Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

laptop infected


  • This topic is locked This topic is locked
2 replies to this topic

#1 kjohn

kjohn

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 18 June 2009 - 10:58 PM

Here is my dds file with attachment:
DDS (Ver_09-05-14.01) - NTFSx86
Run by pwj at 0:51:00.74 on Thu 06/18/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.70 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\DOCUME~1\pwj\LOCALS~1\Temp\b.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\BacsTray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Verizon\Verizon Internet Security Suite\RPS.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe
C:\Program Files\Trend Micro\HijackThis\something.exe
C:\Documents and Settings\pwj\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\verizon\verizon internet security suite\pkR.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Cognac] c:\docume~1\pwj\locals~1\temp\b.exe
uRunOnce: [IndexCleaner] "c:\program files\verizon\verizon internet security suite\IdxClnR.exe"
mRun: [bascstray] BascsTray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [bacstray] BacsTray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRunOnce: [IndexCleaner] "c:\program files\verizon\verizon internet security suite\IdxClnR.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\microsoft office\office\1033\OLFSNT40.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244350855385
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.208,85.255.112.79
TCP: {084BBF9E-4CB6-42BC-8EB7-0C002F97F380} = 85.255.112.208,85.255.112.79
TCP: {23E44C0C-9F98-4102-A01F-810F721FB6E8} = 85.255.112.208,85.255.112.79
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pwj\applic~1\mozilla\firefox\profiles\qbdqol62.default\
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-6-17 179984]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-22 693512]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2009-6-7 92550]
R3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-22 910600]
R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\verizon internet security suite\RpsSecurityAwareR.exe [2009-4-22 170736]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectDriver.sys [2008-11-14 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectFilter.sys [2008-11-14 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectShim.sys [2008-11-14 27376]
S2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\verizon\verizon internet security suite\safeconnect\bin\SanaAgent.exe [2008-11-14 4937752]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\91.tmp --> c:\windows\system32\91.tmp [?]

