1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] "mourn_operator.exe" infection

Discussion in 'Malware and Virus Removal Archive' started by sonnu, 2008/10/17.

  1. 2008/10/17
    sonnu

    sonnu Inactive Thread Starter

    Joined:
    2008/09/24
    Messages:
    8
    Likes Received:
    0
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by FRIEND'Z COMPUTER at 2007-11-15 20:24:51
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 11 GB (56%) free of 20 GB
    Total RAM: 445 MB (33% free)

    HijackThis download failed

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]
    "Alcmtr "=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "RemoteControl "=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
    "LanguageShortcut "=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
    "Ulead AutoDetector v2 "=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2004-08-27 90112]
    "Ulead Quick-Drop "=C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator\Ulead Quick-Drop 1.0\Quick-Drop.exe [2005-01-31 102400]
    "USIUDF_Eject_Monitor "=C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe [2004-12-23 81920]
    "QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2007-10-24 98304]
    "NeroFilterCheck "=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
    "egui "=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    InterVideo WinDVD Creator.lnk - C:\Program Files\InterVideo\WCreator2\WCreator.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-06-16 86016]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-04-19 52224]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12c31d53-0933-11dc-8eac-806d6172696f}]
    shell\AutoRun\command - C:\Mourn_Operator.exe
    shell\explore\command - C:\Mourn_Operator.exe
    shell\open\command - C:\Mourn_Operator.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12c31d54-0933-11dc-8eac-806d6172696f}]
    shell\AutoRun\command - D:\Mourn_Operator.exe
    shell\explore\command - D:\Mourn_Operator.exe
    shell\open\command - D:\Mourn_Operator.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d88546f-8343-11dc-88b6-0019d13285bb}]
    shell\AutoRun\command - G:\Mourn_Operator.exe
    shell\explore\command - G:\Mourn_Operator.exe
    shell\open\command - G:\Mourn_Operator.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86b196f6-81f3-11dc-88aa-806d6172696f}]
    shell\AutoRun\command - E:\Mourn_Operator.exe
    shell\explore\command - E:\Mourn_Operator.exe
    shell\open\command - E:\Mourn_Operator.exe


