Jasper80

Hi

My computer is running very slow. I had to reload windows from the recovery disks that I created and I was suprised to find it contained spyware. I only know this because I accidently come across something strange in system diagnotic. There was a start up file called "recinfo" and when i looked at the registry entry, it said recinfo599. I have since deleted the registry for this and the recinfo folder.

I then did a zonealarm scan and it found a spyware program called "Win32 Downloader.small.aawj. It was found in folder "c:\x86\boot. There are 5 other files in that folder, which are bcd, boot.sdi, bootfix.bin, etfsboot and memtest. There are 2 additional folders in their as well, called en-us and fonts. All the time I wasn't connected to the internet when this happened.

Then i went on the net and downloaded HijackThis. When I did the scan, it found an entry in the drivers-etc folder called "q1 - Hosts::1 Localhost" I have deleted this file but there are other files in this folder i'm unsure of, such as Hosts, Lmhosts.sam, Networks, Protocol and Services.

I then looked in appdata-local-temp folder and I found a lot of ~DF.tmp. I have done net searches on these files and a lot of them are mentioned in hijackthis forums. I haven't deleted any of them yet, as i'm unsure if they are spyware.

Also I found a folder in (C) drive called "$Recycle.Bin" which has 2 folders called "S-1-5-21-2152478756-3922319563-605102323-500" "S-1-5-21-2663419850-2949383644-2358543230-500" and a recycle bin icon. There is also a folder in (D) drive called "$Recycle.Bin" and a recycle bin icon. I have done searches on these files and it comes up as a virus. I haven't deleted these files, as zonealarm didn't detect them as viruses.

Another problem is my (D) drive. Even though the drive says there is 31.8 GB free space available, there is 90.5mb used space. There is nothing in that drive to cause used space.

Also when windows starts, it says some programs are blocked on startup. The program it has blocked is system configuartion utility.

Thank you in advance for your help. I have done the scans you have recommended and I have posted the DSS scan below.



DDS (Ver_09-10-26.01) - NTFSx86
Run by CPU at 22:51:23.99 on 03/11/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1014.245 [GMT 0:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
SP: ZoneAlarm Security Suite Anti-Spyware *enabled* (Updated) {F245A209-1085-48B4-B927-35D56015EC60}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\CPU\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [Skytel] Skytel.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-11-3 21504]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-12-25 131616]

