PDA

View Full Version : Win32.AutoRun.tmp


Desttroy4
2011-02-08, 23:11
Hello i have this trojan on my system, here is my dds logs



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Evan at 9:00:02.50 on 09-Feb-11
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4093.1799 [GMT 11:00]

AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~2\DUMETE~1\DUMeter.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Users\Evan\Downloads\volumouse-x64\volumouse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TuneUp Utilities 2010\RegistryEditor.exe
C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Evan\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.ask.com?o=14656&l=dis
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [FreeApp] "C:\Program Files (x86)\FreeApps\FreeApps.exe" /autorun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [$Volumouse$] "C:\Users\Evan\Downloads\volumouse-x64\volumouse.exe" /nodlg
uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
uRun: [Kryptel Shredder] "C:\Program Files (x86)\Kryptel\Shredder.exe" startup
uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
uRun: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [COC] C:\Program Files (x86)\GIGABYTE\COC\run.exe
StartupFolder: C:\Users\Evan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7an216m7.default\
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn
FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2011-1-3 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2011-1-3 221232]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2010-12-16 1263200]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2010-12-16 21544]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-1-19 953904]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2011-1-3 615040]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110207.001\IDSviA64.sys [2011-2-8 476792]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2010-8-30 88200]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2011-1-3 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2011-1-3 451120]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-12-16 3975088]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-27 203776]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-4-23 136616]
R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-12-16 21480]
R2 DUMeterSvc;DU Meter Service;C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [2011-2-8 1412488]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2011-1-3 126392]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-12-16 27136]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-16 1153368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-10-30 1353544]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-12-16 279136]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2010-12-17 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-27 287232]
R3 AODDriver2;AODDriver2;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-4-23 52352]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;C:\Program Files (x86)\DU Meter\DUMetr64.sys [2011-2-8 19088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-17 132656]
R3 NLNdisMP;NLNdisMP;C:\Windows\System32\drivers\nlndis.sys [2010-8-30 33416]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-16 347680]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-4-17 134760]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-12-16 38456]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-14 23040]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-1-20 97040]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\System32\drivers\nlndis.sys [2010-8-30 33416]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-23 12288]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;C:\Windows\System32\drivers\RTL2832U_IRHID.sys [2011-1-16 44320]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;C:\Windows\System32\drivers\RTL2832UBDA.sys [2011-1-16 174368]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;C:\Windows\System32\drivers\RTL2832UUSB.sys [2011-1-16 38944]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2010-12-16 51712]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2010-12-16 24064]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2010-12-16 51712]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-02-08 03:59:30 -------- d-----w- C:\Users\Evan\mods