    ======List of files/folders created in the last 3 months======

    2008-10-23 15:08:37 ----D---- C:\Program Files\AdorageI-SAL
    2008-10-23 15:08:37 ----D---- C:\Program Files\AdorageI-GfxDatas
    2008-10-23 15:08:26 ----A---- C:\adorage-protocol.txt
    2008-10-23 15:05:21 ----D---- C:\Documents and Settings\FRIEND'Z COMPUTER\Application Data\Canopus
    2008-10-23 15:02:20 ----D---- C:\WINDOWS\system32\QuickTime
    2008-10-23 15:02:20 ----D---- C:\Program Files\QuickTime
    2008-10-23 15:02:20 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-10-23 15:01:42 ----D---- C:\WINDOWS\RegisteredPackages
    2008-10-23 14:55:36 ----D---- C:\Program Files\Common Files\Canopus Shared
    2008-10-23 14:49:37 ----D---- C:\Program Files\Canopus
    2008-10-23 14:42:34 ----D---- C:\Documents and Settings\FRIEND'Z COMPUTER\Application Data\Macromedia
    2008-10-23 14:39:21 ----D---- C:\Program Files\Ulead Systems
    2008-10-23 14:39:21 ----D---- C:\Program Files\Common Files\Ulead Systems
    2008-10-23 14:39:21 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-10-23 14:27:00 ----D---- C:\WINDOWS\system32\Lang
    2008-10-23 14:16:49 ----HD---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
    2008-10-23 14:16:39 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-10-23 14:13:16 ----D---- C:\Documents and Settings\FRIEND'Z COMPUTER\Application Data\Identities
    2008-10-23 14:13:14 ----HD---- C:\Program Files\Uninstall Information
    2008-10-23 14:13:10 ----ASH---- C:\Documents and Settings\FRIEND'Z COMPUTER\Application Data\desktop.ini
    2008-10-23 14:13:09 ----SD---- C:\Documents and Settings\FRIEND'Z COMPUTER\Application Data\Microsoft
    2008-10-23 14:12:30 ----D---- C:\WINDOWS\SoftwareDistribution
    2008-10-23 14:12:27 ----SHD---- C:\System Volume Information
    2008-10-23 14:11:17 ----SD---- C:\WINDOWS\system32\Microsoft
    2008-10-23 14:11:17 ----D---- C:\WINDOWS\Prefetch
    2008-10-23 14:11:17 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-10-23 14:05:05 ----D---- C:\WINDOWS\system32\xircom
    2008-10-23 14:05:05 ----D---- C:\Program Files\xerox
    2008-10-23 14:05:05 ----D---- C:\Program Files\microsoft frontpage
    2008-10-23 14:04:49 ----A---- C:\WINDOWS\control.ini
    2008-10-23 14:04:49 ----A---- C:\AUTOEXEC.BAT
    2008-10-23 14:04:40 ----A---- C:\WINDOWS\OEWABLog.txt
    2008-10-23 14:04:38 ----A---- C:\WINDOWS\system32\mapi32.dll
    2008-10-23 14:03:53 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-10-23 14:03:53 ----RD---- C:\WINDOWS\Offline Web Pages
    2008-10-23 14:03:53 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
    2008-10-23 14:03:48 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
    2008-10-23 14:03:45 ----HD---- C:\Program Files\WindowsUpdate
    2008-10-23 14:03:27 ----D---- C:\WINDOWS\system32\DirectX
    2008-10-23 14:03:06 ----A---- C:\WINDOWS\system32\atrace.dll
    2008-10-23 14:03:03 ----A---- C:\WINDOWS\system32\desktop.ini
    2008-10-23 14:03:03 ----A---- C:\WINDOWS\desktop.ini
    2008-10-23 14:02:58 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
    2008-10-23 14:02:57 ----D---- C:\Program Files\Common Files\Services
    2008-10-23 14:02:57 ----A---- C:\WINDOWS\system32\acctres.dll
    2008-10-23 14:02:55 ----SD---- C:\WINDOWS\Tasks
    2008-10-23 14:02:55 ----A---- C:\WINDOWS\system32\icfgnt5.dll
    2008-10-23 14:02:54 ----D---- C:\Program Files\Common Files\MSSoap
    2008-10-23 14:02:50 ----D---- C:\WINDOWS\srchasst
    2008-10-23 14:02:49 ----D---- C:\WINDOWS\system32\Macromed
    2008-10-23 14:02:45 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-10-23 14:02:45 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-10-23 14:02:45 ----A---- C:\WINDOWS\system32\wuauserv.dll
