Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Copy-book.com browser hijack + popups


  • This topic is locked This topic is locked
2 replies to this topic

#1 Jackles

Jackles

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 25 December 2008 - 07:28 AM

On my resonably fresh install of Vista I've picked up some malware. All of my google searches get redirected through copy-book.com and I often get linked to completely unrelated pages, getting a whole lot of advertising popups aswell.

Run spybot and AVG which didn't get rid of it, also tried a system restore. Not sure where to go from here.

Cheers for any help.


DDS (Version 1.1.0) - NTFSx86
Run by Jack at 23:11:14.49 on Thu 25/12/2008
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.61.1033.18.2047.1004 [GMT 11:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Devnz\GBPVR\GBPVRRecordingService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\RelevantKnowledge\rlservice.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\CyberLink\PlayMovie\PMVService.exe
C:\Program Files\CyberLink\TV Enhance\TVEService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\scanit\OTScanIt2\OTScanIt2.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jack\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AidMaker Plugin: {89549a32-53d5-4e41-9166-6784afaf9445} - c:\program files\aidmaker\aidmie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AidMaker Toolbar: {620395c9-5c2b-4474-89b6-d2a63cea2ef8} - c:\program files\aidmaker\aidmie.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RCApp] c:\program files\gigabyte\rcapp\RCApp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\cyberlink\playmovie\PMVService.exe"
mRun: [TVEService] "c:\program files\cyberlink\tv enhance\TVEService.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {49049542-DE38-45c2-B09E-2CF3BC4237E0} - {89549A32-53D5-4E41-9166-6784AFAF9445} - c:\program files\aidmaker\aidmie.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jack\appdata\roaming\mozilla\firefox\profiles\fq92s2k3.default\
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll

============= SERVICES / DRIVERS ===============

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};\??\c:\program files\cyberlink\playmovie\000.fcl [2008-12-17 61424]
R2 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe /service [2008-12-17 45056]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);"c:\program files\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe" [2008-12-17 372831]
R2 TVESched;TVEnhance Task Scheduler (TTS));"c:\program files\cyberlink\tv enhance\kernel\tv\TVESched.exe" [2008-12-17 184413]
R2 TVService;TVService;"c:\program files\team mediaportal\mediaportal tv server\TVService.exe" [2008-11-28 188416]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2008-12-17 709632]

