Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help, Please.


  • This topic is locked This topic is locked
2 replies to this topic

#1 mickwilton

mickwilton

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 08 July 2009 - 02:33 PM

I am experiencing a few problems with my PC.

Firstly, my Avast won't run on startup, The little blue a isn't in my tray and each time I manually open Avast, the resident scanner is OFF.
On a bootscan, Avast found and deleted a file called Acluiv.exe(?), the HJT auto log check marked this as a suspicious file, but I cant find it anywhere.
Also I have attempted installing NOD32 instead of avast, but I always get a mesage asking me to verify that I have sufficien priveleges to start system services.
I can't access the registry via Regedit, which leads me to believe I either have a virus or some sort of malware infection.
I am at the end of my tether and two steps away from a full format, I was hoping someone here might be able to help me?

Thanks

Mickey


DDS (Ver_09-06-26.01) - NTFSx86
Run by Alanna Wilton at 20:22:52.75 on 08/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.434 [GMT 1:00]

FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Alanna Wilton\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [µTorrent] "c:\program files\utorrent\utorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246903500921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {C2D2D2B7-47BC-4D78-AD24-6E6A0016A0E0} = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alanna~1\applic~1\mozilla\firefox\profiles\at0ngied.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2038145&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2038145&q=
FF - component: c:\documents and settings\alanna wilton\application data\mozilla\firefox\profiles\at0ngied.default\extensions\{35b675b9-7f34-40df-8f49-5fab6b7e4aef}\components\FFAlert.dll
FF - component: c:\documents and settings\alanna wilton\application data\mozilla\firefox\profiles\at0ngied.default\extensions\{afcedbfe-7a6d-44c6-9f1d-664d608aecea}\components\FFAlert.dll
FF - component: c:\documents and settings\alanna wilton\application data\mozilla\firefox\profiles\at0ngied.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\alanna wilton\application data\mozilla\firefox\profiles\at0ngied.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 2
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-7 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-7 20560]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-24 92008]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-7 138680]
S2 LmHostsSwPrv;TCP/IP NetBIOS Helper LmHostsSwPrv;c:\windows\system32\acluiv.exe srv --> c:\windows\system32\acluiv.exe srv [?]
S2 TwonkyMedia;TwonkyMedia;c:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\drivers\a016bus.sys [2008-7-28 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\drivers\a016mdfl.sys [2008-7-28 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\drivers\a016mdm.sys [2008-7-28 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\a016mgmt.sys [2008-7-28 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\drivers\a016obex.sys [2008-7-28 100648]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-7 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-7 352920]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-8-23 10976]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-3-1 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-3-1 8320]
S3 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-6-2 16640]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2009-6-2 16896]

