Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected PC - no idea what name/type it is


  • This topic is locked This topic is locked
2 replies to this topic

#1 epg

epg

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 16 February 2009 - 07:11 PM

I could NOT save dds.exe to my desktop so I had to "run".

************************************************\

obd.exe



attach.txt


==== Installed Programs ======================


Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player ActiveX
Adobe Photoshop Elements
Adobe Reader 6.0.1
American Flag Screen Saver
Applet_App
Applet_Copy
Applet_Email
Applet_Epp
Applet_File
Applet_OCR
Applet_Photoshop
Applet_Web
Arasan 5.4
ArcSoft ShowBiz
ATI Control Panel
ATI Display Driver
ATI DVD Decoder
ATI Multimedia Center 7.8.0.0
AutoStreamer
Belarc Advisor 7.1
Canon PhotoRecord
Canon PIXMA iP5000
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CDBurnerXP Pro 3
Copy Utility
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam NX Pro Driver (1.03.03.0326)
Creative WebCam NX Pro Manual (English)
CyclingPeaks
DAO
DiscWizard for Windows
dreamweaver 4 RWD
Easy-WebPrint
EPSON Photo Print
EPSON Smart Panel
EPSON TWAIN 5
Guitar Pro 4.0.7 DEMO
HD Tach version 3
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HydraVision
ImgBurn
Java™ SE Runtime Environment 6 Update 1
Kodak EasyShare software
KODAK Picture CD
LightScribe System Software 1.10.16.1
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech User's Guide
Microsoft Baseline Security Analyzer 2.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 6.0 Professional Edition
Microsoft Windows XP Video Decoder Checkup Utility
MSDN Library - Visual Studio 6.0a
MSN Music Assistant
MSXML 4.0 SP2 (KB954430)
MUSICMATCH Jukebox
MyDVD
Nero 8 Essentials
neroxml
No-IP.com DUC (remove only)
Norton AntiVirus 2003
Norton WMI Update
Online help of lcc-win32
Paint Shop Pro 7 Anniversary Edition
PF 2450 PHOTO Guide
Polar Precision Performance SW 3.0
PowerAgent 7
PowerDVD
QuickBooks Premier: Professional Services Edition 2004
QuickTime
ScanToWeb
Scrabble Deluxe
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
SilverFast TWAIN
Sound Blaster Live!
Spybot - Search & Destroy 1.2
Symantec Network Drivers Update
Tweak UI
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
URGE
User Profile Hive Cleanup Service
VCRedistSetup
VERITAS RecordNow
VERITAS RecordNow Update Manager
VERITAS Simple Backup
WebFldrs XP
win32 online help
Windows Backup Utility
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== End Of File ===========================


