Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer has no internet except in safe mode.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Kevin10

Kevin10

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 18 August 2009 - 10:10 AM

I am working on my (wifes) friends' computer and she believes she has a virus. She clicked on a picture from her sister and that is when things started to go wrong. Internet explorer 6 opens up a blank window but nothing displays. I downloaded firefox in safe mode and running it it shows in the Task List but no window appears. I have manually deleted a few files that I have Googled and determined to be viruses or worms. I have internet access on both FF and IE in safe mode. The attached scans were run in normal mode but uploaded here from another computer. The computer does not and probably has never had any malware protection and the recovery disks are missing or I'd start over from scratch.



DDS (Ver_09-07-30.01) - NTFSx86

Run by Tiffany at 10:09:54.05 on Tue 08/18/2009

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.267 [GMT -4:00]



AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}



============== Running Processes ===============



C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\VTech\Whiz Kid\System\WhizKidTray.exe

c:\program files\mcafee.com\shared\mghtml.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

svchost.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Tiffany\My Documents\My Downloads\dds.scr



============== Pseudo HJT Report ===============



uStart Page = hxxp://hometab.bellsouth.net/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://www.dell.com

mDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\2.bin\MWSSRCAS.DLL

BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\2.bin\MWSSRCAS.DLL

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: McBrwHelper Class: {227b8aa8-daf2-4892-bd1d-73f568bcb24e} - c:\progra~1\mcafee.com\mps\mcbrhlpr.dll

BHO: McAfee Privacy Service Popup Blocker: {3ec8255f-e043-4cae-8b3b-b191550c2a22} - c:\program files\mcafee.com\mps\popupkiller.dll

BHO: McAfee AntiPhishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll

TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [71900Tray] c:\program files\vtech\whiz kid\system\WhizKidTray.exe

mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe

mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe

mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe

mRun: [MPSExe] c:\progra~1\mcafee.com\mps\mscifapp.exe /embedding

mRun: [MPFEXE] c:\progra~1\mcafee.com\person~1\MpfTray.exe

mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe

mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [eligmini] c:\program files\fisher-price\easy-link internet launch pad\Easy-Link internet launch pad.exe 0

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

LSP: c:\windows\system32\mclsp.dll

Trusted Zone: musicmatch.com\online

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab

DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {A7A216EB-4F7C-11D5-8438-0000B456BA3D} - hxxp://www.sbac.edu/~cics/matn3270.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5712/mcfscan.cab

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL



================= FIREFOX ===================



FF - ProfilePath - c:\docume~1\tiffany\applic~1\mozilla\firefox\profiles\vyik37kg.default\

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll



---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");



============= SERVICES / DRIVERS ===============



R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-1-15 126976]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-1-15 122368]

S2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-1-15 221184]

S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-1-15 245760]

S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-1-15 114464]



=============== Created Last 30 ================



2009-08-18 09:48 <DIR> --d----- c:\program files\Trend Micro

2009-08-18 09:37 <DIR> --d----- c:\docume~1\tiffany\applic~1\McAfee

2009-08-18 06:19 <DIR> --d----- c:\documents and settings\tiffany\.housecall6.6

2009-08-14 20:23 <DIR> --d----- c:\windows\McAfee.com

2009-08-14 19:15 102,664 a------- c:\windows\system32\drivers\tmcomm.sys

2009-08-14 18:04 28,896 a------- c:\windows\system32\Status.MPF

2009-08-14 18:03 <DIR> --d----- c:\windows\system32\wbem\Repository

2009-08-14 18:02 <DIR> --d----- c:\docume~1\tiffany\applic~1\McAfee.com Personal Firewall

2009-08-14 18:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com Personal Firewall

