twex.exe trojan

[artemisaangel]

I believe I have some sort of virus or trojan because of a twex.exe but didn't want to do anything on my own of course. I do not think it has gotten too serious. My avast! antivirus notified me this evening when I first opened firefox, stating a calc.dll was infected with a virus and suggested I move it to quarantine. It was unable to delete or quarantine it, so I did a reboot-scan instead, which got rid of two .dll files: calc.dll and ntuser.dll

So far, I have not noticed any other effects on the computer from being infected.

Below is my DDS.txt and attached are the Attach.txt and ark.txt


DDS (Ver_09-09-29.01) - NTFSx86
Run by Rissa at 2:37:58.96 on 09/10/11
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1665 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\twex.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Gatehead\Vista Volume Indicator\VolumeIndicator.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rissa\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [Google Update] "c:\users\rissa\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [calc] rundll32.exe c:\users\rissa\ntuser.dll,_IWMPEvents@0
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
StartupFolder: c:\users\rissa\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\rissa\appdata\roaming\micros~1\windows\startm~1\programs\startup\scandisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\users\rissa\appdata\roaming\micros~1\windows\startm~1\programs\startup\twhirl.lnk - c:\program files\twhirl\twhirl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vistav~1.lnk - c:\windows\installer\{e981102f-00eb-4200-ad84-98e91c304286}\_E32057A43D7186363B63CA.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli DPPWDFLT

================= FIREFOX ===================

FF - ProfilePath - c:\users\rissa\appdata\roaming\mozilla\firefox\profiles\g6komcj1.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - plugin: c:\program files\mozilla firefox\plugins\NPGomtvx_nie.dll
FF - plugin: c:\users\rissa\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\rissa\appdata\roaming\mozilla\firefox\profiles\g6komcj1.default\extensions\npnami@npnami.com\plugins\npnami.dll
FF - plugin: c:\users\rissa\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-15 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-15 114768]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_827e372d\AEstSrv.exe [2009-3-2 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-15 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-15 53328]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-15 1153368]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-3-26 599344]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-9-15 239160]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-15 112128]
S2 tuEaglesService;tuEagles Service;c:\program files\tueagles\eglsrv.exe --> c:\program files\tueagles\EglSrv.exe [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-9-15 100184]