DDS.txt


DDS (Ver_09-02-01.01) - NTFSx86
Run by Jim Lewandowski at 18:03:52.37 on Mon 02/16/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.596 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\odb.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
svchost.exe "C:\WINDOWS\system32\actxprxyx.exe"
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\MyDocs&Settings\Temporary Internet Files\Content.IE5\Q1OQI7Y9\dds[1].scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.specialized.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [mssadv.exe]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [UpdateWin] c:\windows\system32\actxprxyx.exe
uRun: [userinit] c:\windows\system32\ntos.exe
uRunServices: [UpdateWin] c:\windows\system32\actxprxyx.exe
mRun: [CTStartup] c:\program files\creative\splash screen\CTEaxSpl.EXE /run
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [ccRegVfy] "c:\program files\common files\symantec shared\ccRegVfy.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [mssadv.exe]
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [odb] c:\windows\odb.exe
mRun: [Bhicoxepod] rundll32.exe "c:\windows\Qkajeduvaka.dll",e
mRun: [UpdateWin] c:\windows\system32\actxprxyx.exe
mRun: [Ntojigaxelayotev] rundll32.exe "c:\windows\iqejecaz.dll",e
mRunOnce: [!CleanupNetMeetingDispDriver] "c:\windows\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
mRunServices: [UpdateWin] c:\windows\system32\actxprxyx.exe
dRun: [userinit] c:\windows\system32\ntos.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: <NO NAME> =
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
Trusted Zone: 1220wkrs.com
Trusted Zone: 1220wkrs.com\www
Trusted Zone: ://willyoumaketheleap.com
Trusted Zone: accuweather.com
Trusted Zone: adobe.com\www
Trusted Zone: airamericaradio.com
Trusted Zone: amazon.com\www
Trusted Zone: americansingles.com\www
Trusted Zone: bestmetronome.com
Trusted Zone: binnallofamerica.com\www
Trusted Zone: blogspot.com\narc-attack
Trusted Zone: blogspot.com\redstarfilms
Trusted Zone: bofunk.com\www
Trusted Zone: brucetel.net\www
Trusted Zone: canari.com\www
Trusted Zone: cannondale.com\www
Trusted Zone: carlosmencia.com
Trusted Zone: catholicdos.org\www
Trusted Zone: cbike.com\www
Trusted Zone: cbsnews.com\www
Trusted Zone: centexhomes.com\www
Trusted Zone: champps.com
Trusted Zone: chicagobears.com\www
Trusted Zone: chicagotitle.com\www
Trusted Zone: chrysler.com
Trusted Zone: chuckfowler.net\www
Trusted Zone: circlepix.com\www
Trusted Zone: cnn.com
Trusted Zone: collages.net\www
Trusted Zone: comcast.net\www
Trusted Zone: comcastsupport.com\www
Trusted Zone: comedycentral.com\www
Trusted Zone: coralcastle.com\www
Trusted Zone: courttv.com
Trusted Zone: cubbybear.com\www
Trusted Zone: cycleops.com\www
Trusted Zone: dailygrail.com\www
Trusted Zone: dairyqueen.com\www
Trusted Zone: daveandbusters.com\www
Trusted Zone: davidzabriskie.com\www
Trusted Zone: deere.com\www
Trusted Zone: deerpointhomes.com\www
Trusted Zone: devilducky.com\www
Trusted Zone: drdeanlodding.com\www
Trusted Zone: duboeuf.com\www
Trusted Zone: eastonbike.com\www
Trusted Zone: elvirakurt.com\www
Trusted Zone: eonstreams.com
Trusted Zone: exmarkdealers.com\www
Trusted Zone: f-forge.com\www
Trusted Zone: faithunderfire.com\www
Trusted Zone: fitness-singles.com\www
Trusted Zone: flemingssteakhouse.com\www
Trusted Zone: foleyorthodontics.com\www
Trusted Zone: gante-ltd.com\www
Trusted Zone: glumbert.com\www
Trusted Zone: go.com
Trusted Zone: go.com\register
Trusted Zone: google.com
Trusted Zone: grandpointehomes.com\www
Trusted Zone: hairyballsack.com
Trusted Zone: hallmark.com\www
Trusted Zone: harperride.net
Trusted Zone: healthyplace.com
Trusted Zone: hollywoodmoviemoney.com
Trusted Zone: hollywoodmoviemoney.info
Trusted Zone: honeywell.com\www
Trusted Zone: ibikesports.com\www
Trusted Zone: ilsos.gov\www
Trusted Zone: intouchtours.com
Trusted Zone: issuu.com
Trusted Zone: jalexanders.com\www
Trusted Zone: jibjab.com\www
Trusted Zone: juliasweeney.com\www
Trusted Zone: k12.az.us\www.flowingwells