=============== Created Last 30 ================

2009-06-17 23:41 <DIR> --d----- c:\program files\Sophos
2009-06-17 23:20 <DIR> --d----- c:\program files\Trend Micro
2009-06-17 22:37 <DIR> --d----- c:\windows\system32\appmgmt
2009-06-17 22:30 363,808 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-06-17 22:30 7,200 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-06-17 22:30 1,340 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-06-17 22:30 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-17 22:22 <DIR> --d----- c:\docume~1\pwj\applic~1\McAfee
2009-06-17 22:19 40 a------- c:\windows\system32\????????????????????4???????????????????????
2009-06-17 22:15 53,192 a------- c:\windows\system32\drivers\rp_skt32.sys
2009-06-17 22:15 48,384 a------- c:\windows\system32\drivers\rp_pkt32.sys
2009-06-17 22:14 71,184 a------- c:\windows\system32\drivers\DefragFS.sys
2009-06-17 22:14 <DIR> --d----- c:\program files\Raxco
2009-06-17 22:06 <DIR> --d----- c:\program files\Verizon
2009-06-17 22:01 <DIR> --d----- c:\docume~1\pwj\applic~1\Verizon
2009-06-17 21:58 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 21:58 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-17 21:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 21:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-17 21:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Verizon
2009-06-17 12:37 122,372 a------- c:\windows\msa.exe
2009-06-17 12:36 206,852 a------- c:\windows\system32\msxml71.dll
2009-06-17 02:08 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-06-17 02:07 <DIR> --d----- c:\documents and settings\pwj\.housecall6.6
2009-06-17 01:54 5,760 -------- c:\windows\system32\3.tmp
2009-06-17 00:58 5,760 -------- c:\windows\system32\36.tmp
2009-06-14 22:49 <DIR> --d----- c:\program files\Acro Software
2009-06-14 22:22 <DIR> --d----- c:\docume~1\pwj\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-06-14 21:08 <DIR> --d----- c:\program files\Microsoft Games
2009-06-14 21:03 61,440 a------- c:\windows\system32\Vista.Emulation.dll
2009-06-14 20:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-06-14 16:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-14 16:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-13 20:11 <DIR> --d----- c:\windows\system32\LogFiles
2009-06-13 14:37 <DIR> --d----- c:\windows\ie8updates
2009-06-13 14:26 376 a------- c:\windows\ODBC.INI
2009-06-13 14:26 63 a------- c:\windows\mdm.ini
2009-06-13 14:25 0 a------- c:\windows\NSREX.INI
2009-06-13 14:17 <DIR> --d----- c:\windows\system32\Viewers
2009-06-13 14:14 <DIR> --d----- c:\windows\ShellNew
2009-06-13 14:13 <DIR> --d----- c:\program files\Snapshot Viewer
2009-06-13 14:11 <DIR> --d----- c:\windows\Twain32
2009-06-13 14:03 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-13 14:03 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-13 14:03 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-13 14:02 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-07 23:57 260 a------- c:\windows\XWORDS2.INI
2009-06-07 23:57 17,424 a------- c:\windows\system32\FH_BMP.DLL
2009-06-07 23:56 <DIR> --d----- C:\GSP
2009-06-07 23:54 48 a------- c:\windows\cgminivw.ini
2009-06-07 23:54 34 a------- c:\windows\Tiny_Run.ini
2009-06-07 23:36 <DIR> --d----- c:\windows\High Achiever
2009-06-07 23:36 <DIR> --d----- c:\program files\High Achiever
2009-06-07 22:59 <DIR> --d----- C:\download
2009-06-07 15:18 <DIR> --d----- c:\windows\system32\scripting
2009-06-07 15:18 <DIR> --d----- c:\windows\l2schemas
2009-06-07 15:18 <DIR> --d----- c:\windows\system32\en
2009-06-07 15:06 <DIR> --d----- c:\windows\network diagnostic
2009-06-07 14:17 <DIR> --d----- c:\windows\system32\Dell
2009-06-07 12:33 <DIR> --d----- c:\program files\ATI Technologies
2009-06-07 12:29 <DIR> --d----- c:\program files\Broadcom Advanced Control Suite
2009-06-07 12:28 192,334 a------- c:\windows\system32\setup.inx
2009-06-07 12:21 <DIR> --dsh--- c:\documents and settings\pwj\PrivacIE
2009-06-07 12:20 <DIR> --dsh--- c:\documents and settings\pwj\IETldCache
2009-06-07 12:07 <DIR> -cd-h--- c:\windows\ie8
2009-06-07 03:32 144,384 -------- c:\windows\system32\onex.dll
2009-06-07 03:31 102,912 -c------ c:\windows\system32\dllcache\dpcdll.dll
2009-06-07 03:30 136,192 -------- c:\windows\system32\aaclient.dll
2009-06-07 03:09 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-07 03:09 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-07 03:09 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-07 03:09 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-07 03:09 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-06-07 03:09 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-07 03:08 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-06-07 03:08 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-07 03:08 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-06-07 03:07 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-07 03:07 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-07 03:07 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-07 01:55 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-07 01:55 <DIR> --d-h--- c:\windows\$hf_mig$
2009-06-07 01:50 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-06-07 01:49 <DIR> --ds---- c:\windows\system32\Microsoft
2009-06-07 01:38 316,640 a------- c:\windows\WMSysPr9.prx
2009-06-07 01:37 <DIR> --d----- c:\windows\peernet
2009-06-07 01:37 <DIR> --d----- c:\windows\provisioning
2009-06-07 01:33 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-07 01:25 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-06-07 01:22 <DIR> --d----- c:\windows\EHome
2009-06-07 01:14 11,264 -------- c:\windows\system32\spnpinst.exe
2009-06-07 01:14 7,208 -------- c:\windows\system32\secupd.sig
2009-06-07 01:14 4,569 -------- c:\windows\system32\secupd.dat
2009-06-07 01:03 <DIR> --d----- c:\windows\system32\bits
2009-06-07 01:02 438,784 a------- c:\windows\system32\xpob2res.dll
2009-06-07 01:02 354,304 a------- c:\windows\system32\winhttp.dll
2009-06-07 01:02 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-06-07 01:02 8,192 -------- c:\windows\system32\bitsprx2.dll
2009-06-07 01:02 7,168 -------- c:\windows\system32\bitsprx3.dll