=============== Created Last 30 ================

2009-10-10 15:00 <DIR> --dsh--- c:\windows\system32\twain32
2009-10-10 12:49 <DIR> --d----- c:\program files\Wakan
2009-10-10 00:33 <DIR> --d----- c:\program files\IrfanView
2009-10-09 14:53 <DIR> --d----- c:\program files\FormatFactory
2009-10-09 14:53 <DIR> --d----- c:\program files\Format Factory
2009-10-09 13:26 <DIR> --d----- c:\program files\AllToAVI
2009-10-09 08:37 <DIR> --d----- c:\windows\system32\crc
2009-10-09 03:24 195 a------- c:\windows\system32\fscflist.ini.tmp
2009-10-09 03:19 7,421,964 a------- c:\windows\system32\agentfile.che
2009-10-09 03:17 77,824 a------- c:\windows\system32\nod.dll
2009-10-09 03:17 0 a------- c:\windows\system32\PDBOXGame.html
2009-10-09 03:17 195 a------- c:\windows\system32\fscflist.ini
2009-10-09 03:17 77 a------- c:\windows\system32\fscagent.ini.tmp
2009-10-09 03:17 79 a------- c:\windows\system32\fscagent.ini
2009-10-09 03:13 50 a------- c:\windows\system32\Clubbox ÆÄÀÏÀü¼Û°ü¸®ÀÚ.url
2009-10-08 23:09 33,846 a------- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2009-10-08 23:09 36,093 a------- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-10-08 23:08 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-07 10:05 15,688 a------- c:\windows\system32\lsdelete.exe
2009-10-05 14:10 <DIR> --d----- c:\programdata\WindowsSearch
2009-10-04 14:17 <DIR> --d-h--- c:\users\rissa\.thumbnails
2009-10-04 14:15 <DIR> --d-h--- c:\users\rissa\.gimp-2.6
2009-10-04 14:15 <DIR> --d----- c:\program files\GIMP-2.0
2009-10-04 03:40 <DIR> --d----- C:\Download
2009-10-04 03:40 <DIR> --d----- c:\programdata\Grid
2009-10-04 03:40 <DIR> --d----- c:\progra~2\Grid
2009-10-03 02:00 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-10-03 01:59 <DIR> --d----- c:\program files\DivX
2009-10-03 01:59 <DIR> --d----- c:\program files\common files\DivX Shared
2009-09-29 18:02 <DIR> --d----- c:\program files\Audacity
2009-09-29 17:44 <DIR> --d----- c:\users\rissa\appdata\roaming\dBpoweramp
2009-09-27 10:24 <DIR> --d----- c:\programdata\Nitro PDF
2009-09-27 10:24 <DIR> --d----- c:\program files\Nitro PDF
2009-09-27 10:24 <DIR> --d----- c:\program files\common files\Nitro PDF
2009-09-27 10:24 <DIR> --d----- c:\program files\common files\BCL Technologies
2009-09-27 00:56 <DIR> --d----- c:\program files\iPod
2009-09-27 00:15 <DIR> --d----- c:\program files\MSXML 4.0
2009-09-25 00:47 167,536 a---h--- c:\windows\system32\mlfcache.dat
2009-09-23 15:24 <DIR> --d----- c:\program files\CDisplay
2009-09-23 10:23 <DIR> --d----- c:\users\rissa\appdata\roaming\HpUpdate
2009-09-23 10:23 <DIR> --d----- c:\windows\Hewlett-Packard
2009-09-22 12:27 <DIR> --d----- c:\program files\common files\HP
2009-09-22 12:27 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-09-22 12:26 <DIR> --d----- c:\programdata\Hewlett-Packard
2009-09-22 12:25 118,272 a------- c:\windows\system32\hpz3l5mu.dll
2009-09-22 12:23 163,161 a------- c:\windows\hpoins29.dat
2009-09-22 12:23 799 -------- c:\windows\hpomdl29.dat
2009-09-22 12:23 <DIR> --d----- c:\programdata\HP
2009-09-22 12:23 271,704 a------- c:\windows\system32\hpzids01.dll
2009-09-22 12:23 729,088 a------- c:\windows\system32\hpowiax8.dll
2009-09-22 12:23 372,736 a------- c:\windows\system32\hppldcoi.dll
2009-09-22 12:23 303,104 a------- c:\windows\system32\hpovst14.dll
2009-09-22 12:23 970,752 a------- c:\windows\system32\hpotiop6.dll
2009-09-21 12:26 <DIR> --d----- c:\program files\GRETECH
2009-09-21 03:17 <DIR> --d----- c:\program files\KBS Kong v3
2009-09-21 03:17 <DIR> --d----- c:\windows\Downloaded Installations
2009-09-20 02:45 <DIR> --d----- c:\users\rissa\appdata\roaming\uTorrent
2009-09-19 11:35 <DIR> --d----- c:\program files\iTunes
2009-09-19 03:35 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-19 03:35 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-19 03:35 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-19 03:35 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-19 03:34 <DIR> --d----- c:\program files\Bonjour
2009-09-19 03:32 <DIR> --d----- c:\programdata\Apple
2009-09-19 02:34 <DIR> --d----- c:\users\rissa\appdata\roaming\FFSJ
2009-09-18 16:52 <DIR> --d----- c:\programdata\WildTangent
2009-09-18 16:52 <DIR> --d----- c:\progra~2\WildTangent
2009-09-18 16:52 <DIR> --d----- c:\program files\WildGames
2009-09-18 13:28 99,864 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-09-18 13:15 <DIR> --d-h--- c:\users\rissa\Office Genuine Advantage
2009-09-17 11:45 <DIR> --d----- c:\users\rissa\appdata\roaming\Auslogics
2009-09-16 19:15 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-09-16 19:00 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-16 00:45 32,656 a------- c:\windows\system32\msonpmon.dll
2009-09-16 00:39 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-09-16 00:38 <DIR> --d----- c:\programdata\Microsoft Help
2009-09-16 00:19 9,522 a------- c:\windows\Retafte.bmp
2009-09-15 23:59 <DIR> --d----- c:\users\rissa\appdata\roaming\Mp3tag
2009-09-15 17:13 <DIR> --d----- c:\programdata\Messenger Plus!