Trusted Zone: kennywayneshepherd.net\www
Trusted Zone: kimballhillhomes.com\www
Trusted Zone: kirbyhouse.com\www
Trusted Zone: kirkhomes.com\www
Trusted Zone: kraftbrands.com\www
Trusted Zone: lennar.com\www
Trusted Zone: levi.com
Trusted Zone: levileipheimer.com\www
Trusted Zone: levileipheimer.net\www
Trusted Zone: lgadvantage.com\www
Trusted Zone: libertyautocity.com\www
Trusted Zone: live365.com\www
Trusted Zone: liveleak.com\www
Trusted Zone: lookcycle.com\www
Trusted Zone: lowes.com\www
Trusted Zone: match.com\www
Trusted Zone: maurymuehleisen.com\www
Trusted Zone: mavic.com\www
Trusted Zone: mccdistrict.org\www
Trusted Zone: memoriter.net
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: minka.com\www
Trusted Zone: moniqueryan.com\www
Trusted Zone: motherjones.com\www
Trusted Zone: msn.com
Trusted Zone: msn.com\video
Trusted Zone: mtv.com\www
Trusted Zone: museum.tv\www
Trusted Zone: mycambridgehome.com
Trusted Zone: nationalgeographic.com
Trusted Zone: neumannhomes.com\www
Trusted Zone: newtonsrevenge.com\www
Trusted Zone: nickcolionne.com\www
Trusted Zone: nyandcompany.com\www
Trusted Zone: olntv.com\www
Trusted Zone: oncuebilliards.net\www
Trusted Zone: onlinebikecoach.com\www
Trusted Zone: ontheborder.com\www
Trusted Zone: panerabread.com\www
Trusted Zone: pbs.org\www
Trusted Zone: peakbar.com\www
Trusted Zone: philipsusa.com
Trusted Zone: philipsusa.com\www
Trusted Zone: polar.fi
Trusted Zone: prowheelbuilder.com\www
Trusted Zone: pulsebeatmarketing.com\www
Trusted Zone: realrides.tv\www
Trusted Zone: remington-homes.com\www
Trusted Zone: risingconcepts.com\www
Trusted Zone: rudyproject.com\www
Trusted Zone: rudyprojectusa.com\www
Trusted Zone: scottusa.com\www
Trusted Zone: sexinfo101.com\www
Trusted Zone: specialized.com
Trusted Zone: specialized.com\www
Trusted Zone: sram.com\www
Trusted Zone: stcharlessinglesclub.com\www
Trusted Zone: stephaniedoherty.com
Trusted Zone: stupidvideos.com\www
Trusted Zone: sunshinefoam.com
Trusted Zone: suunto.com\www
Trusted Zone: tacobell.com\www
Trusted Zone: teamiccc.org\www
Trusted Zone: thebikeshopge.com\www
Trusted Zone: thechicagotheatre.com\www
Trusted Zone: thedailyshow.com\www
Trusted Zone: topica.com\lists
Trusted Zone: townandcountryhomes.com\www
Trusted Zone: trainright.com\www
Trusted Zone: trekbikes.com
Trusted Zone: tvland.com\www
Trusted Zone: usacycling.org\www
Trusted Zone: veloist.com\www
Trusted Zone: verizonwireless.com
Trusted Zone: versus.com\www
Trusted Zone: videojug.com\www
Trusted Zone: visualtour.com\www
Trusted Zone: vittoria.com\www
Trusted Zone: warpradio.com\www
Trusted Zone: wavespub.com\www
Trusted Zone: wdrv.com\www
Trusted Zone: weather.com\www
Trusted Zone: westpointgardens.com\www
Trusted Zone: williamryanhomes.com\www
Trusted Zone: willowcreek.org\www
Trusted Zone: willyoumaketheleap.com
Trusted Zone: windowsmedia.com
Trusted Zone: wkbw.com\www
Trusted Zone: wrmn1410.com\www
Trusted Zone: yahoo.com
Trusted Zone: ymca.org\www
Trusted Zone: youtube.com
Trusted Zone: youtube.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: IPC Configuration Utility - No File
STS: Windows Installer Class: {020487cc-fc04-4b1e-863f-d9801796230b} - c:\docume~1\jimlew~1\locals~1\temp\wndutl32.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-11-13 317128]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\Navapsvc.exe [2002-11-14 116336]
R2 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\SAVRTPEL.SYS [2004-1-13 35552]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20071024.017\NAVENG.Sys [2007-10-24 81232]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20071024.017\NavEx15.Sys [2007-10-24 865904]
R3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [2006-2-16 90229]
R3 SAVRT;SAVRT;c:\windows\system32\drivers\SAVRT.SYS [2004-1-13 235744]
S2 CINEMSUP;Software Cinemaster NT4.0 Driver;c:\windows\system32\drivers\cinemsup.sys --> c:\windows\system32\drivers\CINEMSUP.SYS [?]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2001-8-13 54408]
S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-1-13 99352]