2009-08-14 17:09 5,078 a------- c:\windows\system32\Config.MPF

2009-08-14 16:47 <DIR> --d----- c:\program files\SiteAdvisor

2009-08-14 16:47 <DIR> --d----- c:\docume~1\tiffany\applic~1\SiteAdvisor

2009-08-14 16:43 <DIR> --d----- c:\program files\common files\McAfee

2009-08-14 16:40 <DIR> --d----- c:\windows\system32\LogFiles

2009-08-14 16:03 <DIR> --d----- C:\44606c5c3e68643ea4fcbf7ffa

2009-08-14 16:03 <DIR> --d----- c:\windows\ServicePackFiles

2009-08-14 15:52 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx

2009-08-14 15:51 655,872 -------- c:\windows\system32\dllcache\mstscax.dll

2009-08-11 14:39 1 a------- c:\windows\4ff345dfbh521

2009-08-11 14:29 2 a------- c:\windows\0101120101465653.fx

2009-08-11 14:29 2 a------- c:\windows\0101120101464950.fx

2009-08-11 08:21 1 a------- c:\windows\ectbbyn.dat

2009-08-11 07:46 2 a------- c:\windows\01011201014650120.fx

2009-08-10 22:09 1 a------- c:\windows\934fdfg34fgjf23

2009-08-10 22:09 2 a------- c:\windows\010112010146120114.fx

2009-08-10 22:09 2 a------- c:\windows\0535251103110107106.xry

2009-08-10 22:09 1 ----h--- c:\windows\mmsmark2.dat

2009-08-10 22:08 2 a------- c:\windows\0101120101464850.fx

2009-08-10 22:08 1 ----h--- c:\windows\th823567.dat

2009-08-10 22:08 2 a------- c:\windows\0101120101465553.fx

2009-08-10 22:08 247 a------- c:\windows\prxid93ps.dat

2009-08-06 20:41 8,704 a------- c:\windows\system32\CNMVS7C.DLL

2009-08-06 20:41 140,288 a------- c:\windows\system32\CNMLM7C.DLL

2009-08-06 20:31 31,616 a------- c:\windows\system32\drivers\usbccgp.sys

2009-08-06 20:31 31,616 a------- c:\windows\system32\dllcache\usbccgp.sys

2009-08-05 05:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll



==================== Find3M ====================



2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-07-30 21:03 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys

2009-07-18 12:00 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll

2009-07-18 12:00 3,069,440 a------- c:\windows\system32\dllcache\mshtml.dll

2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll

2009-07-17 14:55 58,880 -------- c:\windows\system32\dllcache\atl.dll

2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll

2009-07-13 10:08 286,720 -------- c:\windows\system32\dllcache\wmpdxm.dll

2009-07-13 10:08 5,537,792 -------- c:\windows\system32\dllcache\wmp.dll

2009-07-10 09:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll

2009-06-25 14:36 661,504 a------- c:\windows\system32\mqqm.dll

2009-06-22 07:49 117,248 a------- c:\windows\system32\mqtgsvc.exe

2009-06-22 07:49 19,968 a------- c:\windows\system32\mqbkup.exe

2009-06-22 07:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe

2009-06-22 07:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe

2009-06-22 07:49 4,608 a------- c:\windows\system32\mqsvc.exe

2009-06-22 07:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe

2009-06-22 07:48 91,776 a------- c:\windows\system32\drivers\mqac.sys

2009-06-22 07:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys

2009-06-22 07:40 18,432 a------- c:\windows\system32\dllcache\iedw.exe

2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll

2009-06-16 10:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll

2009-06-16 10:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll

2009-06-12 07:50 80,896 a------- c:\windows\system32\tlntsess.exe

2009-06-12 07:50 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe

2009-06-12 07:50 76,288 a------- c:\windows\system32\telnet.exe

2009-06-12 07:50 76,288 -------- c:\windows\system32\dllcache\telnet.exe

2009-06-10 10:21 84,992 a------- c:\windows\system32\avifil32.dll

2009-06-10 10:21 84,992 -------- c:\windows\system32\dllcache\avifil32.dll

2009-06-10 02:32 132,096 a------- c:\windows\system32\wkssvc.dll

2009-06-10 02:32 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll

2009-06-05 03:42 655,872 a------- c:\windows\system32\mstscax.dll

2009-06-03 15:24 1,291,264 a------- c:\windows\system32\quartz.dll

2009-06-03 15:24 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll

2008-03-31 21:04 0 a------- c:\program files\temp01

2008-03-16 19:01 8,136 a------- c:\docume~1\tiffany\applic~1\wklnhst.dat



============= FINISH: 10:10:29.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:09 PM

Posted 30 August 2009 - 11:40 AM

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Before we can continue, please post a fresh DDS logs back here :thumbup2:
Posted Image

#3 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:09 PM

Posted 13 September 2009 - 05:50 AM

This thread will now be closed.
If you need this topic reopened, please contact me.

This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users