2009-09-15 17:13 <DIR> --d----- c:\progra~2\Messenger Plus!
2009-09-15 16:36 <DIR> --d----- c:\users\rissa\appdata\roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2009-09-15 16:36 <DIR> --d----- c:\program files\twhirl
2009-09-15 14:13 <DIR> --d----- c:\program files\Combined Community Codec Pack
2009-09-15 13:30 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-09-15 13:29 <DIR> --d----- c:\program files\Messenger Plus! Live
2009-09-15 13:28 <DIR> --d----- c:\program files\Real Alternative
2009-09-15 13:24 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-09-15 13:24 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-15 13:24 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-09-15 13:22 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-09-15 13:21 <DIR> --d--r-- c:\program files\Skype
2009-09-15 13:21 <DIR> --d----- c:\programdata\Skype
2009-09-15 13:20 <DIR> --d-h--- c:\users\rissa\.rainlendar2
2009-09-15 13:20 <DIR> --d----- c:\program files\Rainlendar2
2009-09-15 13:20 <DIR> --d----- c:\program files\Mp3tag
2009-09-15 13:19 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-15 13:18 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-15 13:18 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-15 13:18 <DIR> --d----- c:\programdata\Lavasoft
2009-09-15 13:18 <DIR> --d----- c:\program files\Lavasoft
2009-09-15 13:16 <DIR> --d----- c:\users\rissa\appdata\roaming\Malwarebytes
2009-09-15 13:16 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-15 13:16 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-15 13:16 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-15 13:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 13:16 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-15 13:15 <DIR> --d----- c:\program files\File Shredder
2009-09-15 13:14 131,072 a------- c:\windows\system32\SpoonUninstall.exe
2009-09-15 13:14 <DIR> --d----- c:\users\rissa\appdata\roaming\AccurateRip
2009-09-15 13:14 <DIR> --d----- c:\program files\dBpoweramp
2009-09-15 13:13 <DIR> --d----- c:\windows\system32\directx
2009-09-15 13:13 <DIR> --d----- c:\program files\CCleaner
2009-09-15 13:12 <DIR> --d----- c:\program files\Auslogics
2009-09-15 12:53 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-09-15 12:53 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-15 11:03 2,048 a------- c:\windows\system32\tzres.dll
2009-09-15 10:48 72,704 a------- c:\windows\system32\admparse.dll
2009-09-15 05:26 106,605 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-09-15 05:14 622,080 a------- c:\windows\system32\icardagt.exe
2009-09-15 05:14 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-15 05:14 97,800 a------- c:\windows\system32\infocardapi.dll
2009-09-15 05:14 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-09-15 05:14 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-09-15 05:14 11,264 a------- c:\windows\system32\icardres.dll
2009-09-15 05:14 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-09-15 05:14 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-09-15 05:09 96,760 a------- c:\windows\system32\dfshim.dll
2009-09-15 05:09 282,112 a------- c:\windows\system32\mscoree.dll
2009-09-15 05:09 41,984 a------- c:\windows\system32\netfxperf.dll
2009-09-15 05:09 158,720 a------- c:\windows\system32\mscorier.dll
2009-09-15 05:09 83,968 a------- c:\windows\system32\mscories.dll
2009-09-15 05:08 71,680 a------- c:\windows\system32\atl.dll
2009-09-15 05:08 988,216 a------- c:\windows\system32\winload.exe
2009-09-15 05:08 927,288 a------- c:\windows\system32\winresume.exe
2009-09-15 05:08 615,992 a------- c:\windows\system32\ci.dll
2009-09-15 05:08 19,000 a------- c:\windows\system32\kd1394.dll
2009-09-15 05:08 378,368 a------- c:\windows\system32\srcore.dll
2009-09-15 05:08 318,464 a------- c:\windows\system32\rstrui.exe
2009-09-15 05:08 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-09-15 05:08 40,960 a------- c:\windows\system32\srclient.dll
2009-09-15 05:08 14,848 a------- c:\windows\system32\srdelayed.exe
2009-09-15 05:08 6,656 a------- c:\windows\system32\kbd106n.dll
2009-09-15 05:06 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-09-15 05:05 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-09-15 05:03 1,314,816 a------- c:\windows\system32\quartz.dll
2009-09-15 04:58 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-09-15 04:58 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-09-15 04:55 <DIR> --d----- c:\programdata\Last.fm
2009-09-15 04:55 <DIR> --d----- c:\progra~2\Last.fm
2009-09-15 04:55 <DIR> --d----- c:\program files\Last.fm
2009-09-15 04:50 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 04:50 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 04:50 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-09-15 04:50 83,456 a------- c:\windows\system32\wudriver.dll
2009-09-15 04:49 <DIR> --d----- c:\programdata\Apple Computer
2009-09-15 04:49 162,064 a------- c:\windows\system32\wuwebv.dll
