Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page At least Win 32.BHO Trojan
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 10-27-2009, 05:59 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 2
OS: Vista 64 Professional


At least Win 32.BHO Trojan
Good day,

I learned a very hard lesson about P2P networks. Lesson learned, programs removed, never to be repeated. I was getting a general slow down on my PC with browser redirects to everything from Red Lobster to nasty women doing awful things down on the farm. After running several anti-spy-ware, anti-virus tools, Ad-Aware picked up Win32 Trojan.BHO but no browser hijackers. Problem seems to be solved, but want to make sure before I changed my banking passwords and get new cards. I've learn my lesson and from now on this would be devil is a saint. I do have the original Vista disk.

I am not worthy of your help, but if you would I would be so glad.

DDS (Ver_09-10-26.01) - NTFSX64
Run by BillTheSlink at 18:40:45.85 on Tue 10/27/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6134.4018 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files (x86)\ASUS\AASP\1.00.77\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Eraser\Eraser.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Live365\Radio365\Radio365TrayAgent.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\KBStatusLED.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Brownie\BrStsW64.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbkcoms.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\BillTheSlink\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://broadband.zoomtown.com
mStart Page = hxxp://broadband.zoomtown.com
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: precisead: {44b48c89-af6c-7dcc-4da0-299b20dc417a} - c:\windows\syswow64\nswC6D1.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Eraser] c:\program files\eraser\eraser.exe -hide
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [<NO NAME>]
uRun: [Radio365Agent] c:\progra~2\live365\radio365\Radio365TrayAgent.exe
mRun: [KBStatusLED1] c:\windows\KBStatusLED.exe
mRun: [AVG8_TRAY] c:\progra~2\avg\avg8\avgtray.exe
mRun: [PWRISOVM.EXE] "c:\program files (x86)\poweriso\PWRISOVM.EXE"
mRun: [BrStsWnd] "c:\program files (x86)\brownie\BrstsW64.exe" Autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: BitChe It! - c:\program files (x86)\bitcheit\bc.hta
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
TCP: {05C6B56B-2C9E-4ADC-8D28-CDD1C26F6202} = 216.68.4.10
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun-x64: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun-x64: [SoundMAX] "c:\program files (x86)\analog devices\soundmax\soundmax.exe" /tray
mRun-x64: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
AppInit_DLLs-X64: avgrssta.dll
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\billth~1\appdata\roaming\mozilla\firefox\profiles\lul8kiss.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.fuse.net/webedge/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=51307&p=
FF - component: c:\program files (x86)\mozilla firefox\components\8830f655-dc95-83e2-f5ef-bef49928e65b.dll
FF - component: c:\users\billtheslink\appdata\roaming\mozilla\firefox\profiles\lul8kiss.default\extensions\{7c3de167-ed6f-494a-a652-f11a71ecb40c}\components\Engine.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-27 69152]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-23 173096]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2009-6-8 427016]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2009-6-8 33416]
R1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-6-8 133640]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\asus\assysctrlservice\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~2\avg\avg8\avgemc.exe [2009-6-8 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~2\avg\avg8\avgwdsvc.exe [2009-6-8 297752]
R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 2297216]
R3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\drivers\AVerBas.sys [2007-3-7 66816]
R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys [2007-3-7 440960]
R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [2007-3-7 236416]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2007-12-6 391680]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-7-4 89920]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [2007-5-1 171144]
S3 SaiH0BAC;SaiH0BAC;c:\windows\system32\drivers\SaiH0BAC.sys [2007-9-14 176128]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk60x64l.sys [2007-12-14 92160]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk60x64v.sys [2007-11-23 25088]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-10-27 21:43:06 0 d-----w- c:\program files (x86)\Trend Micro
2009-10-27 21:30:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-27 20:03:04 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-27 20:02:59 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 19:59:04 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-27 19:58:56 0 d-----w- c:\programdata\Lavasoft
2009-10-27 19:58:56 0 d-----w- c:\program files (x86)\Lavasoft
2009-10-27 19:05:22 0 d-----w- c:\users\billth~1\appdata\roaming\thecleaner
2009-10-23 12:22:51 0 d-----w- c:\program files (x86)\The Cleaner
2009-10-23 12:01:06 86005 ----a-w- c:\windows\syswow64\03810dde-77fd-afff-c07b-29f50e0774eb.exe
2009-10-15 07:11:03 0 d-----w- c:\windows\SQLTools9_KB970892_ENU
2009-10-15 07:02:21 0 d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-15 06:19:03 4698168 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 06:18:25 818688 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-15 06:18:25 604672 ----a-w- c:\windows\syswow64\WMSPDMOD.DLL
2009-10-15 06:14:00 94720 ----a-w- c:\windows\system32\secur32.dll
2009-10-15 06:14:00 77312 ----a-w- c:\windows\syswow64\secur32.dll
2009-10-15 06:14:00 515656 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-15 06:14:00 269312 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 06:14:00 218624 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-10-15 06:14:00 205312 ----a-w- c:\windows\system32\wdigest.dll
2009-10-15 06:14:00 175104 ----a-w- c:\windows\syswow64\wdigest.dll
2009-10-15 06:14:00 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-15 06:14:00 11264 ----a-w- c:\windows\system32\lsass.exe
2009-10-15 06:13:44 174592 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 06:13:43 82944 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 06:13:43 60928 ----a-w- c:\windows\syswow64\msasn1.dll
2009-10-11 02:42:01 65536 --sha-w- c:\users\billtheslink\ntuser.dat{02435dc2-b60d-11de-9cba-00248c7ee7b8}.TM.blf
2009-10-11 02:42:01 524288 --sha-w- c:\users\billtheslink\ntuser.dat{02435dc2-b60d-11de-9cba-00248c7ee7b8}.TMContainer00000000000000000002.regtrans-ms
2009-10-11 02:42:01 524288 --sha-w- c:\users\billtheslink\ntuser.dat{02435dc2-b60d-11de-9cba-00248c7ee7b8}.TMContainer00000000000000000001.regtrans-ms
2009-10-04 22:10:52 0 d-----w- c:\program files\iPod
2009-10-04 22:10:51 0 d-----w- c:\program files\iTunes
2009-10-04 22:10:51 0 d-----w- c:\program files (x86)\iTunes
2009-10-03 03:54:16 238960 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 05:26:12 0 d-----w- c:\program files (x86)\AirSource Group