    2008-10-23 14:02:45 ----A---- C:\WINDOWS\system32\wuaueng1.dll
    2008-10-23 14:02:44 ----A---- C:\WINDOWS\system32\wups.dll
    2008-10-23 14:02:44 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-10-23 14:02:44 ----A---- C:\WINDOWS\system32\wuauclt1.exe
    2008-10-23 14:02:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-10-23 14:02:44 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-10-23 14:02:44 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
    2008-10-23 14:02:44 ----A---- C:\WINDOWS\system32\bitsprx3.dll
    2008-10-23 14:02:44 ----A---- C:\WINDOWS\system32\bitsprx2.dll
    2008-10-23 14:02:43 ----A---- C:\WINDOWS\system32\qmgr.dll
    2008-10-23 14:02:38 ----D---- C:\Program Files\Movie Maker
    2008-10-23 14:02:35 ----A---- C:\WINDOWS\system32\safrslv.dll
    2008-10-23 14:02:35 ----A---- C:\WINDOWS\system32\safrdm.dll
    2008-10-23 14:02:34 ----A---- C:\WINDOWS\system32\safrcdlg.dll
    2008-10-23 14:02:34 ----A---- C:\WINDOWS\system32\racpldlg.dll
    2008-10-23 14:02:30 ----A---- C:\WINDOWS\system32\fltMc.exe
    2008-10-23 14:02:30 ----A---- C:\WINDOWS\system32\fltlib.dll
    2008-10-23 14:02:29 ----D---- C:\WINDOWS\system32\Restore
    2008-10-23 14:02:29 ----A---- C:\WINDOWS\system32\srsvc.dll
    2008-10-23 14:02:29 ----A---- C:\WINDOWS\system32\srrstr.dll
    2008-10-23 14:02:29 ----A---- C:\WINDOWS\system32\srclient.dll
    2008-10-23 14:02:29 ----A---- C:\WINDOWS\system32\ils.dll
    2008-10-23 14:02:28 ----A---- C:\WINDOWS\system32\nmmkcert.dll
    2008-10-23 14:02:28 ----A---- C:\WINDOWS\system32\msconf.dll
    2008-10-23 14:02:28 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
    2008-10-23 14:02:28 ----A---- C:\WINDOWS\system32\mnmdd.dll
    2008-10-23 14:02:28 ----A---- C:\WINDOWS\system32\isrdbg32.dll
    2008-10-23 14:02:26 ----D---- C:\Program Files\NetMeeting
    2008-10-23 14:02:26 ----A---- C:\WINDOWS\system32\msoert2.dll
    2008-10-23 14:02:26 ----A---- C:\WINDOWS\system32\msoeacct.dll
    2008-10-23 14:02:25 ----A---- C:\WINDOWS\system32\inetres.dll
    2008-10-23 14:02:24 ----A---- C:\WINDOWS\system32\inetcomm.dll
    2008-10-23 14:02:22 ----D---- C:\Program Files\Outlook Express
    2008-10-23 14:02:22 ----A---- C:\WINDOWS\system32\schedsvc.dll
    2008-10-23 14:02:22 ----A---- C:\WINDOWS\system32\mstinit.exe
    2008-10-23 14:02:22 ----A---- C:\WINDOWS\system32\mstask.dll
    2008-10-23 14:02:22 ----A---- C:\WINDOWS\system32\isign32.dll
    2008-10-23 14:02:22 ----A---- C:\WINDOWS\system32\icwphbk.dll
    2008-10-23 14:02:22 ----A---- C:\WINDOWS\system32\icwdial.dll
    2008-10-23 14:02:21 ----A---- C:\WINDOWS\system32\inetcfg.dll
    2008-10-23 14:02:16 ----D---- C:\Program Files\Common Files\System
    2008-10-23 14:02:14 ----D---- C:\Program Files\Internet Explorer
    2008-10-23 14:01:39 ----D---- C:\Program Files\ComPlus Applications
    2008-10-23 14:01:38 ----A---- C:\WINDOWS\vbaddin.ini
    2008-10-23 14:01:38 ----A---- C:\WINDOWS\vb.ini
    2008-10-23 14:01:35 ----D---- C:\WINDOWS\Registration
    2008-10-23 14:01:30 ----D---- C:\Program Files\Windows Media Player
    2008-10-23 14:01:30 ----D---- C:\Program Files\Online Services
    2008-10-23 14:01:24 ----D---- C:\Program Files\Messenger
    2008-10-23 14:01:21 ----D---- C:\Program Files\MSN Gaming Zone
    2008-10-23 14:01:21 ----A---- C:\WINDOWS\system32\write.exe
    2008-10-23 14:01:13 ----A---- C:\WINDOWS\system32\sndvol32.exe
    2008-10-23 14:01:13 ----A---- C:\WINDOWS\system32\hticons.dll
    2008-10-23 14:01:13 ----A---- C:\WINDOWS\system32\avwav.dll
    2008-10-23 14:01:13 ----A---- C:\WINDOWS\system32\avmeter.dll
    2008-10-23 14:01:12 ----A---- C:\WINDOWS\system32\winchat.exe
    2008-10-23 14:01:12 ----A---- C:\WINDOWS\system32\avtapi.dll