=============== Created Last 30 ================

2008-12-25 23:06 <DIR> --d----- C:\scanit
2008-12-25 22:30 <DIR> --d----- c:\program files\Trend Micro
2008-12-25 20:02 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2008-12-25 20:02 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-25 20:02 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-12-24 16:08 <DIR> --dsh--- c:\windows\ftpcache
2008-12-24 13:06 <DIR> --d----- c:\programdata\FLEXnet
2008-12-24 00:01 <DIR> --d----- c:\program files\common files\Macrovision Shared
2008-12-23 23:55 255 a--shr-- C:\autorun.inf
2008-12-23 23:55 <DIR> --dshr-- C:\resycled
2008-12-23 21:37 <DIR> --d----- c:\program files\Yenka
2008-12-23 18:19 <DIR> --d----- c:\program files\common files\PX Storage Engine
2008-12-23 18:19 43,872 -------- c:\windows\system32\drivers\PxHelp20.sys
2008-12-23 18:19 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-23 18:19 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-23 18:19 <DIR> --d----- c:\programdata\Adobe
2008-12-22 18:57 <DIR> --d----- c:\program files\ZAR
2008-12-22 18:31 <DIR> --d----- c:\program files\Data Doctor Recovery NTFS (Demo)
2008-12-22 18:29 6,200 a------- c:\windows\system32\INT13EXT.VXD
2008-12-22 18:29 <DIR> --d----- c:\program files\PC Inspector File Recovery
2008-12-22 18:22 <DIR> --d----- c:\program files\PowerQuest
2008-12-22 18:05 <DIR> --d----- c:\program files\Runtime Software
2008-12-22 17:42 <DIR> --d----- c:\program files\Seagate
2008-12-21 16:43 815,104 a------- c:\windows\system32\xvidcore.dll
2008-12-21 16:43 180,224 a------- c:\windows\system32\xvidvfw.dll
2008-12-21 16:43 77,824 a------- c:\windows\system32\xvid.ax
2008-12-21 16:43 <DIR> --d----- c:\program files\Xvid
2008-12-21 11:32 32,592 a------- c:\windows\system32\msonpmon.dll
2008-12-21 11:26 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2008-12-21 11:25 <DIR> --d----- c:\programdata\Microsoft Help
2008-12-19 07:00 <DIR> --d----- c:\windows\pss
2008-12-18 00:00 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-17 23:03 138,464 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-17 23:03 22,328 a------- c:\users\jack\appdata\roaming\PnkBstrK.sys
2008-12-17 23:02 111,928 a------- c:\windows\system32\PnkBstrB.exe
2008-12-17 23:02 682,280 a------- c:\windows\system32\pbsvc.exe
2008-12-17 23:02 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-17 22:49 <DIR> --d----- c:\program files\Activision
2008-12-17 22:10 1,233,920 a------- c:\windows\system32\msxml4.dll
2008-12-17 22:10 95,232 a------- c:\windows\system32\oCLWatson.exe
2008-12-17 22:10 82,432 a------- c:\windows\system32\msxml4r.dll
2008-12-17 22:10 44,544 a------- c:\windows\system32\msxml4a.dll
2008-12-17 22:10 917 a------- c:\windows\system32\CLWatson.ini
2008-12-17 22:10 <DIR> --d----- c:\users\jack\appdata\roaming\PowerCinema
2008-12-17 22:08 <DIR> --d----- c:\programdata\CyberLink
2008-12-17 22:08 <DIR> --d----- c:\programdata\Temp
2008-12-17 21:13 709,632 a------- c:\windows\system32\drivers\3xHybrid.sys
2008-12-17 21:01 <DIR> --d----- C:\Temp
2008-12-17 20:52 <DIR> --d----- c:\program files\Devnz
2008-12-17 20:24 <DIR> --d----- c:\program files\Microsoft IntelliType Pro
2008-12-17 20:17 4,137,312 a------- c:\windows\system32\drivers\RTKVAC.SYS
2008-12-17 20:17 <DIR> --d----- c:\program files\Realtek AC97
2008-12-17 20:17 2,159,104 a------- c:\windows\system32\RtkAPO.dll
2008-12-17 20:17 691,200 a------- c:\windows\system32\RtkPgExt.dll
2008-12-17 20:16 <DIR> --d----- c:\program files\uTorrent
2008-12-17 20:16 <DIR> --d----- c:\users\jack\appdata\roaming\uTorrent
2008-12-17 20:16 524,288 a------- c:\windows\RtlExUpd.dll
2008-12-17 20:16 319,488 a------- c:\windows\HideWin.exe
2008-12-17 20:15 <DIR> --d----- c:\program files\Microsoft IntelliPoint
2008-12-17 19:49 <DIR> --d----- c:\program files\DScaler
2008-12-17 19:34 <DIR> --d----- c:\program files\Microsoft SQL Server
2008-12-17 19:29 <DIR> --d----- c:\programdata\Team MediaPortal
2008-12-17 19:29 <DIR> --d----- c:\program files\Team MediaPortal
2008-12-17 19:29 <DIR> --d----- c:\progra~2\Team MediaPortal
2008-12-17 19:05 <DIR> --d----- C:\dvbdream
2008-12-17 18:50 499,712 a------- c:\windows\system32\MSVCP71.DLL
2008-12-17 18:50 348,160 a------- c:\windows\system32\MSVCR71.DLL
2008-12-17 18:50 <DIR> --d----- c:\program files\RelevantKnowledge
2008-12-17 18:49 <DIR> --d----- c:\windows\AidMaker
2008-12-17 18:49 <DIR> --d----- c:\program files\AidMaker
2008-12-17 18:49 <DIR> --d----- c:\users\jack\appdata\roaming\AidMaker
2008-12-17 18:49 <DIR> --d----- c:\program files\ChrisTV Lite
2008-12-17 15:03 <DIR> --d----- c:\windows\Panther
2008-12-17 15:02 8,192 a--s-r-- C:\BOOTSECT.BAK
2008-12-17 15:02 333,203 a--shr-- C:\bootmgr
2008-12-17 15:02 <DIR> --dsh--- C:\Boot
2008-12-17 00:05 <DIR> --d----- c:\programdata\Messenger Plus!
2008-12-17 00:05 <DIR> --d----- c:\progra~2\Messenger Plus!
2008-12-16 23:38 <DIR> --d----- c:\program files\Messenger Plus! Live
2008-12-16 23:30 <DIR> --d----- c:\programdata\NVIDIA
2008-12-16 23:27 <DIR> --d----- c:\windows\nvtmpinst
2008-12-16 23:27 <DIR> --d----- c:\windows\system32\AGEIA
2008-12-16 23:26 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-16 23:26 1,108,512 a------- c:\windows\system32\nvcpluir.dll
2008-12-16 23:26 797,216 a------- c:\windows\system32\nvcplui.exe
2008-12-16 23:26 420,384 a------- c:\windows\system32\nvcpl.cpl
2008-12-16 23:26 <DIR> --d----- C:\NVIDIA
2008-12-16 23:17 <DIR> --d----- c:\windows\PCHEALTH
2008-12-16 23:15 <DIR> --d----- c:\windows\system32\appmgmt
2008-12-16 21:12 <DIR> --d----- c:\program files\gigabyte
2008-12-16 21:10 13,912 a------- c:\windows\system32\Main.ini
2008-12-16 20:59 <DIR> --d----- c:\users\jack\Tracing
2008-12-16 20:57 <DIR> --d----- c:\program files\Microsoft
2008-12-16 20:51 289,792 a------- c:\windows\system32\idecoins.dll
2008-12-16 20:51 289,792 a------- c:\windows\system32\idecoi.dll
2008-12-16 20:51 93,568 a------- c:\windows\system32\drivers\nvata.sys
2008-12-16 20:51 33,280 a------- c:\windows\system32\NVCOI.DLL
2008-12-16 20:50 40,960 a------- c:\windows\system32\ChCfg.exe
2008-12-16 20:50 3,844,288 a----r-- c:\windows\system32\drivers\alcxwdm.sys
2008-12-16 20:50 <DIR> --d----- c:\program files\Realtek Sound Manager
2008-12-16 20:50 <DIR> --d----- c:\program files\AvRack
2008-12-16 20:50 19,030,016 a------- c:\windows\system32\ALSNDMGR.CPL
2008-12-16 20:50 10,968,576 a------- c:\windows\system32\RTLCPL.EXE
2008-12-16 20:50 598,016 a------- c:\windows\SOUNDMAN.EXE
2008-12-16 20:50 147,456 a------- c:\windows\system32\RTLCPAPI.dll
2008-12-16 20:50 141,016 a------- c:\windows\system32\alsndmgr.wav
2008-12-16 20:50 315,392 a------- c:\windows\alcupd.exe
2008-12-16 20:50 217,088 a------- c:\windows\alcrmv.exe
2008-12-16 20:49 36,352 a------- c:\windows\system32\drivers\AmdK8.sys
2008-12-16 20:49 <DIR> --d----- c:\program files\AMD
2008-12-16 20:41 261,888 a------- c:\windows\system32\drivers\nvnrm.sys
2008-12-16 20:41 208,256 a------- c:\windows\system32\drivers\nvsnpu.sys
2008-12-16 20:41 32,256 a------- c:\windows\system32\nvconrm.dll
2008-12-16 20:41 12,928 a------- c:\windows\system32\drivers\nvnetbus.sys
2008-12-16 20:41 9,728 a------- c:\windows\system32\bdco1ins.dll
2008-12-16 20:41 9,728 a------- c:\windows\system32\bdco1.dll
2008-12-16 20:40 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-12-16 20:37 <DIR> --d----- c:\program files\common files\Windows Live
2008-12-16 20:33 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-12-16 20:31 <DIR> --d----- c:\programdata\WLInstaller
2008-12-16 20:29 <DIR> --dsh--- c:\windows\Installer
2008-12-16 20:13 171,136 a--shr-- C:\grldr
2008-12-16 20:13 <DIR> --d----- c:\users\Jack
2008-12-16 20:07 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-11 06:15 1,645,568 a------- c:\windows\system32\connect.dll
2008-12-11 06:14 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-12-11 06:14 2,927,104 a------- c:\windows\explorer.exe
2008-12-11 06:12 827,392 a------- c:\windows\system32\wininet.dll
2008-12-11 06:12 1,383,424 a------- c:\windows\system32\mshtml.tlb
2008-12-11 06:11 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-11 06:11 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-11 06:11 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2008-12-11 06:11 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-12-11 06:11 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-12-11 06:10 296,960 a------- c:\windows\system32\gdi32.dll
2008-12-11 06:10 2,048 a------- c:\windows\system32\tzres.dll
2008-12-11 06:09 2,868,736 a------- c:\windows\system32\mf.dll
2008-12-11 06:09 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-11 06:09 94,720 a------- c:\windows\system32\logagent.exe
2008-12-11 06:09 678,408 a------- c:\windows\system32\gpprefcl.dll
2008-12-04 11:34 30,088 a------- c:\windows\system32\drivers\point32k.sys

