Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Firefox Targeting Competing VPN Sites With ProtonVPN Offer in New Test

Featured Deal: Get 95% Off the Certified Information Systems Security Professional Training Course

Infected with Trojan.DNSChanger and possibly others

Started by Toomin22 , May 25 2009 12:12 AM

This topic is locked

2 replies to this topic

#1 Toomin22

Members
1 posts
OFFLINE

Local time:04:30 PM

Posted 25 May 2009 - 12:12 AM

Recently I've been having some issues with some programs on my computer, namely SuperAntiSpyware and Norton Internet Security. Last week, SAS began to give me an AppCrash error every time I tried to start it up, so I uninstalled it and attempted to reinstall, but the installation program crashed every time I ran it. Also, NIS scans hang at 0% and refuse to scan any files, or even close when I attempt to close it. Therefore, I uninstalled NIS as well, and installed Trend Micro (my school gives us free licenses) Internet Security 2008 instead. However, the TrendMicro scan also seemed to hang when it was attempting to scan the "Recovery" Partition on my Dell laptop (Drive D), spending 20+ hours before I tried to end the scan (which also refused to close). I ran Malwarebytes' Anti-Malware, which only found one file infected,

"C:\Windows\System32\gxvxccounter (Trojan.DNSchanger)"

I choose to remove it, and then restart my computer, however, it reappears every time I restart my computer. I've tried a variety of online scans, some hang or freeze, or even give me a BSOD while running. Also, I have been getting occasional BSODs while running Windows Vista in regular mode, so I have begun using Safe Mode more. So, I'm now coming to you guys for help...

Please keep in mind that these posted logs are from running in SAFE MODE /w NETWORKING, since my regular OS seems unstable. Let me know if I need to change this or re-generate logs.

Also, I noticed in this log that my system thinks SAS is still installed, even though it is not. Would this be causing some of the problems, and if so, how can I fix this?

DDS (Ver_09-05-14.01) - NTFSx86 NETWORK
Run by Nick at 23:54:19.27 on Sun 05/24/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2045.1245 [GMT -5:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nick\Desktop\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070829
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070829
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\damnmal.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: fakku.net
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\nick\appdata\roaming\mozilla\firefox\profiles\c7g6153t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070829
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-2-15 141840]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2008-11-30 206608]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-5-24 28544]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-17 73728]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-2-15 52624]
S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-15 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-2-15 234512]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-28 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2007-10-10 235648]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2007-8-29 7424]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2008-11-30 206608]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2009-5-24 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-5-24 648456]
S4 dlbf_device;dlbf_device;c:\windows\system32\dlbfcoms.exe -service --> c:\windows\system32\dlbfcoms.exe -service [?]
S4 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2008-11-30 582992]