2009-09-15 04:49 31,232 a------- c:\windows\system32\wuapp.exe
2009-09-15 04:17 <DIR> --d-h--- c:\users\rissa\Tracing
2009-09-15 04:16 <DIR> --d----- c:\program files\Gatehead
2009-09-15 04:07 <DIR> --d----- c:\program files\Microsoft
2009-09-15 04:07 <DIR> --d----- c:\users\rissa\appdata\roaming\hpqLog
2009-09-15 04:07 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-09-15 04:06 <DIR> --d----- c:\windows\PCHEALTH
2009-09-15 04:04 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-09-15 04:04 <DIR> --d----- c:\program files\Validity Sensors, Inc
2009-09-15 04:03 <DIR> --d----- c:\program files\common files\Windows Live
2009-09-15 02:17 <DIR> --d----- c:\windows\system32\Adobe
2009-09-15 02:05 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-09-15 02:04 1,419,232 a------- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2009-09-15 02:04 16,768 a------- c:\windows\system32\drivers\HpqKbFiltr.sys
2009-09-15 02:04 1,885,488 a------- c:\windows\system32\BttnCmns.dll
2009-09-15 02:04 1,885,488 a------- c:\windows\system32\BttnCmn.dll
2009-09-15 01:33 <DIR> --d----- c:\programdata\Temp
2009-09-15 01:16 <DIR> --d----- c:\program files\HP
2009-09-15 01:13 <DIR> --d----- C:\swsetup
2009-09-15 01:08 873,310 a------- c:\windows\system32\oem15.inf
2009-09-15 01:08 <DIR> --d----- c:\windows\system32\no-NO
2009-09-15 01:08 6,656 a------- c:\windows\system32\bcmwlrc.dll
2009-09-15 01:08 3,809,280 a------- c:\windows\system32\bcmihvsrv.dll
2009-09-15 01:08 3,502,080 a------- c:\windows\system32\bcmihvui.dll
2009-09-15 01:08 1,331,192 a------- c:\windows\system32\drivers\BCMWL6.SYS
2009-09-15 01:08 87,280 a------- c:\windows\system32\bcmwlcoi.dll
2009-09-15 01:08 <DIR> --d----- c:\program files\Broadcom
2009-09-15 01:03 16,076 a------- c:\windows\system32\results.xml
2009-09-15 00:49 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-09-15 00:49 <DIR> --d----- c:\program files\Apoint2K
2009-09-15 00:48 166,448 a------- c:\windows\system32\drivers\Apfiltr.sys
2009-09-15 00:48 100,546 a------- c:\windows\system32\Vxdif.dll
2009-09-15 00:46 <DIR> --d----- c:\windows\system32\HPMDP
2009-09-15 00:45 <DIR> --d----- c:\program files\Realtek Corporation
2009-09-15 00:43 32 a------- c:\windows\Setuplog.ini
2009-09-15 00:36 125 a------- c:\windows\xUninstall.bat
2009-09-15 00:34 100,184 a------- c:\windows\system32\drivers\jmcr.sys
2009-09-15 00:34 110,080 -----r-- c:\windows\system32\JmCrIcon.dll
2009-09-15 00:34 <DIR> --d----- c:\windows\JMCR_DIR
2009-09-15 00:16 <DIR> --d----- c:\windows\Panther
2009-09-15 00:16 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-09-15 00:16 333,203 a--shr-- C:\bootmgr
2009-09-15 00:16 <DIR> --dsh--- C:\Boot
2009-09-14 23:51 53,248 a----r-- c:\windows\system32\CSVer.dll
2009-09-14 23:50 <DIR> --d----- C:\Intel
2009-09-14 23:48 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01005.Wdf
2009-09-14 23:47 <DIR> --d----- c:\users\rissa\appdata\roaming\Macrovision
2009-09-14 23:46 <DIR> --d----- c:\users\rissa\appdata\roaming\DigitalPersona
2009-09-14 23:43 368,640 a------- c:\windows\system32\aestecap.dll
2009-09-14 23:43 142,848 a------- c:\windows\system32\aestacap.dll
2009-09-14 23:43 61,440 a------- c:\windows\system32\aestaren.dll
2009-09-14 23:43 12,021,852 a------- c:\windows\system32\idtcpl.cpl
2009-09-14 23:43 3,567,616 a------- c:\windows\system32\stlang.dll
2009-09-14 23:43 536,576 a------- c:\windows\system32\idtmini1.exe
2009-09-14 23:43 450,652 a------- c:\windows\sttray.exe
2009-09-14 23:43 86,016 a------- c:\windows\system32\AESTCom.dll
2009-09-14 23:43 15,222 a------- c:\windows\system32\nbspkrs.ico
2009-09-14 23:43 3,774 a------- c:\windows\system32\bltinmic.ico
2009-09-14 23:43 3,774 a------- c:\windows\system32\2hps.ico
2009-09-14 23:42 <DIR> --d----- c:\windows\system32\SRSLabs
2009-09-14 23:42 175,104 a------- c:\windows\system32\staco.dll
2009-09-14 23:42 914,432 a------- c:\windows\system32\stapo.dll
2009-09-14 23:42 483,840 a------- c:\windows\system32\stapi32.dll
2009-09-14 23:42 <DIR> --d----- c:\program files\IDT
2009-09-14 23:41 <DIR> --d----- c:\windows\system32\tr
2009-09-14 23:41 <DIR> --d----- c:\windows\system32\sv
2009-09-14 23:41 <DIR> --d----- c:\windows\system32\ru
2009-09-14 23:41 <DIR> --d----- c:\windows\system32\no
2009-09-14 23:41 <DIR> --d----- c:\windows\system32\da
2009-09-14 23:41 <DIR> --d----- c:\windows\system32\ko
2009-09-14 23:41 <DIR> --d----- c:\windows\system32\ja
2009-09-14 23:41 <DIR> --d----- c:\windows\system32\it
2009-09-14 23:41 <DIR> --d----- c:\windows\system32\fr
2009-09-14 23:41 <DIR> --d----- c:\windows\system32\es
2009-09-14 23:41 <DIR> --d----- c:\windows\system32\de
2009-09-14 23:41 <DIR> --d----- c:\windows\DPDrv
2009-09-14 23:41 <DIR> --d----- c:\programdata\Macrovision
2009-09-14 23:41 <DIR> --d----- c:\program files\DigitalPersona
2009-09-14 23:34 <DIR> --d----- c:\programdata\Adobe
2009-09-14 23:34 <DIR> --dsh--- c:\windows\Installer
2009-09-14 23:28 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-14 23:25 <DIR> --d----- c:\users\Rissa