==================== Find3M ====================

2009-10-27 22:02:34 2806 ----a-w- c:\windows\syswow64\ealregsnapshot1.reg
2009-10-27 21:45:54 32536 ----a-w- c:\programdata\nvModes.dat
2009-10-11 02:50:43 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-11 02:50:43 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-11 02:50:43 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-08-29 02:42:33 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-29 00:50:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2009-08-27 05:52:18 1147904 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:47:24 132096 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:47:23 77312 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\syswow64\wininet.dll
2009-08-27 05:22:15 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2009-08-27 05:20:52 206848 ----a-w- c:\windows\syswow64\occache.dll
2009-08-27 05:18:40 5940224 ----a-w- c:\windows\syswow64\mshtml.dll
2009-08-27 05:18:37 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-08-27 05:18:37 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-08-27 05:18:00 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2009-08-27 05:17:43 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2009-08-27 05:17:43 164352 ----a-w- c:\windows\syswow64\ieui.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2009-08-27 05:17:42 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2009-08-27 05:17:42 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2009-08-27 05:17:41 11069440 ----a-w- c:\windows\syswow64\ieframe.dll
2009-08-27 05:17:35 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-08-27 04:10:33 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 03:42:29 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-08-27 03:42:23 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2009-08-27 03:41:45 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-08-25 13:11:13 12464 ----a-w- c:\windows\system32\avgrssta.dll
2009-08-18 03:33:52 1193832 ----a-w- c:\windows\syswow64\FM20.DLL
2009-08-14 16:04:45 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:04:45 143360 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 15:53:34 17920 ----a-w- c:\windows\syswow64\netevent.dll
2009-08-14 14:10:25 10752 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:10:22 12800 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:10:21 32256 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:10:21 21504 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:10:20 23040 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:10:19 11264 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:10:19 10240 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:20 9728 ----a-w- c:\windows\syswow64\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\syswow64\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\syswow64\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\syswow64\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\syswow64\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\syswow64\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\syswow64\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\syswow64\netiohlp.dll
2009-08-07 02:24:09 35552 ----a-w- c:\windows\syswow64\wups.dll
2009-08-07 02:23:52 575704 ----a-w- c:\windows\syswow64\wuapi.dll
2009-08-07 01:59:43 2621440 ----a-w- c:\windows\system32\wucltux.dll
2009-08-07 01:59:07 98816 ----a-w- c:\windows\system32\wudriver.dll
2009-08-07 01:44:40 87552 ----a-w- c:\windows\syswow64\wudriver.dll
2009-08-06 23:23:06 185416 ----a-w- c:\windows\system32\wuwebv.dll
2009-08-06 23:23:06 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2009-08-06 22:59:12 36864 ----a-w- c:\windows\system32\wuapp.exe
2009-08-06 22:44:46 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2009-07-04 11:11:27 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:14 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:14 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-09 04:19:47 90 --sh--w- c:\windows\cnerolf.bin
2009-06-29 08:29:12 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-29 08:29:12 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-29 08:29:12 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 18:40:58.70 ===============
BillTheSlink is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-29-2009, 11:58 AM   #2 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 2
OS: Vista 64 Professional


Re: At least Win 32.BHO Trojan
I did a rollback to a restore point from about two weeks ago and now everything seems fine. Please close this thread with my gratitude. If it crops back up I'll post again. I've learned my lesson though. Thank you.

Bill The Slink
BillTheSlink is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-29-2009, 03:10 PM   #3 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,501
OS: 2000 Pro; XP Pro; XP Home


Re: At least Win 32.BHO Trojan
Thanks for letting us know.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:59 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85