=============== Created Last 30 ================

2009-05-24 23:54 61,440 a------- c:\windows\system32\drivers\jdvtp.sys
2009-05-24 17:23 <DIR> --d----- c:\program files\ESET
2009-05-24 15:21 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-05-24 15:20 <DIR> --d----- c:\program files\Panda Security
2009-05-24 00:36 <DIR> --d----- c:\windows\system32\log
2009-05-24 00:28 <DIR> --d----- c:\programdata\Trend Micro
2009-05-24 00:28 <DIR> --d----- c:\progra~2\Trend Micro
2009-05-21 20:51 <DIR> --d----- c:\program files\Sol Edit
2009-05-18 21:29 <DIR> --d----- c:\windows\pss
2009-05-18 18:47 <DIR> --d----- c:\program files\Microsoft WSE
2009-05-18 16:13 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-05-18 16:13 <DIR> --d----- c:\program files\MSECACHE
2009-05-18 16:05 <DIR> --d----- c:\programdata\PCSettings
2009-05-18 16:05 <DIR> --d----- c:\progra~2\PCSettings
2009-05-18 16:05 <DIR> --d----- c:\programdata\Norton
2009-05-18 16:05 <DIR> --d----- c:\progra~2\Norton
2009-05-18 16:04 <DIR> --d----- c:\programdata\NortonInstaller
2009-05-18 16:04 <DIR> --d----- c:\progra~2\NortonInstaller
2009-05-18 15:53 <DIR> --d----- c:\program files\Autorun Eater
2009-05-18 14:50 <DIR> --d----- c:\users\nick\appdata\roaming\Malwarebytes
2009-05-18 14:00 <DIR> --d----- c:\programdata\SecTaskMan
2009-05-18 14:00 <DIR> --d----- c:\progra~2\SecTaskMan
2009-05-18 14:00 <DIR> --d----- c:\program files\Security Task Manager
2009-05-18 13:49 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-05-18 13:49 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-18 13:49 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-05-18 13:31 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-18 13:31 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-18 13:31 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-18 13:31 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-18 13:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-18 12:46 318,976 a------- c:\windows\system32\CF10837.exe
2009-05-18 12:46 <DIR> --d----- C:\ComboFix
2009-05-18 12:22 0 a---h--- C:\ntuser.dat.LOG2
2009-05-18 12:22 0 a---h--- C:\ntuser.dat.LOG1
2009-05-18 12:22 0 a------- C:\ntuser.dat
2009-05-18 12:08 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-05-18 12:08 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-18 12:08 <DIR> --d----- c:\program files\common files\PC Tools
2009-05-18 12:08 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-05-18 12:08 <DIR> --d----- c:\users\nick\appdata\roaming\PC Tools
2009-05-18 12:08 <DIR> --d----- c:\programdata\PC Tools
2009-05-18 12:08 <DIR> --d----- c:\program files\Spyware Doctor
2009-05-18 12:08 <DIR> --d----- c:\progra~2\PC Tools
2009-05-10 22:32 <DIR> --d----- c:\windows\system32\xlive
2009-05-01 00:08 1,505,824 a------- c:\windows\system32\nvcpluir.dll
2009-05-01 00:08 1,194,528 a------- c:\windows\system32\nvcplui.exe
2009-05-01 00:08 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-05-01 00:08 1,358,368 a------- c:\windows\system32\nvsvsr.dll
2009-05-01 00:08 1,292,832 a------- c:\windows\system32\nvsvs.dll
2009-04-30 22:02 10,366,976 a------- c:\windows\system32\nvoglv32.dll
2009-04-30 22:02 9,850,016 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-04-30 22:02 3,128,320 a------- c:\windows\system32\nvwgf2um.dll
2009-04-30 22:02 1,704,960 a------- c:\windows\system32\nvcuda.dll
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 663,552 a------- c:\windows\system32\nvcuvid.dll
2009-04-30 22:02 457,248 a------- c:\windows\system32\nvudisp.exe
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod146.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod.dll
2009-04-30 22:02 9,880 a------- c:\windows\system32\nvdisp.nvu
2009-04-30 22:02 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-04-27 00:17 <DIR> --d----- c:\users\nick\appdata\roaming\Atari

==================== Find3M ====================

2009-05-24 23:54 172 a------- c:\program files\mfgko.txt
2009-05-24 16:52 56,096 a------- c:\programdata\nvModes.dat
2009-05-24 16:52 56,096 a------- c:\progra~2\nvModes.dat
2009-05-24 11:38 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-05-24 00:29 51,200 a------- c:\windows\inf\infpub.dat
2009-05-24 00:29 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-24 00:29 86,016 a------- c:\windows\inf\infstor.dat
2009-04-30 22:02 7,593,472 a------- c:\windows\system32\nvd3dum.dll
2009-04-30 22:02 983,552 a------- c:\windows\system32\nvapi.dll
2009-04-26 09:32 457,248 a------- c:\windows\system32\nvuninst.exe
2009-04-02 16:00 52,752 a------- c:\windows\system32\drivers\tmactmon.sys
2009-04-02 16:00 52,624 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-03-22 17:03 78,146 a------- c:\windows\War3Unin.dat
2009-03-16 22:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 22:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 22:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 06:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 06:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 06:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 06:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 06:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 06:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 06:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 06:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 06:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 06:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 06:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 06:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 06:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 06:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 06:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 06:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 06:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 06:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-02 23:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 23:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 23:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-02 23:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-02 23:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 23:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-02 23:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-02 23:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 22:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 21:38 17,408 a------- c:\windows\system32\iashost.exe
2008-08-29 01:02 0 a------- c:\users\nick\jagex_runescape_preferences.dat
2008-06-16 03:30 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-02 21:03 48,104 a------- c:\users\nick\appdata\roaming\nvModes.dat
2008-05-24 01:38 174 a--sh--- c:\program files\desktop.ini
2007-11-26 10:21 32 a------- c:\programdata\ezsid.dat
2007-11-26 10:21 32 a------- c:\progra~2\ezsid.dat
2007-09-16 00:59 22,328 a------- c:\users\nick\appdata\roaming\PnkBstrK.sys
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-08-28 20:56 76 a--shr-- c:\windows\CT4CET.bin
2007-09-02 03:20 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-09-02 03:20 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-09-02 03:20 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-08-29 04:24 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:55:53.02 ===============

Attached Files

Attach.txt 22.61KB 0 downloads

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Net_Surfer

Banned
2,154 posts
OFFLINE

Gender:Male
Local time:02:30 PM

Posted 07 June 2009 - 02:36 PM

Hello and to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Kind regards
Net_Surfer

Back to top

#3 Orange Blossom

OBleepin Investigator

Moderator
37,012 posts
OFFLINE

Gender:Not Telling
Location:Bloomington, IN
Local time:05:30 PM

Posted 15 June 2009 - 07:06 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :thumbup2: