(Yet Another) Vundo!grb infection - need some help

yonderwanderer · 04-28-2009, 07:53 PM

Seems to be standard vundo behavior. Popping up random ads. Likely doing other things I can't see. Below is the DDS log. Attached are the other too logs. Thanks!

DDS (Ver_09-03-16.01) - NTFSx86
Run by David at 11:46:47.24 on Tue 04/28/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.695 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Documents and Settings\Bill\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Bill\Desktop\etoolz\eToolz.exe
C:\Documents and Settings\Bill\Desktop\gmer.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Bill\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Download Manager Browser Helper Object: {19c8e43b-07b3-49cb-bffc-6777b593e6f8} - c:\progra~1\common~1\fluxdvd\downlo~1\XEBDLH~1.DLL
BHO: {1dc1a87e-b988-4715-9311-fb5930020ee6} - c:\windows\system32\bebogoha.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe"
uRun: [Aim6]
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
mRun: [ASUS Probe] c:\program files\asus\asus probe\AsusProb.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [<NO NAME>]
mRun: [Norton Ghost 9.0] c:\program files\symantec\norton ghost\agent\GhostTray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [HPLJ Config] c:\program files\hewlett-packard\hp color laserjet 2550 series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp color LaserJet 2550 PCL 6" -n 1 -l 1033 -sl 120000
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CinemaNowMediaManagerApp]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [realtehs] "c:\documents and settings\bill\application data\google\vgwsn871850.exe" 2
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [huwetujimo] Rundll32.exe "c:\windows\system32\kewazami.dll",s
mRun: [b0b275be] rundll32.exe "c:\windows\system32\bamimiya.dll",b
mRun: [CPMb3814622] Rundll32.exe "c:\windows\system32\pagadene.dll",a
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\bill\startm~1\programs\startup\mlbtvn~1.lnk - c:\documents and settings\bill\local settings\application data\autobahn\mlb-nexdef-autobahn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=27986
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
TCP: {A2828A0C-9398-4920-84ED-CAAED70A9685} = 68.87.85.98,68.87.69.146
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\hanobara.dll c:\windows\system32\pagadene.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pagadene.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\pagadene.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Notification Packages = scecli c:\windows\system32\hanobara.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bill\applic~1\mozilla\firefox\profiles\xidydojn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?rls=ig&hl=en&source=iglk
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\bill\application data\mozilla\firefox\profiles\xidydojn.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\documents and settings\bill\application data\mozilla\firefox\profiles\xidydojn.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\program files\common files\fluxdvd\apix\NPAPIX.dll
FF - plugin: c:\program files\common files\fluxdvd\browserintegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2004-7-19 26112]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-12 64160]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 214024]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-25 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-25 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-25 144704]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2007-4-10 16168]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-22 24652]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-28 38496]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-25 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-1 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-1 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-1 34216]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-1 40552]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [2006-8-25 14976]

=============== Created Last 30 ================

2009-04-28 03:40 <DIR> --d----- c:\program files\Trend Micro
2009-04-28 03:36 <DIR> --d----- c:\docume~1\bill\applic~1\Malwarebytes
2009-04-28 03:36 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-28 03:36 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-28 03:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-28 03:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-18 20:04 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-17 16:22 1,693,696 a------- c:\windows\system32\ltclr13n.dll
2009-04-17 16:22 453,120 a------- c:\windows\system32\ltkrn13n.dll
2009-04-17 16:22 445,440 a------- c:\windows\system32\ltimg13n.dll
2009-04-17 16:22 388,608 a------- c:\windows\system32\lfcmp13n.dll
2009-04-17 16:22 265,216 a------- c:\windows\system32\ltdis13n.dll
2009-04-17 16:22 246,272 a------- c:\windows\system32\lfj2k13n.dll
2009-04-17 16:22 206,848 a------- c:\windows\system32\ltefx13n.dll
2009-04-17 16:22 189,976 a------- c:\windows\system32\mfimgvwr.ocx
2009-04-17 16:22 154,112 a------- c:\windows\system32\ltfil13n.dll
2009-04-17 16:22 142,848 a------- c:\windows\system32\lftif13n.dll
2009-04-17 16:22 90,112 a------- c:\windows\system32\lfjbg13n.dll
2009-04-17 16:22 73,728 a------- c:\windows\system32\lffax13n.dll
2009-04-17 16:21 <DIR> --d----- c:\program files\MFInstall
2009-04-14 21:08 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-14 21:08 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-14 21:08 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-14 21:08 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-14 21:08 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 21:08 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 21:08 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 21:08 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-14 21:08 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-14 21:05 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-14 21:05 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 21:05 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-13 16:03 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-12 23:13 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-12 23:08 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-12 23:08 <DIR> --d----- c:\program files\Lavasoft
2009-04-09 17:32 <DIR> --d----- c:\program files\iPod
2009-04-09 17:32 <DIR> --d----- c:\program files\iTunes
2009-04-09 17:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-04 12:46 <DIR> --d----- c:\documents and settings\bill\.autobahn
2009-04-04 12:45 <DIR> --d----- c:\documents and settings\bill\Swarmcast
2009-04-03 13:50 36,864 a------- C:\nphssb.dll
2009-04-03 13:50 247 a------- C:\nphssb.xpt

==================== Find3M ====================

2009-04-28 02:53 105,984 a--sh--- c:\windows\system32\pagadene.dll
2009-04-28 02:53 97,792 a--sh--- c:\windows\system32\bamimiya.dll
2009-04-28 02:53 61,952 a--sh--- c:\windows\system32\tinojiti.exe
2009-03-25 11:06 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 11:06 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 11:06 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 11:05 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 08:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-05 23:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-02-20 13:26 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-20 02:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 02:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 06:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 06:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 06:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 06:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 05:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 05:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 05:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 04:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 04:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 13:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-01 00:59 53,294 ac------ c:\windows\Sysvxd.exe
2005-09-20 10:05 456,768 ac------ c:\windows\inf\wg311t\WG311T13.sys
2004-10-19 18:58 35,232 ac------ c:\windows\inf\wg311t\ME_INST.EXE
2004-10-19 18:58 26,112 ac------ c:\windows\inf\wg311t\install.exe

============= FINISH: 11:58:14.52 ===============

tetonbob · 04-30-2009, 07:57 AM

Hello -

From our preposting topic:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Quote:

NOTE: We are aware that users sometimes seek help from several Forums at the same time. Unfortunately, this can cause confusion and actually wastes time and resources - yours, ours and other Volunteers across the community. If you have already posted at another Forum, please advise us, or them, and choose just one.

The polite thing to have done after receiving help at the other forum would have been to post here stating help was no longer required.

Since you've already been receiving help elsewhere, this thread is closed.