==================== Find3M ====================

2009-10-08 23:33 163,840 a------- c:\windows\system32\downengine.dll
2009-10-08 21:44 2,252,800 a------- c:\windows\system32\clubbox.exe
2009-10-07 03:45 167,936 a------- c:\windows\system32\fscagent.exe
2009-09-22 12:25 86,016 a------- c:\windows\inf\infstrng.dat
2009-09-22 12:25 86,016 a------- c:\windows\inf\infstor.dat
2009-09-22 12:25 51,200 a------- c:\windows\inf\infpub.dat
2009-09-15 11:13 665,600 a------- c:\windows\inf\drvindex.dat
2009-09-09 16:21 644,336 a------- c:\windows\system32\NowUpdate.exe
2009-09-04 17:44 515,416 a------- c:\windows\system32\XAudio2_5.dll
2009-09-04 17:44 238,936 a------- c:\windows\system32\xactengine3_5.dll
2009-09-04 17:44 69,464 a------- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 17:29 453,456 a------- c:\windows\system32\d3dx10_42.dll
2009-09-04 17:29 235,344 a------- c:\windows\system32\d3dx11_42.dll
2009-09-04 17:29 5,501,792 a------- c:\windows\system32\d3dcsx_42.dll
2009-09-04 17:29 1,974,616 a------- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 17:29 1,892,184 a------- c:\windows\system32\D3DX9_42.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 05:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 05:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 05:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 05:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 05:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 03:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-14 10:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 09:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 09:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 07:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 07:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 07:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 07:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 07:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 07:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 07:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-07-28 02:26 45,380 a------- c:\windows\system32\clubboxuninstall.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-21 14:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 14:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 14:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 13:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-14 06:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 05:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 05:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 03:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-13 17:15 90,112 a------- c:\windows\system32\dpl100.dll
2009-07-13 17:15 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-07-13 17:15 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-07-13 17:15 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-07-13 17:15 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-07-13 17:15 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-07-13 17:15 685,056 a------- c:\windows\system32\DivX.dll
2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 2:38:23.95 ===============

[artemisaangel]

bump.

[Blade81]

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

[artemisaangel]

I have everything needed to reinstall the computer; please tell me what to do next.

[Blade81]

Hi,

Tutorial for clean Vista install can be found here. If you need further help with reinstall you may open a topic on the Windows Vista/Windows 7 Support area of the forum.

[artemisaangel]

after i do a reinstall; is there still a need to do anything further to kill the virus, other than just the antivirus/anti-spyware software i have on my computer?

[Blade81]

Reinstall will leave you with a fresh Vista installation. That means there won't be infection anymore but you have to install all your applications again.

[tetonbob]

Since this issue appears to be resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help