=============== Created Last 30 ================

2009-07-06 21:42 68,608 ac------ c:\windows\system32\dllcache\plugin.ocx
2009-07-06 21:12 <DIR> --d----- c:\program files\Trend Micro
2009-07-06 20:47 <DIR> --d----- c:\program files\ESET
2009-07-06 20:15 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-07-06 20:15 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-06 20:15 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-06 20:15 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-07-06 20:15 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-07-06 20:15 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-07-06 20:15 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-07-06 20:15 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-07-06 20:15 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-06 19:40 <DIR> --d-h--- c:\windows\PIF
2009-07-06 19:33 206,120 a------- c:\windows\system32\BCGCBProResRUS.nls
2009-07-06 19:33 33,576 a------- c:\windows\system32\BCGPOleAcc.dll
2009-07-06 19:33 3,036,456 a------- c:\windows\system32\BCGCBPRO860u80.dll
2009-07-06 19:05 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-07-05 10:56 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-05 10:55 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-05 10:55 17,408 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-07-05 10:55 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-07-05 10:55 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-07-05 10:55 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-07-05 10:55 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-07-05 10:55 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-07-05 10:55 19,328 ac------ c:\windows\system32\dllcache\wstcodec.sys
2009-07-05 10:55 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-07-05 10:55 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-07-05 10:54 8,832 ac------ c:\windows\system32\dllcache\wmiacpi.sys
2009-07-05 10:54 154,624 ac------ c:\windows\system32\dllcache\wlluc48.sys
2009-07-05 10:54 34,890 ac------ c:\windows\system32\dllcache\wlandrv2.sys
2009-07-05 10:54 771,581 ac------ c:\windows\system32\dllcache\winacisa.sys
2009-07-05 10:52 397,502 ac------ c:\windows\system32\dllcache\vpctcom.sys
2009-07-05 10:51 28,160 ac------ c:\windows\system32\dllcache\umaxu40.dll
2009-07-05 10:50 34,375 ac------ c:\windows\system32\dllcache\tpro4.sys
2009-07-05 10:49 7,040 ac------ c:\windows\system32\dllcache\tandqic.sys
2009-07-05 10:48 48,736 ac------ c:\windows\system32\dllcache\srwlnd5.sys
2009-07-05 10:47 35,913 ac------ c:\windows\system32\dllcache\smcirda.sys
2009-07-05 10:46 150,144 ac------ c:\windows\system32\dllcache\sis6306v.dll
2009-07-05 10:45 17,280 ac------ c:\windows\system32\dllcache\scr111.sys
2009-07-05 10:44 82,432 ac------ c:\windows\system32\dllcache\rwia450.dll
2009-07-05 10:43 714,762 ac------ c:\windows\system32\dllcache\r2mdmkxx.sys
2009-07-05 10:42 121,344 ac------ c:\windows\system32\dllcache\phvfwext.dll
2009-07-05 10:41 41,984 ac------ c:\windows\system32\dllcache\ovui2rc.dll
2009-07-05 10:40 123,776 ac------ c:\windows\system32\dllcache\nv3.dll
2009-07-05 10:40 180,360 ac------ c:\windows\system32\dllcache\ntmtlfax.sys
2009-07-05 10:40 2,015,744 ac------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-05 10:40 51,552 ac------ c:\windows\system32\dllcache\ntgrip.sys
2009-07-05 10:40 9,344 ac------ c:\windows\system32\dllcache\ntapm.sys
2009-07-05 10:40 7,552 ac------ c:\windows\system32\dllcache\nsmmc.sys
2009-07-05 10:40 28,672 ac------ c:\windows\system32\dllcache\nscirda.sys
2009-07-05 10:40 87,040 ac------ c:\windows\system32\dllcache\nm6wdm.sys
2009-07-05 10:40 126,080 ac------ c:\windows\system32\dllcache\nm5a2wdm.sys
2009-07-05 10:40 32,840 ac------ c:\windows\system32\dllcache\ngrpci.sys
2009-07-05 10:40 132,695 ac------ c:\windows\system32\dllcache\netwlan5.sys
2009-07-05 10:40 65,278 ac------ c:\windows\system32\dllcache\netflx3.sys
2009-07-05 10:40 39,264 ac------ c:\windows\system32\dllcache\neo20xx.sys
2009-07-05 10:38 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
2009-07-05 10:38 49,024 ac------ c:\windows\system32\dllcache\mstape.sys
2009-07-05 10:38 12,416 ac------ c:\windows\system32\dllcache\msriffwv.sys
2009-07-05 10:38 2,944 ac------ c:\windows\system32\dllcache\msmpu401.sys
2009-07-05 10:38 22,016 ac------ c:\windows\system32\dllcache\msircomm.sys
2009-07-05 10:38 35,200 ac------ c:\windows\system32\dllcache\msgame.sys
2009-07-05 10:38 6,016 ac------ c:\windows\system32\dllcache\msfsio.sys
2009-07-05 10:38 51,328 ac------ c:\windows\system32\dllcache\msdv.sys
2009-07-05 10:37 15,360 ac------ c:\windows\system32\dllcache\mpe.sys
2009-07-05 10:37 6,528 ac------ c:\windows\system32\dllcache\miniqic.sys
2009-07-05 10:37 320,384 ac------ c:\windows\system32\dllcache\mgaum.sys