=============== Created Last 30 ================

2009-11-03 12:43:43 0 d-----w- c:\program files\Windows Portable Devices
2009-11-03 12:39:21 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-03 12:31:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-03 12:30:59 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-03 12:30:59 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-03 12:28:30 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-03 12:26:37 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-03 12:26:35 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-03 12:26:35 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-03 1247 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-11-03 11:48:21 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-11-03 11:48:20 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-11-03 11:41:56 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-03 11:41:55 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-11-03 11:41:54 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-11-03 11:41:54 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-11-03 11:41:53 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-03 11:40:52 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-11-03 11:40:51 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-11-03 11:40:50 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-11-03 11:40:50 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-11-03 11:40:50 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-11-03 11:40:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-11-03 11:40:49 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-11-03 11:40:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-11-03 11:40:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-11-03 11:40:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-11-03 11:40:48 17920 ----a-w- c:\windows\system32\netevent.dll
2009-11-03 11:38:03 2868224 ----a-w- c:\windows\system32\mf.dll
2009-11-03 11:37:56 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-03 11:37:48 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-11-03 11:37:43 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-11-03 11:37:31 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-11-03 11:37:26 623616 ----a-w- c:\windows\system32\localspl.dll
2009-11-03 11:37:21 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-11-03 11:37:21 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-11-03 11:37:21 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-11-03 11:37:20 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-11-03 11:37:20 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-11-03 11:37:20 2501921 ----a-w- c:\windows\system32\wlan.tmf
2009-11-03 11:37:14 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-11-03 11:36:09 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-03 11:34:30 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-11-03 11:34:30 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-11-03 11:34:29 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-11-03 11:34:29 23552 ----a-w- c:\windows\system32\lpk.dll
2009-11-03 11:34:29 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-11-03 11:34:22 71680 ----a-w- c:\windows\system32\atl.dll
2009-11-03 11:34:15 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-03 11:34:15 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-03 11:32:18 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-11-03 11:32:12 43520 ----a-w- c:\windows\system32\msdxm.tlb
2009-11-03 11:32:12 18432 ----a-w- c:\windows\system32\amcompat.tlb
2009-11-03 11:32:03 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-11-03 11:32:03 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-11-03 11:32:02 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-11-03 11:32:02 270848 ----a-w- c:\windows\system32\schannel.dll
2009-11-03 11:32:01 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-11-03 11:32:00 9728 ----a-w- c:\windows\system32\lsass.exe
2009-11-03 11:32:00 72704 ----a-w- c:\windows\system32\secur32.dll
2009-11-03 11:31:42 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-11-03 10:39:05 0 d-----w- c:\users\cpu\appdata\roaming\MailFrontier
2009-11-03 10:37:29 0 d-----w- c:\programdata\Kaspersky SDK
2009-11-03 10:37:12 83768 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-03 10:37:12 7642912 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-03 10:32:34 72584 ----a-w- c:\windows\zllsputility.exe
2009-11-03 10:32:08 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-03 10:32:06 0 d-----w- c:\program files\Zone Labs
2009-11-03 10:31:21 415148 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-11-03 10:31:21 306328 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2009-11-03 10:28:34 0 d-----w- c:\program files\Trend Micro
2009-11-03 08:31:41 0 d-----w- c:\windows\system32\eu-ES
2009-11-03 08:31:41 0 d-----w- c:\windows\system32\ca-ES
2009-11-03 08:31:40 0 d-----w- c:\windows\system32\vi-VN
2009-11-03 08:26:53 0 d-----w- c:\windows\system32\SPReview
2009-11-03 08:02:06 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-11-03 08:01:46 57856 ----a-w- c:\windows\system32\compcln.exe
2009-11-03 07:58:53 93696 ----a-w- c:\windows\system32\eappgnui.dll
2009-11-03 07:57:59 218624 ----a-w- c:\windows\system32\mscandui.dll
2009-11-03 07:53:24 0 d-----w- c:\windows\system32\EventProviders
2009-11-03 07:26:04 0 d-----w- C:\PerfLogs
2009-11-03 06:28:14 193024 ----a-w- c:\windows\system32\recdisc.exe
2009-11-03 06:28:09 6656 ----a-w- c:\windows\system32\sdspres.dll
2009-11-03 06:27:07 28160 ----a-w- c:\windows\system32\sxproxy.dll
2009-11-03 06:24:58 62464 ----a-w- c:\windows\system32\pnrpnsp.dll
2009-11-03 06:23:53 705536 ----a-w- c:\windows\system32\imagesp1.dll
2009-11-03 06:22:59 70656 ----a-w- c:\windows\system32\wbem\WMIPJOBJ.dll
2009-11-03 06:17:24 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-11-03 06:12:54 49152 ----a-w- c:\windows\SPInstall.etl
2009-11-03 05:21:18 9 ----a-w- C:\DVD.TAG
2009-11-03 03:26:56 0 ----a-w- C:\rollback.ini
2009-11-02 23:24:30 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-11-02 23:19:45 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-02 22:46:37 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-11-02 22:45:41 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-02 22:45:40 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-11-02 21:51:43 0 d-----w- c:\programdata\MailFrontier
2009-11-02 21:50:38 0 d-----w- c:\windows\system32\ZoneLabs
2009-11-02 21:49:40 0 d-----w- c:\programdata\CheckPoint
2009-11-02 21:49:01 0 d-----w- c:\windows\Internet Logs
2009-11-02 21:38:16 0 d-----w- c:\programdata\fsc-reg
2009-11-02 21:38:05 0 d-----w- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-11-02 21:37:55 0 d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites

==================== Find3M ====================

2009-11-03 12:43:21 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-03 12:43:21 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-03 12:43:20 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-03 12:43:20 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-03 08:20:38 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-03 07:42:28 174 --sha-w- c:\program files\desktop.ini
2009-11-03 07:07:21 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-11-03 07:07:06 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 22:53:03.05 ===============

Attached Files

Attach.zip (2.5 KB, 2 views)