    2008-10-23 14:01:08 ----A---- C:\WINDOWS\system32\getuname.dll
    2008-10-23 14:01:07 ----A---- C:\WINDOWS\system32\winmine.exe
    2008-10-23 14:01:07 ----A---- C:\WINDOWS\system32\sol.exe
    2008-10-23 14:01:07 ----A---- C:\WINDOWS\system32\charmap.exe
    2008-10-23 14:01:07 ----A---- C:\WINDOWS\system32\calc.exe
    2008-10-23 14:01:06 ----A---- C:\WINDOWS\system32\usrlogon.cmd
    2008-10-23 14:01:06 ----A---- C:\WINDOWS\system32\tsshutdn.exe
    2008-10-23 14:01:06 ----A---- C:\WINDOWS\system32\tslabels.ini
    2008-10-23 14:01:06 ----A---- C:\WINDOWS\system32\tskill.exe
    2008-10-23 14:01:06 ----A---- C:\WINDOWS\system32\tsdiscon.exe
    2008-10-23 14:01:06 ----A---- C:\WINDOWS\system32\tscon.exe
    2008-10-23 14:01:06 ----A---- C:\WINDOWS\system32\shadow.exe
    2008-10-23 14:01:06 ----A---- C:\WINDOWS\system32\rwinsta.exe
    2008-10-23 14:01:06 ----A---- C:\WINDOWS\system32\reset.exe
    2008-10-23 14:01:06 ----A---- C:\WINDOWS\system32\regini.exe
    2008-10-23 14:01:06 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
    2008-10-23 14:01:06 ----A---- C:\WINDOWS\system32\qwinsta.exe
    2008-10-23 14:01:06 ----A---- C:\WINDOWS\system32\mshearts.exe
    2008-10-23 14:01:06 ----A---- C:\WINDOWS\system32\freecell.exe
    2008-10-23 14:01:05 ----A---- C:\WINDOWS\system32\qappsrv.exe
    2008-10-23 14:01:05 ----A---- C:\WINDOWS\system32\msg.exe
    2008-10-23 14:01:05 ----A---- C:\WINDOWS\system32\msdtcprf.ini
    2008-10-23 14:01:05 ----A---- C:\WINDOWS\system32\logoff.exe
    2008-10-23 14:01:05 ----A---- C:\WINDOWS\system32\cdmodem.dll
    2008-10-23 14:01:04 ----A---- C:\WINDOWS\system32\stclient.dll
    2008-10-23 14:01:04 ----A---- C:\WINDOWS\system32\mtxlegih.dll
    2008-10-23 14:01:04 ----A---- C:\WINDOWS\system32\mtxex.dll
    2008-10-23 14:01:04 ----A---- C:\WINDOWS\system32\mtxdm.dll
    2008-10-23 14:01:04 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
    2008-10-23 14:01:04 ----A---- C:\WINDOWS\system32\comrepl.dll
    2008-10-23 14:01:04 ----A---- C:\WINDOWS\system32\comaddin.dll
    2008-10-23 14:01:03 ----A---- C:\WINDOWS\system32\comsnap.dll
    2008-10-23 14:01:00 ----A---- C:\WINDOWS\system32\wmimgmt.msc
    2008-10-23 14:00:41 ----D---- C:\Program Files\MSN
    2008-10-23 14:00:40 ----A---- C:\WINDOWS\system32\sndrec32.exe
    2008-10-23 14:00:40 ----A---- C:\WINDOWS\system32\accwiz.exe
    2008-10-23 14:00:39 ----D---- C:\Program Files\Windows NT
    2008-10-23 14:00:39 ----A---- C:\WINDOWS\system32\mspaint.exe
    2008-10-23 14:00:39 ----A---- C:\WINDOWS\system32\mplay32.exe
    2008-10-23 14:00:39 ----A---- C:\WINDOWS\system32\hypertrm.dll
    2008-10-23 14:00:38 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
    2008-10-23 14:00:38 ----A---- C:\WINDOWS\system32\spider.exe
    2008-10-23 14:00:38 ----A---- C:\WINDOWS\system32\clipbrd.exe
    2008-10-23 14:00:37 ----A---- C:\WINDOWS\system32\tscupgrd.exe
    2008-10-23 14:00:37 ----A---- C:\WINDOWS\system32\sessmgr.exe
    2008-10-23 14:00:37 ----A---- C:\WINDOWS\system32\remotepg.dll
    2008-10-23 14:00:37 ----A---- C:\WINDOWS\system32\rdshost.exe
    2008-10-23 14:00:37 ----A---- C:\WINDOWS\system32\rdsaddin.exe
    2008-10-23 14:00:37 ----A---- C:\WINDOWS\system32\rdchost.dll
    2008-10-23 14:00:37 ----A---- C:\WINDOWS\system32\mstscax.dll
    2008-10-23 14:00:37 ----A---- C:\WINDOWS\system32\mstsc.exe
    2008-10-23 14:00:36 ----A---- C:\WINDOWS\system32\termsrv.dll
    2008-10-23 14:00:36 ----A---- C:\WINDOWS\system32\rdpwsx.dll
    2008-10-23 14:00:36 ----A---- C:\WINDOWS\system32\rdpsnd.dll
    2008-10-23 14:00:36 ----A---- C:\WINDOWS\system32\rdpclip.exe
    2008-10-23 14:00:36 ----A---- C:\WINDOWS\system32\qprocess.exe
    2008-10-23 14:00:36 ----A---- C:\WINDOWS\system32\icaapi.dll
