Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help don't know if computer if infected


  • This topic is locked This topic is locked
2 replies to this topic

#1 jma3rd2003

jma3rd2003

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 08 November 2009 - 09:10 PM

I am having a lot of trouble. Don't know if they are connected or seperate issues. First my internet has slowed down greatly. Second I keep getting message that Boot.ini is missing. I have used windows cd and recovery console to rebuild. It helps for a few days and then dissappears again. I used the command "bootcfg /rebuild". Third I have downloaded games from Reflexive. About 50% of the games will not save progress. I have tried downloading the same games from different web sites and they will not save either. It seems that what ever local it is trying to save in is infected or missing. But I do not get any errors. If someone could help me with this it would be greatly appreciated. I have been trying to figure this out for monthes. Also I run antivirus full scan, spybot, adware, ccleaner, and Uniblue regestry booster every week. Thanks

DDS (Ver_09-10-26.01) - NTFSx86
Run by Joe and Charry Adams at 8:15:18.56 on Tue 11/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1389 [GMT 8:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\TUProgSt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\Explorer.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\windows\VM303_STI.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Reimage\Reimage PC Booster\ReimageBooster.exe
C:\Program Files\Reimage\Reimage PC Booster\REI_Booster.exe
C:\windows\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Joe and Charry Adams\My Documents\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Page_URL = hxxp://www.msn.com
uSearch Bar =
mSearch Page = hxxp://www.msn.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\devices.exe" -RESTART
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [TBPanel] c:\program files\vdotool\TBPanel.exe /A
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Reimage PC Booster] "c:\program files\reimage\reimage pc booster\postrebootexecuter.exe" false na "c:\program files\reimage\reimage pc booster\ReimageBooster.exe" /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Daycare%20Nightmare%20-%20Mini-Monsters/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237348023343
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Parking%20Dash/Images/armhelper.ocx
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joeand~1\applic~1\mozilla\firefox\profiles\odkumg4v.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", true);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-3-18 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2009-3-18 6272]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-7-21 935208]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-9-20 604488]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-31 1533808]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-4-19 234888]
S2 hwosrqop;Security Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 lgtihic;Installer Manager;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 cpuz128;cpuz128;\??\c:\docume~1\joeand~1\locals~1\temp\cpuz_x32.sys --> c:\docume~1\joeand~1\locals~1\temp\cpuz_x32.sys [?]

=============== Created Last 30 ================

2009-11-09 16:40:44 0 d-----w- c:\program files\Runtime Software
2009-11-09 16:15:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Alawar Stargaze
2009-11-09 15:51:40 0 d-----w- c:\program files\Cobian Backup 9
2009-11-09 15:10:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Fugazo
2009-11-09 13:22:00 0 d-----w- c:\docume~1\alluse~1\applic~1\GameHouse
2009-11-09 13:17:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Innovative Solutions
2009-11-08 17:05:51 0 d-----w- c:\docume~1\joeand~1\applic~1\iWin_generic
2009-11-08 17:05:51 0 d-----w- c:\docume~1\alluse~1\applic~1\iWin_generic
2009-11-08 16:37:29 0 d-----w- c:\program files\Kitchen Brigade
2009-11-08 16:29:48 0 d-----w- c:\program files\Kelly Green Garden Queen
2009-11-08 15:29:27 0 d-----w- c:\program files\The Jolly Gangs Spooky Adventure
2009-11-08 14:31:13 0 d-----w- c:\program files\Delicious Emilys Taste of Fame
2009-11-08 04:33:34 0 d-----w- c:\program files\Games
2009-11-07 17:15:39 0 d-----w- c:\program files\Mozilla Firefox 3.6 Beta 1
2009-11-07 16:48:56 0 d-----w- c:\program files\common files\xing shared
2009-11-06 15:43:43 0 d-----w- c:\program files\Farm Frenzy 3
2009-11-02 06:13:53 0 d-----w- c:\program files\Cake Mania Main Street
2009-11-02 04:58:59 0 d-----w- c:\program files\Microsoft Security Essentials
2009-11-01 13:55:15 0 d-----w- c:\docume~1\joeand~1\applic~1\Awem
2009-11-01 13:54:28 0 d-----w- c:\program files\Romance of Rome
2009-11-01 13:52:02 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-01 12:26:04 0 d-----w- c:\docume~1\joeand~1\applic~1\GamesCafe
2009-11-01 12:17:56 0 d-----w- c:\program files\Sallys Quick Clips
2009-10-31 08:12:10 0 d-----w- c:\docume~1\joeand~1\applic~1\GTM_Bodie
2009-10-31 08:11:19 0 d-----w- c:\program files\Ghost Town Mysteries - Bodie
2009-10-30 20:44:43 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-30 20:44:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-30 20:44:41 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-30 20:44:41 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-30 07:20:53 0 d-----w- c:\program files\Campfire Legends The Hookman
2009-10-29 07:29:30 0 d-----w- c:\program files\Zombie Bowl-O-Rama
2009-10-11 04:39:22 195456 ------w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-10 20:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-28 01:20:04 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-28 01:20:00 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-28 01:19:52 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-28 01:19:50 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-28 01:19:48 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-28 01:19:48 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-28 01:19:48 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-28 01:19:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-28 01:19:46 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-28 01:19:46 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-28 01:19:46 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-28 01:19:46 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-28 01:19:40 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 23:12:22 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 23:12:22 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 23:12:22 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 23:12:22 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 23:12:22 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 23:12:22 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 23:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 23:12:22 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 23:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 23:12:22 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 23:12:22 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-24 16:24:18 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-21 18:50:56 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-21 18:50:55 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-09-20 02:59:05 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-20 02:58:59 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-19 07:11:19 6196 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-17 11:53:46 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-09-14 16:38:06 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-09-14 16:38:06 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-09-14 16:38:04 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 00:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-05 00:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-05 00:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-05 00:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-05 00:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-05 00:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-05 00:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-05 00:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-05 00:15:50 446559 ----a-w- c:\program files\Uninstall Fun Web Products.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL

============= FINISH: 8:15:47.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 15 November 2009 - 05:28 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 18 November 2009 - 07:10 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users