- c:\windows\inf\infpub.dat 2009-10-09 14:29 86,016 a------- c:\windows\inf\infstor.dat 2009-09-14 20:44 144,896 a------- c:\windows\system32\drivers\srv2.sys 2009-09-13 04:12 185,152 a---h--- c:\windows\system32\mlfcache.dat 2009-09-11 04:30 213,504 a------- c:\windows\system32\msv1_0.dll 2009-09-04 23:24 61,440 a------- c:\windows\system32\msasn1.dll 2009-09-02 03:09 176,128 a------- c:\windows\system32\drivers\Rtlh86.sys 2009-09-01 00:55 293,376 a------- c:\windows\system32\psisdecd.dll 2009-09-01 00:55 428,544 a------- c:\windows\system32\EncDec.dll 2009-08-28 23:39 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-08-28 23:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 23:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 23:38 541,696 a------- c:\windows\apppatch\AcLayers.dll 2009-08-28 23:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-28 21:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-27 16:22 916,480 a------- c:\windows\system32\wininet.dll 2009-08-27 16:17 109,056 a------- c:\windows\system32\iesysprep.dll 2009-08-27 14:42 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-08-21 20:24 66,592 a------- c:\windows\system32\drivers\nvhda32v.sys 2009-08-21 20:23 57,344 a------- c:\windows\system32\nvapo32v.dll 2009-08-21 20:23 19,456 a------- c:\windows\system32\nvhdap32.dll 2009-08-20 19:18 155,648 a------- c:\windows\system32\nvcohda.dll 2009-08-20 19:18 485,920 a------- c:\windows\system32\NVUNINST.EXE 2009-08-20 19:18 485,920 a------- c:\windows\system32\nvuhda.exe 2009-08-15 03:29 104,960 a------- c:\windows\system32\netiohlp.dll 2009-08-15 03:29 17,920 a------- c:\windows\system32\netevent.dll 2009-08-15 01:16 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-08-15 01:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-08-15 01:16 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-08-15 01:16 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-08-15 01:16 19,968 a------- c:\windows\system32\ARP.EXE 2009-08-15 01:16 10,240 a------- c:\windows\system32\finger.exe 2009-08-15 01:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-08-07 20:51 15,308,424 a------- c:\windows\system32\xlive.dll 2009-08-07 20:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll 2009-08-06 01:22 3,597,896 a------- c:\windows\system32\ntkrnlpa.exe 2009-08-06 01:22 3,546,184 a------- c:\windows\system32\ntoskrnl.exe 2009-07-22 10:24 94,208 a------- c:\windows\system32\RTNUninst32.dll 2009-07-21 23:33 3,600,384 a------- c:\windows\system32\stlang.dll 2009-07-21 23:33 915,456 a------- c:\windows\system32\stapo.dll 2009-07-21 23:33 536,576 a------- c:\windows\system32\idtmini1.exe 2009-07-21 23:33 490,496 a------- c:\windows\system32\stapi32.dll 2009-07-21 23:33 458,844 a------- c:\windows\sttray.exe 2009-07-21 23:33 405,504 a------- c:\windows\system32\stcplx.dll 2009-07-21 23:33 175,616 a------- c:\windows\system32\staco.dll 2009-05-02 05:24 22,328 a------- c:\users\poonani\appdata\roaming\PnkBstrK.sys 2008-09-16 23:48 665,600 a------- c:\windows\inf\drvindex.dat 2008-01-21 13:43 174 a--sh--- c:\program files\desktop.ini 2006-11-02 23:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 23:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 23:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 23:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 20:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 20:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 20:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 20:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2009-06-02 02:25 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-06-02 02:25 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-06-02 02:25 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat 2008-09-18 01:34 22 a--sh--- c:\windows\sminst\HPCD.sys ============= FINISH: 18:23:58.39 =============== Last edited by malwhere; 10-16-2009 at 03:11 AM. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-18-2009, 02:36 PM
|
#2 (permalink) | |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,609
OS: XP SP3
|
Re: yet another Malware attack.
Quote:
Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore. If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer. Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications. Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine. In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software. ------------------------------------------------------ |
|
|
|
|
|
| Thread Tools | |
|
|