    2008-10-23 14:00:36 ----A---- C:\WINDOWS\system32\cfgbkend.dll
    2008-10-23 14:00:35 ----D---- C:\WINDOWS\system32\MsDtc
    2008-10-23 14:00:35 ----A---- C:\WINDOWS\system32\mtxoci.dll
    2008-10-23 14:00:35 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
    2008-10-23 14:00:35 ----A---- C:\WINDOWS\system32\msdtctm.dll
    2008-10-23 14:00:35 ----A---- C:\WINDOWS\system32\msdtcprx.dll
    2008-10-23 14:00:34 ----D---- C:\WINDOWS\system32\Com
    2008-10-23 14:00:34 ----A---- C:\WINDOWS\system32\xolehlp.dll
    2008-10-23 14:00:34 ----A---- C:\WINDOWS\system32\msdtclog.dll
    2008-10-23 14:00:34 ----A---- C:\WINDOWS\system32\msdtc.exe
    2008-10-23 14:00:34 ----A---- C:\WINDOWS\system32\colbact.dll
    2008-10-23 14:00:34 ----A---- C:\WINDOWS\system32\clbcatex.dll
    2008-10-23 14:00:34 ----A---- C:\WINDOWS\system32\catsrvps.dll
    2008-10-23 14:00:33 ----A---- C:\WINDOWS\system32\comsvcs.dll
    2008-10-23 14:00:33 ----A---- C:\WINDOWS\system32\catsrvut.dll
    2008-10-23 14:00:33 ----A---- C:\WINDOWS\system32\catsrv.dll
    2008-10-23 14:00:32 ----A---- C:\WINDOWS\system32\comuid.dll
    2008-10-23 14:00:32 ----A---- C:\WINDOWS\system32\clbcatq.dll
    2008-10-23 14:00:25 ----A---- C:\WINDOWS\system32\servdeps.dll
    2008-10-23 14:00:25 ----A---- C:\WINDOWS\system32\mmfutil.dll
    2008-10-23 14:00:25 ----A---- C:\WINDOWS\system32\licwmi.dll
    2008-10-23 14:00:25 ----A---- C:\WINDOWS\system32\cmprops.dll
    2007-11-15 20:24:52 ----D---- C:\Program Files\trend micro
    2007-11-15 20:24:50 ----D---- C:\rsit
    2007-11-15 20:19:22 ----D---- C:\ComboFix
    2007-11-15 20:19:19 ----D---- C:\WINDOWS\LastGood
    2007-11-15 20:18:46 ----D---- C:\Program Files\ESET
    2007-11-15 20:18:46 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
    2007-11-10 05:39:40 ----SHD---- C:\FOUND.003
    2007-11-06 05:46:30 ----SHD---- C:\FOUND.002
    2007-11-03 20:14:26 ----SHD---- C:\FOUND.001
    2007-10-30 13:49:40 ----SHD---- C:\FOUND.000
    2007-10-29 19:04:22 ----RSH---- C:\Mourn_Operator.exe
    2007-10-26 10:46:17 ----D---- C:\Project
    2007-10-24 20:58:43 ----A---- C:\WINDOWS\canopus.ini
    2007-10-24 15:20:58 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
    2007-10-24 11:09:11 ----A---- C:\WINDOWS\NeroDigital.ini
    2007-10-24 10:59:21 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
    2007-10-24 10:59:21 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
    2007-10-24 10:52:06 ----RA---- C:\WINDOWS\system32\pncrt.dll
    2007-10-24 10:52:06 ----RA---- C:\WINDOWS\system32\helixprodctrl.dll
    2007-10-24 10:51:08 ----RA---- C:\WINDOWS\system32\pavplal.dll
    2007-10-24 10:36:29 ----A---- C:\WINDOWS\system32\msvcr70.dll
    2007-10-24 10:36:28 ----A---- C:\WINDOWS\system32\msvcp70.dll
    2007-10-24 10:36:28 ----A---- C:\WINDOWS\system32\intsrc.dll
    2007-10-24 10:36:28 ----A---- C:\WINDOWS\system32\foxnsox.dll
    2007-10-24 10:35:16 ----A---- C:\WINDOWS\unvise32qt.exe
    2007-10-24 10:34:47 ----D---- C:\Program Files\directx
    2007-10-24 10:34:29 ----A---- C:\WINDOWS\system32\MFC71JPN.DLL
    2007-10-24 10:34:29 ----A---- C:\WINDOWS\system32\MFC71ENU.DLL
    2007-10-24 10:33:40 ----RA---- C:\WINDOWS\system32\cllccodc.dll
    2007-10-24 10:33:40 ----A---- C:\WINDOWS\system32\cvpcdvc.dll
    2007-10-24 10:33:40 ----A---- C:\WINDOWS\system32\cuvccodc.dll
    2007-10-24 10:33:40 ----A---- C:\WINDOWS\system32\csthread.dll
    2007-10-24 10:33:40 ----A---- C:\WINDOWS\system32\cseuvec.dll
    2007-10-24 10:33:40 ----A---- C:\WINDOWS\system32\csellc.dll
    2007-10-24 10:33:40 ----A---- C:\WINDOWS\system32\csedv.dll
    2007-10-24 10:33:40 ----A---- C:\WINDOWS\system32\csccdvcx.dll
    2007-10-24 10:33:40 ----A---- C:\WINDOWS\system32\csccdvc.dll
