Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me remove this little pest


  • This topic is locked This topic is locked
2 replies to this topic

#1 pipja

pipja

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 29 December 2008 - 09:03 AM

DDS (Version 1.1.0) - NTFSx86
Run by Quynh at 20:57:01.12 on 12/29/2008 Mon
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3070.1871 [GMT 7:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Windows\system32\conime.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\GreedyTorrent\GTor.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Razer\Diamondback\razertra.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Explorer.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Quynh\Documents\Downloads\Programs\dds.EXE

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.vn/
uInternet Settings,ProxyServer = 203.117.33.5:8080
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FG2CatchUrl: {1f364306-aa45-47b5-9f9d-39a8b94e7ef1} - c:\program files\flashget network\flashget universal\comdlls\bhoCATCH.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [GreedyTorrent] "c:\program files\greedytorrent\GTor.exe" -tray
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" -autorun
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Dimondback] c:\program files\razer\diamondback\razerhid.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All by FlashGet - c:\program files\flashget network\flashget universal\comdlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\flashget network\flashget universal\comdlls\Bholink.htm
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to &Teleport - c:\progra~1\telepo~1\teleport.htm
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: tinywarz.com\game
Trusted Zone: tinywarz.com\www
TCP: {9FAF2C37-F715-4E37-9A77-266F2653C2B9} = 210.245.24.22,210.245.24.20
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\quynh\appdata\roaming\mozilla\firefox\profiles\m0s02i64.pipja\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.vn
FF - component: c:\users\quynh\appdata\roaming\idm\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npssn.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\windows\system32\solidstatenetworks\solidstateion\npssn.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: capability.policy.policynames - localfilelinks
user_pref(capability.policy.localfilelinks.sites,hxxp://game.tinywarz.com);
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
============= SERVICES / DRIVERS ===============

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2007-5-25 137728]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-8-30 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-8-30 38208]
R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-8-30 160792]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe /Processid:{2949EFCB-1C42-47D3-8185-AF240F046693} [2006-11-2 7168]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2008-4-28 46592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-5 99376]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2008-6-13 13225]
R3 SymSnapService;SymSnapService;"c:\program files\norton ghost\shared\drivers\SymSnapService.exe" [2007-12-20 1553904]
S0 OemBiosDevice;Royalty OEM BIOS Extension;c:\windows\system32\drivers\royal.sys [2007-8-11 240128]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-29 38496]
S3 SavRoam;SAVRoam;"c:\program files\symantec antivirus\SavRoam.exe" [2006-11-28 122008]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-8-30 356920]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys [2008-8-30 33088]

=============== Created Last 30 ================

2008-12-29 20:36 161,792 a------- c:\windows\SWREG.exe
2008-12-29 20:36 98,816 a------- c:\windows\sed.exe
2008-12-29 20:28 <DIR> --d----- c:\users\quynh\appdata\roaming\Malwarebytes
2008-12-29 20:28 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-29 20:28 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-29 20:28 <DIR> --d----- c:\programdata\Malwarebytes
2008-12-29 20:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-29 20:28 <DIR> --d----- c:\progra~2\Malwarebytes
2008-12-29 07:19 <DIR> --d-h--- c:\users\quynh\appdata\roaming\drivers
2008-12-28 13:02 <DIR> --d----- c:\program files\common files\NetDragon
2008-12-28 12:30 <DIR> --d----- c:\programdata\MediaWidget
2008-12-28 12:30 <DIR> --d----- c:\progra~2\MediaWidget
2008-12-28 12:30 1,633,792 a------- c:\windows\bsdsetup.dll
2008-12-28 12:18 <DIR> --d----- c:\users\quynh\appdata\roaming\CopyTrans
2008-12-28 11:37 <DIR> --d----- c:\program files\WindSolutions
2008-12-28 10:40 <DIR> --d----- c:\users\quynh\appdata\roaming\CopyTransPhoto
2008-12-28 10:38 <DIR> --d----- c:\users\quynh\appdata\roaming\CopyTransControlCenter
2008-12-28 00:30 <DIR> --d----- c:\users\quynh\appdata\roaming\Red Kawa
2008-12-27 13:18 <DIR> --d----- C:\OpenCandy
2008-12-26 20:16 <DIR> --d----- c:\program files\WarRock
2008-12-26 07:38 <DIR> --d----- C:\Temp
2008-12-25 03:00 <DIR> --d----- c:\programdata\DivoGames
2008-12-25 03:00 <DIR> --d----- c:\progra~2\DivoGames
2008-12-25 02:27 <DIR> --d----- C:\games
2008-12-25 01:25 <DIR> --d----- C:\CFLog
2008-12-25 01:13 <DIR> --d----- c:\program files\Build-a-lot 3 - Passport to Europe
2008-12-23 17:52 206,256 a------- c:\windows\system32\idmmbc.dll
2008-12-21 20:21 <DIR> --d----- c:\programdata\Electronic Arts
2008-12-21 20:21 <DIR> --d----- c:\progra~2\Electronic Arts
2008-12-15 23:03 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2008-12-15 22:30 <DIR> --d----- c:\program files\Rockstar Games
2008-12-15 21:58 <DIR> --d----- c:\program files\Bethesda Softworks
2008-12-15 21:57 <DIR> --d----- c:\windows\system32\xlive
2008-12-15 21:05 <DIR> --d----- c:\program files\iPod
2008-12-15 21:05 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-15 21:05 <DIR> --d----- c:\program files\iTunes
2008-12-15 21:05 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-10 22:24 2,048 a------- c:\windows\system32\tzres.dll
2008-12-10 17:29 296,960 a------- c:\windows\system32\gdi32.dll
2008-12-10 17:29 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-10 17:29 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-10 17:28 2,927,104 a------- c:\windows\explorer.exe
2008-12-10 17:28 827,392 a------- c:\windows\system32\wininet.dll
2008-12-10 17:28 2,868,736 a------- c:\windows\system32\mf.dll
2008-12-10 17:28 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-10 17:28 94,720 a------- c:\windows\system32\logagent.exe
2008-12-03 09:01 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-12-03 09:01 83,456 a------- c:\windows\system32\wudriver.dll
2008-12-03 09:01 162,064 a------- c:\windows\system32\wuwebv.dll
2008-12-03 09:01 31,232 a------- c:\windows\system32\wuapp.exe

