Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what is going on


  • This topic is locked This topic is locked
2 replies to this topic

#1 anthony914

anthony914

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 13 December 2009 - 06:56 PM

Norton always finds upwards of 30 trojan horses in the C:\users\anthony\appdata\local\temp\ directory. also my the cpu usage is upwards of 50% almost all the time
help is much appreciated!
Thanks, anthony
also rootrepeal could not run because i have a 64bit OS
dds log:

DDS (Ver_09-12-01.01) - NTFSX64
Run by Anthony at 15:46:10.64 on Sun 12/13/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4091.1803 [GMT -8:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\sminst\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Anthony\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Symantec AntiVirus\vpc32.exe
C:\Program Files (x86)\Symantec AntiVirus\SavUI.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Anthony\Documents\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
c:\windows\syswow64\rundll32.exe
c:\windows\syswow64\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [Vidalia] "c:\program files (x86)\vidalia bundle\vidalia\vidalia.exe"
uRun: [Google Update] "c:\users\anthony\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [FAStartup]
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [NBKeyScan] "c:\program files (x86)\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~2\symant~1\VPTray.exe
StartupFolder: c:\users\anthony\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files (x86)\air mouse\air mouse\Air Mouse.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\cleana~1.lnk - c:\program files (x86)\cisco systems\clean access agent\CCAAgentLauncher.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\privoxy.lnk - c:\program files (x86)\vidalia bundle\privoxy\privoxy.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun-x64: [QuickSet] "c:\program files\dell\quickset\QuickSet.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\h6ovg8y9.default\
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\anthony\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-6-19 53488]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/09/01 16:58:22];c:\program files (x86)\cyberlink\powerdvd dx\000.fcl [2009-7-25 146928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 203264]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [2009-6-19 632048]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files (x86)\symantec antivirus\Rtvscan.exe [2006-12-13 1962136]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\viewpoint\common\ViewpointService.exe [2009-8-3 24652]
R2 WMCoreService;Mobile Broadband Core Service;c:\program files (x86)\dell\dell wwan\wmcore\mini_WMCore.exe [2009-9-24 430080]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-11-18 172704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-10 162152]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-10-8 60416]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 159840]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 319840]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-8-2 243840]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

=============== Created Last 30 ================

2009-12-11 07:21:08 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2009-12-11 07:21:08 8034 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2009-12-11 07:21:08 156008 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2009-12-11 07:21:07 0 d-----w- c:\program files\Symantec
2009-12-11 07:20:51 0 d-----w- c:\program files\common files\Symantec Shared
2009-12-11 07:20:46 0 d-----w- c:\program files (x86)\Symantec AntiVirus
2009-12-10 21:29:27 0 d-----w- c:\program files (x86)\AVG
2009-12-10 21:29:25 0 d-----w- c:\programdata\avg9
2009-12-10 20:02:18 599414012 ----a-w- c:\windows\MEMORY.DMP
2009-12-09 02:11:51 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-12-09 02:11:51 5958656 ----a-w- c:\windows\syswow64\mshtml.dll
2009-12-04 22:47:01 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-04 22:47:01 515416 ----a-w- c:\windows\syswow64\XAudio2_5.dll
2009-12-04 22:47:00 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-04 22:47:00 238936 ----a-w- c:\windows\syswow64\xactengine3_5.dll
2009-12-04 22:47:00 1974616 ----a-w- c:\windows\syswow64\D3DCompiler_42.dll
2009-12-04 22:47:00 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-04 21:48:17 0 d-----w- c:\program files (x86)\Activision
2009-12-02 01:24:14 149280 ----a-w- c:\windows\syswow64\javaws.exe
2009-12-02 01:24:13 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-12-02 01:24:12 145184 ----a-w- c:\windows\syswow64\java.exe
2009-11-24 23:07:31 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-11-24 23:07:31 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 23:07:25 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-11-24 23:07:10 0 d-----w- c:\program files (x86)\MSXML 4.0
2009-11-24 02:12:34 0 d-----w- c:\program files (x86)\Amazon
2009-11-23 23:06:34 0 d-----w- c:\program files\DivX
2009-11-23 23:06:11 0 d-----w- c:\program files (x86)\common files\DivX Shared
2009-11-23 23:06:10 0 d-----w- c:\program files (x86)\DivX
2009-11-23 19:57:10 0 d-----w- c:\users\anthony\appdata\roaming\LimeWire
2009-11-23 19:56:54 0 d-----w- c:\program files (x86)\LimeWire
2009-11-18 22:52:50 0 d-----w- c:\programdata\ATI
2009-11-18 22:03:16 0 d-----w- c:\program files\ATI Technologies
2009-11-18 22:03:14 0 d-----w- c:\program files\ATI
2009-11-18 21:58:41 0 d-----w- c:\program files (x86)\Realtek
2009-11-18 21:58:00 57656 ------w- c:\windows\system32\drivers\FilterPC.bmp
2009-11-18 21:58:00 24995 ------w- c:\windows\system32\drivers\FilterPC.jpg
2009-11-18 21:57:21 224768 ----a-w- c:\windows\system32\drivers\CtAudDrv.sys
2009-11-18 21:57:21 172704 ----a-w- c:\windows\system32\drivers\CtClsFlt.sys
2009-11-18 21:56:54 0 d-----w- c:\program files (x86)\Creative Live! Cam
2009-11-18 21:53:20 540672 ----a-r- c:\windows\RtlExUpd.dll
2009-11-18 21:53:20 0 d--h--w- c:\program files (x86)\Temp
2009-11-16 04:04:06 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-16 03:15:00 0 d-----w- c:\program files (x86)\VirtualDJ
2009-11-14 00:47:32 90112 ----a-w- c:\windows\syswow64\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\syswow64\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\syswow64\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\syswow64\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\syswow64\DivX.dll

==================== Find3M ====================

2009-11-12 09:41:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-11-10 09:39:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-09 23:16:50 22744 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-09 22:45:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-11-03 04:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-17 15:25:54 22016 ----a-w- c:\windows\system32\drivers\dc3d.sys
2009-10-11 12:17:27 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:47:11.99 ===============

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:16 AM

Posted 26 December 2009 - 07:40 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:16 AM

Posted 31 December 2009 - 07:14 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users