    2007-10-24 10:33:40 ----A---- C:\WINDOWS\system32\cdvhcodc.dll
    2007-10-24 10:33:40 ----A---- C:\WINDOWS\system32\cdvccodc.dll
    2007-10-24 10:33:40 ----A---- C:\WINDOWS\system32\cdv5codc.dll
    2007-10-24 10:31:36 ----RA---- C:\WINDOWS\system32\paveno.dll
    2007-10-24 10:31:36 ----RA---- C:\WINDOWS\system32\pavedius.dll
    2007-10-24 10:31:36 ----RA---- C:\WINDOWS\system32\pavapi.dll
    2007-10-24 10:31:36 ----A---- C:\WINDOWS\system32\MFC71u.dll
    2007-10-24 10:31:36 ----A---- C:\WINDOWS\system32\MFC71.dll
    2007-10-24 10:31:35 ----A---- C:\WINDOWS\system32\csedvh.dll
    2007-10-24 09:24:33 ----D---- C:\Program Files\Common Files\SONY Digital Images
    2007-10-24 09:24:11 ----N---- C:\WINDOWS\msvcrt.dll
    2007-10-24 09:24:11 ----N---- C:\WINDOWS\msvcp60.dll
    2007-10-24 09:24:11 ----N---- C:\WINDOWS\dvdrgn.exe
    2007-10-24 09:16:49 ----D---- C:\Documents and Settings\FRIEND'Z COMPUTER\Application Data\CyberLink
    2007-10-24 09:16:48 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
    2007-10-24 09:15:23 ----N---- C:\WINDOWS\system32\msxml3a.dll
    2007-10-24 09:14:56 ----D---- C:\Program Files\CyberLink
    2007-10-24 09:14:56 ----A---- C:\WINDOWS\system32\msvcr71.dll
    2007-10-24 09:14:56 ----A---- C:\WINDOWS\system32\msvcp71.dll
    2007-10-24 09:13:56 ----HD---- C:\WINDOWS\$NtUninstallwmp11$
    2007-10-24 09:12:53 ----HD---- C:\WINDOWS\$NtUninstallWMFDist11$
    2007-10-24 09:07:33 ----A---- C:\WINDOWS\system32\ChCfg.exe
    2007-10-24 09:07:24 ----D---- C:\WINDOWS\system32\RTCOM
    2007-10-24 09:06:56 ----A---- C:\WINDOWS\system32\spupdsvc.exe
    2007-10-24 09:06:52 ----A---- C:\WINDOWS\SoundMan.exe
    2007-10-24 09:06:52 ----A---- C:\WINDOWS\SkyTel.exe
    2007-10-24 09:06:52 ----A---- C:\WINDOWS\RtlUpd.exe
    2007-10-24 09:06:51 ----A---- C:\WINDOWS\RTLCPL.exe
    2007-10-24 09:06:50 ----A---- C:\WINDOWS\RTHDCPL.exe
    2007-10-24 09:06:50 ----A---- C:\WINDOWS\MicCal.exe
    2007-10-24 09:06:49 ----D---- C:\Program Files\Realtek
    2007-10-24 09:06:49 ----A---- C:\WINDOWS\alcwzrd.exe
    2007-10-24 09:06:49 ----A---- C:\WINDOWS\Alcmtr.exe
    2007-10-24 09:06:45 ----A---- C:\WINDOWS\RtlExUpd.dll
    2007-10-24 09:06:45 ----A---- C:\WINDOWS\HideWin.exe
    2007-10-24 09:04:02 ----A---- C:\WINDOWS\system32\FlexEng.dll
    2007-10-24 09:02:20 ----D---- C:\Intel Desktop Board
    2007-10-24 09:00:51 ----D---- C:\Program Files\MSXML 4.0
    2007-10-24 09:00:46 ----D---- C:\TempEI4
    2007-10-24 07:25:46 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
    2007-10-24 07:25:46 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
    2007-10-24 07:25:46 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
    2007-10-24 07:25:46 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
    2007-10-24 07:25:46 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
    2007-10-24 07:25:46 ----A---- C:\WINDOWS\system32\IVIresize.dll
    2007-10-24 07:07:18 ----D---- C:\Program Files\Common Files\InstallShield
    2007-10-24 06:50:45 ----SHD---- C:\Recycled
    2007-10-23 15:39:19 ----D---- C:\Program Files\InterVideo
    2007-10-23 15:34:48 ----D---- C:\Documents and Settings\FRIEND'Z COMPUTER\Application Data\Ulead Systems
    2007-10-23 15:27:49 ----D---- C:\Documents and Settings\FRIEND'Z COMPUTER\Application Data\Ahead
    2007-10-23 15:27:40 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
    2007-10-23 15:25:35 ----D---- C:\Program Files\Nero
    2007-10-23 15:25:35 ----D---- C:\Program Files\Common Files\Ahead
    2007-10-23 15:25:35 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
    2007-10-23 15:16:16 ----D---- C:\Program Files\Pinnacle
    2007-10-23 15:14:37 ----D---- C:\WINDOWS\system32\NtmsData