2011-02-08 03:52:08 -------- d-----w- C:\Users\Evan\AppData\Roaming\temp
2011-02-08 03:49:46 -------- d-----w- C:\Users\Evan\AppData\Roaming\Minecrafter
2011-02-08 03:11:10 -------- d-----w- C:\Windows\WinRAR
2011-02-08 02:40:09 -------- d-----w- C:\PROGRA~3\Hagel Technologies
2011-02-08 02:40:07 -------- d-----w- C:\Program Files (x86)\DU Meter
2011-02-08 02:24:52 -------- d-----w- C:\PROGRA~3\Locktime
2011-02-08 02:24:50 -------- d-----w- C:\Program Files\NetLimiter 3
2011-02-07 23:57:41 -------- d-----w- C:\Users\Evan\AppData\Local\Locktime
2011-02-07 01:44:25 -------- d-----w- C:\Users\Evan\AppData\Roaming\mIRC
2011-02-07 01:44:25 -------- d-----w- C:\Program Files (x86)\mIRC
2011-02-06 21:44:33 -------- d-----w- C:\Users\Evan\AppData\Roaming\Azureus
2011-02-06 21:43:58 -------- d-----w- C:\Program Files (x86)\Vuze
2011-02-06 21:41:01 -------- d-----w- C:\Users\Evan\fontconfig
2011-02-06 21:40:00 -------- d-----w- C:\Program Files (x86)\PS3 Media Server
2011-02-05 01:01:50 -------- d-----w- C:\Users\Evan\AppData\Roaming\Inv Softworks
2011-02-05 01:01:40 -------- d-----w- C:\Program Files (x86)\Kryptel
2011-02-04 21:02:05 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6
2011-02-02 06:53:46 -------- d-----w- C:\Users\Evan\AppData\Local\SDK
2011-02-01 20:26:39 -------- d-----w- C:\Users\Evan\AppData\Roaming\Snippage.B28FB424FD6880E47B18D7D649F6CC93BDE9B29B.1
2011-02-01 20:26:37 -------- d-----w- C:\Program Files (x86)\Snippage
2011-02-01 09:41:48 -------- d-----w- C:\Users\Evan\test
2011-01-26 01:28:09 53808 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2011-01-25 22:54:23 -------- d-----w- C:\Users\Evan\AppData\Local\Diagnostics
2011-01-24 06:10:09 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-01-24 06:09:56 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-01-24 04:14:26 -------- d-----w- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2011-01-22 23:12:41 -------- d-----w- C:\Users\Evan\AppData\Local\ElevatedDiagnostics
2011-01-22 00:06:05 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-01-22 00:05:51 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-01-21 10:02:07 -------- d-----w- C:\Users\Evan\AppData\Local\{6C1AA887-F7AC-46F4-ACF4-33205D5DBA97}
2011-01-20 21:58:35 -------- d-----w- C:\Users\Evan\AppData\Local\{59197230-37C6-402F-8F1D-76BE8792A5AB}
2011-01-20 09:07:43 -------- d-----w- C:\Users\Evan\AppData\Local\{75AF7A60-489F-4752-B3E1-7C4ABA83722F}
2011-01-20 09:02:47 -------- d-----w- C:\Windows\en
2011-01-20 08:56:55 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-01-20 08:51:43 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-01-20 08:49:25 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-01-20 08:49:25 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-01-20 08:49:25 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-01-20 08:49:24 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-01-20 08:47:31 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aa40f1cd1cbb87e0e\InstallManager_WLE_WLE.exe
2011-01-20 08:47:17 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a42ee68b1cbb87e0d\MeshBetaRemover.exe
2011-01-20 08:47:12 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a05a9eb11cbb87e0c\DSETUP.dll
2011-01-20 08:47:12 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a05a9eb11cbb87e0c\DXSETUP.exe
2011-01-20 08:47:12 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a05a9eb11cbb87e0c\dsetup32.dll
2011-01-20 08:47:06 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9b4f7ff91cbb87e0b\DSETUP.dll
2011-01-20 08:47:06 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9b4f7ff91cbb87e0b\DXSETUP.exe
2011-01-20 08:47:06 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9b4f7ff91cbb87e0b\dsetup32.dll
2011-01-20 08:45:48 -------- d-----w- C:\Users\Evan\AppData\Local\Windows Live
2011-01-20 08:45:46 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-01-20 08:31:18 -------- d-----w- C:\Program Files (x86)\HyperCam Toolbar
2011-01-20 08:30:59 -------- d-----w- C:\Program Files\HyCam2
2011-01-20 07:40:31 97040 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2011-01-20 07:40:31 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys
2011-01-20 07:40:31 328712 ----a-w- C:\Windows\System32\MijFrc.dll
2011-01-20 07:40:31 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2011-01-20 07:40:31 -------- d-----w- C:\Users\Evan\AppData\Roaming\MotioninJoy
2011-01-20 07:40:30 -------- d-----w- C:\Program Files\MotioninJoy