==================== Find3M ====================

2008-12-17 21:14 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-17 21:14 51,200 a------- c:\windows\inf\infpub.dat
2008-12-17 21:14 86,016 a------- c:\windows\inf\infstor.dat
2008-12-11 06:11 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-12-11 06:11 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-12-11 06:11 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-12-11 06:11 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-12-11 06:11 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-13 03:28 147,456 a------- c:\windows\system32\Faultrep.dll
2008-11-13 03:28 125,952 a------- c:\windows\system32\wersvc.dll
2008-11-13 03:28 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-11-13 03:27 1,191,936 a------- c:\windows\system32\msxml3.dll
2008-11-13 03:27 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-11-13 03:27 443,392 a------- c:\windows\system32\win32spl.dll
2008-10-21 15:02 1,060,864 a------- c:\windows\system32\MFC71.dll
2008-10-21 15:02 1,047,552 a------- c:\windows\system32\MFC71u.dll
2008-10-21 15:02 89,088 a------- c:\windows\system32\atl71.dll
2008-10-18 09:29 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-10-18 09:29 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-10-18 09:27 428,544 a------- c:\windows\system32\EncDec.dll
2008-10-18 09:27 293,376 a------- c:\windows\system32\psisdecd.dll
2008-10-18 09:27 2,032,640 a------- c:\windows\system32\win32k.sys
2008-06-12 11:03 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 13:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 23:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 23:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 23:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 23:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 20:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 20:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 20:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 20:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-10 10:35 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:11:41.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:38 AM

Posted 06 January 2009 - 05:54 PM

Hello Jackles,

Posted Image

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:38 AM

Posted 23 January 2009 - 04:50 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users