=============== Created Last 30 ================

2009-02-16 17:53 132,096 a------- c:\windows\iqejecaz.dll
2009-02-16 17:40 262,144 a------- c:\windows\system32\default_user_class.dat
2009-02-16 17:39 109 a--sh--- c:\windows\system32\2620306563.dat
2009-02-16 17:39 41,984 ---shr-- c:\windows\system32\actxprxyx.exe
2009-02-16 17:39 39,936 a------- c:\windows\Qkajeduvaka.dll
2009-02-16 17:39 235,520 a------- c:\windows\odb.exe
2009-02-16 17:39 <DIR> --dsh--- c:\windows\system32\wsnpoem
2009-01-28 21:27 51,822,592 a------- C:\UPDATE_BDPBX1_VER015.EXE
2009-01-26 12:31 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-22 23:13 45,056 a------- c:\windows\system32\wnaspi32.dll
2009-01-22 23:13 25,244 a------- c:\windows\system32\drivers\aspi32.sys
2009-01-22 23:13 5,600 a------- c:\windows\system\winaspi.dll
2009-01-22 23:13 4,672 a------- c:\windows\system\wowpost.exe
2009-01-22 23:13 25,600 a------- c:\windows\system32\Cbndll.dll
2009-01-22 23:13 <DIR> --d----- c:\windows\Twain
2009-01-22 23:08 96,768 a------- c:\windows\SlantAdj.dll
2009-01-22 23:08 73,216 a------- c:\windows\ADE.DLL
2009-01-22 23:08 3,136 a------- c:\windows\Ade001.bin
2009-01-22 23:08 1,571 a------- c:\windows\Faxcpp1.ini
2009-01-22 23:08 422 a------- c:\windows\Faxcpp.ini
2009-01-22 23:08 72 a------- c:\windows\system32\epDPE.ini
2009-01-22 23:07 86,016 a------- c:\windows\system32\Epfb5cpl.dll
2009-01-22 23:07 47,104 a------- c:\windows\system32\escimgn.dll
2009-01-22 23:07 35,840 a------- c:\windows\system32\escwian.dll
2009-01-22 23:07 33,280 a------- c:\windows\system32\esccm.dll
2009-01-22 23:07 32,256 a------- c:\windows\system32\escwiab.dll
2009-01-22 23:07 27,648 a------- c:\windows\system32\escimg.dll
2009-01-22 23:07 24,064 a------- c:\windows\system32\esccmn.dll
2009-01-22 23:07 53,248 a------- c:\windows\system32\ESICM.dll
2009-01-22 23:07 180,224 a------- c:\windows\system32\ESDTR.dll
2009-01-22 23:07 77,824 a------- c:\windows\system32\Esintpl.dll
2009-01-22 23:07 65,536 a------- c:\windows\system32\EPCOMDD.DLL
2009-01-22 23:07 <DIR> --d----- C:\EPSON
2009-01-20 20:55 134,277 a------- C:\pt012009.csv

==================== Find3M ====================

2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 03:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 03:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 23:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-03-30 08:14 382 a------- c:\documents and settings\jim lewandowski\pingatt.bat
2006-02-22 12:14 25,544 a------- c:\docume~1\jimlew~1\applic~1\GDIPFONTCACHEV1.DAT
2004-11-17 08:42 81,408 ---shr-- c:\docume~1\jimlew~1\applic~1\ndcr.exe
2001-04-05 09:46 5,226,496 a------- c:\program files\Epson Registration.exe
2005-11-27 00:55 32 a--sh--- c:\windows\{6CDC600D-F4F2-4C25-9430-545EC3F22CD4}.dat
2003-10-24 09:28 32 a--sh--- c:\windows\system32\{F5065653-7E8B-42D9-9A5E-D81A5ECB24A8}.dat
2008-07-20 19:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072020080721\index.dat

============= FINISH: 18:05:11.54 ===============

Edited by epg, 16 February 2009 - 07:23 PM.


BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 28 February 2009 - 05:43 AM

Hello epq,

I apologise for the delay, the forum is extremely busy.
Unfortunately there are a lot of people waiting for help, and we are doing our best.
----------------------------------------------
I will be assisting you with your malware issues.
  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
  • If you fail to reply in 5 days period from now, this thread will close, and you will have to open another topic, and wait for another helper.
----------------------------------------------
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 05 March 2009 - 02:26 PM

Due to the lack of feedback, this Topic is now closed and will not be reopened.
If you still need help, begin a new topic.

Applies only to the original poster, anyone else with similar problems please start a new topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users