==================== Find3M ====================

2008-12-29 07:36 388,982 a------- c:\windows\system32\perfh011.dat
2008-12-29 07:36 331,584 a------- c:\windows\system32\prfh0804.dat
2008-12-29 07:36 105,678 a------- c:\windows\system32\perfc011.dat
2008-12-29 07:36 105,510 a------- c:\windows\system32\prfc0804.dat
2008-12-15 21:02 143,360 a------- c:\windows\inf\infstrng.dat
2008-12-15 21:02 51,200 a------- c:\windows\inf\infpub.dat
2008-12-07 07:04 86,016 a------- c:\windows\inf\infstor.dat
2008-12-02 10:13 453,152 a------- c:\windows\system32\nvuninst.exe
2008-11-19 23:18 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-11-19 23:18 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-11-19 23:18 183,112 a------- c:\windows\system32\PnkBstrB.exe
2008-11-17 21:20 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-11-01 10:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-01 10:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-11-01 10:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-11-01 10:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 10:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-28 17:41 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-22 10:57 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-10-21 12:25 1,645,568 a------- c:\windows\system32\connect.dll
2008-10-13 09:56 70,936 a------- c:\windows\system32\PhysXLoader.dll
2008-10-10 17:50 249,856 a------- c:\windows\system32\pdfmona.dll
2008-10-10 17:50 51,716 a------- c:\windows\system32\pdf995mon.dll
2008-10-07 13:33 704,512 a------- c:\windows\system32\nvsvsr.dll
2008-10-07 13:33 143,360 a------- c:\windows\system32\nvcolor.exe
2008-10-07 13:33 122,880 a------- c:\windows\system32\nvcodhins.dll
2008-10-07 13:33 122,880 a------- c:\windows\system32\nvcodh.dll
2008-10-07 13:33 122,880 a------- c:\windows\system32\nvcod134.dll
2008-10-07 09:13 288,024 a------- c:\windows\system32\PhysXCplUI.exe
2008-10-07 09:13 23,320 a------- c:\windows\system32\PhysXDevice.dll
2008-10-07 09:13 288,024 a------- c:\windows\system32\PhysXCompatCplUI.exe
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelTraditionalChinese.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelSwedish.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelSpanish.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelSimplifiedChinese.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelPortugese.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelKorean.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelJapanese.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelGerman.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelFrench.dll
2008-07-25 00:34 22,328 a------- c:\users\quynh\appdata\roaming\PnkBstrK.sys
2008-06-12 17:56 665,600 a------- c:\windows\inf\drvindex.dat
2008-04-18 08:20 174 a--sh--- c:\program files\desktop.ini
2007-12-02 02:29 109,926 a------- c:\windows\inf\perflib\0804\perfi.dat
2007-12-02 02:29 109,926 a------- c:\windows\inf\perflib\0804\perfh.dat
2007-12-02 02:29 30,674 a------- c:\windows\inf\perflib\0804\perfd.dat
2007-12-02 02:29 30,674 a------- c:\windows\inf\perflib\0804\perfc.dat
2007-12-02 02:13 139,030 a------- c:\windows\inf\perflib\0411\perfi.dat
2007-12-02 02:13 139,030 a------- c:\windows\inf\perflib\0411\perfh.dat
2007-12-02 02:13 30,674 a------- c:\windows\inf\perflib\0411\perfd.dat
2007-12-02 02:13 30,674 a------- c:\windows\inf\perflib\0411\perfc.dat
2007-09-10 20:47 32 a----r-- c:\programdata\hash.dat
2007-09-10 20:47 32 a----r-- c:\progra~2\hash.dat
2006-11-02 19:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 19:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 19:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 19:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 16:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 16:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 16:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 16:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-05 18:14 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-05 18:14 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-05 18:14 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-09-01 05:04 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-01 05:04 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-01 05:04 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 20:57:20.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:51 AM

Posted 30 December 2008 - 09:38 AM

Hello Pipja and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes'
    Anti-Malware
    , then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let
MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


3. Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:51 AM

Posted 22 January 2009 - 05:22 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users