    ======List of files/folders modified in the last 3 months======

    2008-10-23 14:13:08 ----A---- C:\WINDOWS\setuplog.txt
    2008-10-23 14:04:50 ----A---- C:\WINDOWS\win.ini
    2008-10-23 14:04:40 ----A---- C:\WINDOWS\ODBCINST.INI
    2008-10-23 14:03:56 ----RD---- C:\WINDOWS\Web
    2008-10-23 14:03:56 ----RD---- C:\Program Files
    2008-10-23 13:59:24 ----SH---- C:\boot.ini
    2007-11-22 12:59:58 ----RSH---- C:\WINDOWS\explorer.exe
    2007-10-24 09:13:08 ----A---- C:\WINDOWS\imsins.BAK
    2007-10-24 09:08:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 cdrblock;cdrblock; C:\WINDOWS\system32\DRIVERS\cdrblock.sys [2005-06-14 10368]
    R1 cdrport;cdrport; C:\WINDOWS\system32\DRIVERS\cdrport.sys [2005-03-11 4608]
    R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
    R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
    R1 USIUDF;USIUDF; C:\WINDOWS\System32\Drivers\USIUDF.sys [2004-07-07 292896]
    R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
    R3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-16 1611776]
    R3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
    R3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
    R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-16 389120]
    R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
    R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-03-13 49152]
    S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-04-19 823808]

    -----------------EOF-----------------
     
    sonnu,
    #1
  2. 2008/10/19
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi sonnu,

    Please download Flash_Disinfector by sUBs and save it to your desktop:

    NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

    • Plug in your USB flash drive.
    • Double-click Flash_Disinfector.exe to run it.
    • Follow any prompts that may appear.
    • Your desktop will vanish for a while, and then reappear. This is normal.
    • Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

    Next, download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

    Double click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Post the entire report in your next reply along with a fresh RSIT log.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2008/10/19
    sonnu

    sonnu Inactive Thread Starter

    Joined:
    2008/09/24
    Messages:
    8
    Likes Received:
    0
    Thanks budy and thanx windowsbbs for this. i'll try this nd tell u what's the result
     
    sonnu,
    #3
  5. 2008/10/19
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You're quite welcome. Will await your reply. :)
     
    noahdfear,
    #4
  6. 2008/10/20
    sonnu

    sonnu Inactive Thread Starter

    Joined:
    2008/09/24
    Messages:
    8
    Likes Received:
    0
    The flash disinfactor do nothing. the mour_developer.exe as it's. pls send me the proper cure of this infection as well as possible because i want to networking with other pc and cell phn also.
     
    sonnu,
    #5
  7. 2008/10/20
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please complete my instructions as given.
     
    noahdfear,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...