2011-01-19 23:56:44 -------- d-----w- C:\Windows\SysWow64\xlive
2011-01-19 23:56:38 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-01-18 20:56:27 -------- d-----w- C:\Program Files (x86)\SimpleAct
2011-01-18 05:46:20 25640 ----a-w- C:\Windows\gdrv.sys
2011-01-18 05:19:12 -------- d-----w- C:\Program Files (x86)\WebTemp
2011-01-18 05:19:12 -------- d-----w- C:\PROGRA~3\WebTemp
2011-01-16 09:29:28 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2011-01-16 08:28:06 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-01-16 07:24:19 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-01-16 07:23:55 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-01-16 07:23:51 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-15 05:05:25 -------- d-----w- C:\Program Files (x86)\SamsonSoft
2011-01-15 04:42:17 -------- d-----w- C:\Users\Evan\AppData\Local\Mozilla
2011-01-15 04:00:27 -------- d-----r- C:\Users\Evan\AppData\Roaming\Brother
2011-01-15 03:36:38 -------- d-----w- C:\Users\Evan\AppData\Roaming\PrimoPDF
2011-01-15 03:36:05 90624 ----a-w- C:\Windows\System32\Primomonnt.dll
2011-01-15 03:36:03 -------- d-----w- C:\Program Files (x86)\Nitro PDF
2011-01-15 03:35:50 -------- d-----w- C:\Program Files (x86)\Brother
2011-01-15 03:25:58 -------- d-----w- C:\Program Files (x86)\ExpressPCB
2011-01-14 11:26:40 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-01-14 03:50:42 -------- d-----w- C:\Program Files (x86)\eBay
2011-01-14 03:50:42 -------- d-----w- C:\PROGRA~3\eBay
2011-01-14 03:48:30 -------- d-----w- C:\Users\Evan\AppData\Local\A3 Labs
2011-01-14 03:44:03 -------- d-----w- C:\Users\Evan\AppData\Roaming\App Launcher Gadget
2011-01-14 03:19:12 -------- d-----r- C:\Sandbox
2011-01-14 02:05:49 -------- d-----w- C:\PROGRA~3\Brother
2011-01-14 01:32:58 -------- d-----w- C:\Users\Evan\AppData\Roaming\Gmail Notifier Plus
2011-01-14 01:27:56 -------- d-----w- C:\Program Files (x86)\Microsoft Expression
2011-01-14 01:06:54 -------- d-----w- C:\Windows\PCHEALTH
2011-01-14 01:04:54 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-01-14 01:03:57 -------- d-----w- C:\Users\Evan\AppData\Local\Microsoft Help
2011-01-13 07:50:28 -------- d-----w- C:\Users\Evan\AppData\Local\Adobe
2011-01-13 05:47:13 -------- d-----w- C:\Users\Evan\AppData\Local\CrashDumps
2011-01-13 05:47:09 -------- d-----w- C:\PROGRA~3\Age of Empires 3
2011-01-13 05:38:31 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games
2011-01-13 05:24:43 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2011-01-13 05:24:19 -------- d-----w- C:\Users\Evan\AppData\Roaming\Log
2011-01-13 05:13:44 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-13 05:13:44 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-13 05:13:44 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-13 05:13:44 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-13 05:13:44 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-13 05:13:44 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-13 05:13:44 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-13 05:13:44 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-13 05:13:44 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-13 05:13:44 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

==================== Find3M ====================

2010-12-17 02:44:14 0 ----a-w- C:\Windows\ativpsrm.bin
2010-12-16 19:56:34 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-12-16 08:41:42 411368 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-12-16 08:38:26 279136 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2010-12-16 08:38:22 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
2010-12-16 08:38:22 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2010-12-16 08:38:15 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
2010-12-11 08:00:00 108032 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2010-12-07 18:40:22 183808 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2010-12-07 18:22:46 810496 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2010-11-29 06:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-29 06:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 06:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

============= FINISH: 9:00:47.30 ===============

Thanks
shelf life
2011-02-11, 01:36
hi,


i have this trojan on my system
Whats telling you that you have a trojan?


GreedyTorrent
A competent tracker most likely will know you are using this.