2009-07-05 10:37 235,648 ac------ c:\windows\system32\dllcache\mgaud.dll
2009-07-05 10:37 26,112 ac------ c:\windows\system32\dllcache\memstpci.sys
2009-07-05 10:37 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-07-05 10:37 8,320 ac------ c:\windows\system32\dllcache\memcard.sys
2009-07-05 10:37 164,586 ac------ c:\windows\system32\dllcache\mdgndis5.sys
2009-07-05 10:37 7,424 ac------ c:\windows\system32\dllcache\mammoth.sys
2009-07-05 10:35 37,376 ac------ c:\windows\system32\dllcache\kousd.dll
2009-07-05 10:35 242,176 ac------ c:\windows\system32\dllcache\kdsusd.dll
2009-07-05 10:35 45,568 ac------ c:\windows\system32\dllcache\kdsui.dll
2009-07-05 10:35 26,624 ac------ c:\windows\system32\dllcache\irstusb.sys
2009-07-05 10:35 18,688 ac------ c:\windows\system32\dllcache\irsir.sys
2009-07-05 10:35 27,136 ac------ c:\windows\system32\dllcache\irmon.dll
2009-07-05 10:35 23,552 ac------ c:\windows\system32\dllcache\irmk7.sys
2009-07-05 10:35 152,576 ac------ c:\windows\system32\dllcache\irftp.exe
2009-07-05 10:35 87,424 ac------ c:\windows\system32\dllcache\irda.sys
2009-07-05 10:35 16,384 ac------ c:\windows\system32\dllcache\ipsink.ax
2009-07-05 10:35 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-07-05 10:35 90,200 ac------ c:\windows\system32\dllcache\io8ports.dll
2009-07-05 10:33 100,936 ac------ c:\windows\system32\dllcache\ibmtok.sys
2009-07-05 10:32 199,711 ac------ c:\windows\system32\dllcache\hsf_faxx.sys
2009-07-05 10:31 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-07-05 10:30 16,074 ac------ c:\windows\system32\dllcache\fa312nd5.sys
2009-07-05 10:29 6,400 ac------ c:\windows\system32\dllcache\enum1394.sys
2009-07-05 10:28 29,696 ac------ c:\windows\system32\dllcache\dm9pci5.sys
2009-07-05 10:27 20,928 ac------ c:\windows\system32\dllcache\defpa.sys
2009-07-05 10:26 20,736 ac------ c:\windows\system32\dllcache\cmbp0wdm.sys
2009-07-05 10:25 13,824 ac------ c:\windows\system32\dllcache\bulltlp3.sys
2009-07-05 10:24 17,279 ac------ c:\windows\system32\dllcache\atv10nt5.dll
2009-07-05 10:23 24,576 ac------ c:\windows\system32\dllcache\agcgauge.ax
2009-07-05 10:22 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-07-05 10:22 2,136,064 ac------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-05 10:17 135,168 a------- c:\windows\system32\igfxres.dll
2009-07-05 10:17 13,646 a------- c:\windows\system32\wpa.bak
2009-07-05 10:12 73,728 ac------ c:\windows\system32\dllcache\ehresja.dll
2009-07-05 10:12 69,632 ac------ c:\windows\system32\dllcache\ehresko.dll
2009-07-05 10:12 69,632 ac------ c:\windows\system32\dllcache\ehresfr.dll
2009-07-05 10:12 69,632 ac------ c:\windows\system32\dllcache\ehresde.dll
2009-07-05 10:10 4,096 ac------ c:\windows\system32\dllcache\rpcref.dll
2009-07-05 10:09 32,256 ac------ c:\windows\system32\dllcache\gzip.dll
2009-07-05 10:06 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-07-05 10:06 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-07-05 10:06 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-07-05 10:06 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-07-05 10:06 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-07-05 10:06 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-07-05 10:05 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-07-05 10:05 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-07-05 09:42 34 a------- c:\windows\system\oeminfo.ini
2009-07-05 09:42 <DIR> --d----- c:\program files\common files\ODBC
2009-07-05 09:28 <DIR> --d----- c:\windows\setup.pss
2009-06-30 19:37 <DIR> --dsh--- c:\documents and settings\alanna wilton\PrivacIE
2009-06-30 19:31 <DIR> --dsh--- c:\documents and settings\alanna wilton\IETldCache
2009-06-30 19:28 <DIR> --d----- c:\windows\ie8updates
2009-06-21 21:39 <DIR> --d----- c:\docume~1\alanna~1\applic~1\JLC's Software
2009-06-21 21:39 <DIR> --d----- c:\program files\JLC's Software

==================== Find3M ====================

2009-07-05 10:57 88,959 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-05 10:01 34,380 ac------ c:\windows\system32\emptyregdb.dat
2009-06-28 09:17 2,516 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-07 16:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-17 10:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-17 10:40 34,308 a------- c:\windows\system32\Chip.dll
2009-04-15 16:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2008-12-14 15:01 87,608 ac------ c:\docume~1\alanna~1\applic~1\inst.exe
2008-12-14 15:01 47,360 ac------ c:\docume~1\alanna~1\applic~1\pcouffin.sys

============= FINISH: 20:23:27.28 ===============

Attached Files


Edited by mickwilton, 08 July 2009 - 02:37 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:13 PM

Posted 17 July 2009 - 12:38 PM

Hello mickwilton,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:13 PM

Posted 24 July 2009 - 08:59 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users