2009-06-07 01:01 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-06-07 01:01 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-06-07 01:01 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-06-07 01:01 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-06-07 01:01 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-06-07 01:00 <DIR> --dsh--- c:\documents and settings\pwj\UserData
2009-06-07 00:58 5 a------- c:\windows\system32\drivers\DELL_LAT_D600.MRK
2009-06-07 00:58 5 a------- c:\windows\system32\drivers\1028_DELL_LAT_D600.MRK
2009-06-07 00:58 666 a------- c:\windows\speed.reg
2009-06-07 00:58 172,032 a------- c:\windows\system32\NicConfigSvc.cpl
2009-06-07 00:58 61,440 a------- c:\windows\system32\KPower.dll
2009-06-07 00:58 16,128 a------- c:\windows\system32\drivers\APPDRV.SYS
2009-06-07 00:57 40,960 a------- c:\windows\system32\ct32.dll
2009-06-07 00:57 34,329 -----r-- c:\windows\O2Remove.EXE
2009-06-07 00:57 92,550 a------- c:\windows\system32\drivers\ozscr.sys
2009-06-07 00:57 7,866 a------- c:\windows\system32\drivers\ozscr.cat
2009-06-07 00:57 2,056 a------- c:\windows\system32\drivers\ozscr.inf
2009-06-07 00:57 120,192 a------- c:\windows\system32\drivers\pcmcia.sys
2009-06-07 00:57 8,185 a------- c:\windows\system32\drivers\o2mwxp.cat
2009-06-07 00:57 3,714 a------- c:\windows\system32\drivers\o2mwxp.inf
2009-06-07 00:56 143,872 a------- c:\windows\system32\drivers\usbport.sys
2009-06-07 00:56 59,520 a------- c:\windows\system32\drivers\usbhub.sys
2009-06-07 00:56 20,608 a------- c:\windows\system32\drivers\usbuhci.sys
2009-06-07 00:56 96,512 a------- c:\windows\system32\drivers\atapi.sys
2009-06-07 00:56 24,960 a------- c:\windows\system32\drivers\pciidex.sys
2009-06-07 00:56 3,328 a------- c:\windows\system32\drivers\pciide.sys
2009-06-07 00:56 37,248 a------- c:\windows\system32\drivers\isapnp.sys
2009-06-07 00:56 68,224 a------- c:\windows\system32\drivers\pci.sys
2009-06-07 00:56 42,368 a------- c:\windows\system32\drivers\agp440.sys
2009-06-07 00:55 113,847 a----r-- c:\windows\system32\drivers\Apfiltr.sys
2009-06-07 00:55 95,511 a----r-- c:\windows\system32\Vxdif.dll
2009-06-07 00:55 52,480 a------- c:\windows\system32\drivers\i8042prt.sys
2009-06-07 00:55 23,040 a------- c:\windows\system32\drivers\mouclass.sys
2009-06-07 00:55 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-06-07 00:55 <DIR> --d----- c:\program files\Apoint
2009-06-07 00:54 <DIR> --d----- c:\program files\CONEXANT
2009-06-07 00:54 1,033,728 a------- c:\windows\system32\drivers\HSF_DPV.SYS
2009-06-07 00:54 705,408 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-06-07 00:54 208,384 a------- c:\windows\system32\drivers\HSFHWICH.sys
2009-06-07 00:54 129,405 a------- c:\windows\system32\drivers\del1028.cty
2009-06-07 00:54 86,016 a------- c:\windows\system32\mdmxsdk.dll
2009-06-07 00:54 42,858 a------- c:\windows\system32\hsfci014.dll
2009-06-07 00:54 13,059 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-06-07 00:53 <DIR> --d----- c:\program files\SigmaTel
2009-06-07 00:52 <DIR> --d----- c:\program files\Digital Line Detect
2009-06-07 00:52 <DIR> --d----- c:\program files\Modem Helper
2009-06-07 00:50 24,576 a------- c:\windows\system32\xpsp1hfm.exe
2009-06-07 00:50 <DIR> -cd-h--- c:\windows\$xpsp1hfm$
2009-06-07 00:50 53,248 a------- c:\windows\system32\DellSys.dll
2009-06-07 00:50 17,217 a------- c:\windows\system32\drivers\omci.sys
2009-06-07 00:50 <DIR> --d----- c:\program files\Dell
2009-06-07 00:43 156,160 ac------ c:\windows\system32\dllcache\b57xp32.sys
2009-06-07 00:43 156,160 a------- c:\windows\system32\drivers\b57xp32.sys
2009-06-07 00:43 <DIR> --d----- c:\program files\Broadcom
2009-06-07 00:42 <DIR> --d----- C:\dell
2009-06-07 00:09 <DIR> --dsh--- c:\windows\Installer
2009-06-07 00:09 <DIR> --d----- c:\documents and settings\pwj
2009-06-07 00:06 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-07 00:04 77,824 ac------ c:\windows\system32\dllcache\quick.ime
2009-06-07 00:03 13,463,552 ac------ c:\windows\system32\dllcache\hwxjpn.dll
2009-06-07 00:02 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-06-07 00:00 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-06-07 00:00 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-06-07 00:00 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-06-07 00:00 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-06-07 00:00 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-06-07 00:00 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-06-07 00:00 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-06-07 00:00 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-06-07 00:00 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-06-07 00:00 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-06-07 00:00 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-06-06 23:58 <DIR> --d----- c:\program files\common files\MSSoap
2009-06-06 23:57 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-06-06 23:57 <DIR> --d----- c:\program files\Online Services
2009-06-06 23:57 <DIR> --d----- c:\program files\Messenger
2009-06-06 23:57 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-06-06 23:56 <DIR> --d----- c:\program files\Windows NT
2009-06-06 19:47 <DIR> --d----- c:\program files\common files\ODBC
2009-06-06 19:47 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-06-06 19:47 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-06-13 15:49 5,058 a------- c:\windows\help\hhcolreg.dat
2009-06-07 15:25 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-06 23:58 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-13 22:10 524,288 a------- c:\windows\opuc.dll
1998-12-08 22:53 186,368 a------- c:\program files\common files\IRAREG.DLL
1998-12-08 22:53 99,840 a------- c:\program files\common files\IRAABOUT.DLL
1998-12-08 22:53 70,144 a------- c:\program files\common files\IRAMDMTR.DLL
1998-12-08 22:53 48,640 a------- c:\program files\common files\IRALPTTR.DLL
1998-12-08 22:53 31,744 a------- c:\program files\common files\IRAWEBTR.DLL
1998-12-08 22:53 17,920 a------- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 0:52:32.08 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:09 AM

Posted 23 June 2009 - 05:49 PM

Hello kjohn,

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:09 AM

Posted 03 July 2009 - 10:02 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users