Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Pro (Fake-Antispyware Tool)


  • This topic is locked This topic is locked
2 replies to this topic

#1 caffeinehero

caffeinehero

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 21 November 2009 - 04:00 PM

I have made several unsuccessful attempts to remove Antivirus Pro. I thought I had erased all the infections, but the next day, when I restarted the computer, it came back again full force. Any help would be greatly appreciated. :')


DDS (Ver_09-10-26.01) - NTFSx86
Run by Cindy at 14:29:30.09 on 21/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.631.79 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AdobeElements\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cindy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: ClickCatcher MSIE handler: {16664845-0e00-11d2-8059-000000000000} - c:\program files\common files\reget shared\Catcher.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\ypager.exe" -quiet
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [Dasaou] c:\windows\system32\??sembly\arpa.exe
uRun: [Usrr] "c:\program files\etea\rpen.exe" -vt mtx
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [djfrarch] c:\documents and settings\cindy\local settings\application data\inynuw\igibsysguard.exe
mRun: [SunKistEM] c:\program files\emachines bay reader\shwiconem.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [HydraVisionDesktopManager] c:\program files\ati technologies\ati hydravision\HydraDM.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [fssui] "c:\program files\windows live\family safety\fssui.exe" -autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [djfrarch] c:\documents and settings\cindy\local settings\application data\inynuw\igibsysguard.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [Win32 USB2 Driver] wuampdr.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [Win32 USB2 Driver] wuampdr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search - http://bar.mywebsearch.com/menusearch.html...CA_ZCxdm481YYCA
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - hxxp://download1.answers.com/pub/AnswersSetup.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://h-eric.spaces.live.com//PhotoUpload/MsnPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257558539468
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257558509734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab31267.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido\security suite\shellhook.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cindy\applic~1\mozilla\firefox\profiles\rp455ft6.default\
FF - component: c:\documents and settings\cindy\application data\mozilla\firefox\profiles\rp455ft6.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\NPSWF32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobeelements\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-9 54752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 450400]
S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\eric\locals~1\temp\cdrmkaun.sys --> c:\docume~1\eric\locals~1\temp\cdrmkaun.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-8-2 173392]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [2006-12-21 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [2006-5-1 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [2006-5-1 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [2006-5-1 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [2006-12-21 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [2006-5-1 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [2006-5-1 90800]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2005-5-24 23552]

=============== Created Last 30 ================

2009-11-21 18:43:18 4052 ----a-w- c:\windows\system32\tmp.reg
2009-11-21 06:47:55 0 d-----w- c:\docume~1\cindy\applic~1\Malwarebytes
2009-11-21 06:39:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-21 06:39:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-21 06:39:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 06:39:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 03:24:49 0 d-----w- c:\docume~1\cindy\applic~1\iCopyExpert
2009-11-20 03:24:44 0 d-----w- c:\program files\iCopyExpert
2009-11-18 15:04:41 0 d-----w- c:\program files\MSECache
2009-11-15 03:30:48 0 d-----w- c:\docume~1\alluse~1\applic~1\espionServerData
2009-11-15 02:51:12 0 d-----w- c:\program files\common files\Macrovision Shared
2009-11-15 02:26:19 0 d-----w- c:\program files\AdobeElements
2009-11-15 01:25:57 0 d-sh--w- c:\documents and settings\cindy\PrivacIE
2009-11-10 03:37:09 56184 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-10 03:29:17 0 d-----w- c:\program files\iPod
2009-11-10 03:29:06 0 d-----w- c:\program files\iTunes
2009-11-10 03:29:06 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-10 03:26:52 0 d-----w- c:\program files\Bonjour
2009-11-10 02:54:49 0 d-----w- c:\documents and settings\cindy\Tracing
2009-11-10 02:32:25 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-11-10 02:21:40 0 d-----w- c:\program files\Microsoft
2009-11-10 02:21:18 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-10 01:58:14 0 d-----w- c:\docume~1\cindy\applic~1\Rogers Online Protection
2009-11-09 23:41:50 0 d-----w- c:\program files\Radialpoint
2009-11-09 23:41:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Rogers Online Protection
2009-11-09 17:40:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-11-09 17:40:28 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-11-08 22:59:16 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-11-08 22:59:16 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-11-08 19:25:29 0 d-----w- c:\program files\common files\Windows Live
2009-11-08 19:18:20 0 d-sh--w- c:\documents and settings\cindy\IETldCache
2009-11-08 02:06:48 2560 ----a-w- c:\windows\system32\bitcometres.dll
2009-11-07 08:07:57 0 d-----w- c:\windows\ie8updates
2009-11-07 06:49:07 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-11-07 06:21:10 0 d-----w- C:\b5cac895d840e2c87748f9b247d4
2009-11-07 06:14:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-07 06:14:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-07 05:14:46 0 dc-h--w- c:\windows\ie8
2009-11-07 03:14:21 0 d-----w- c:\windows\system32\scripting
2009-11-07 03:14:18 0 d-----w- c:\windows\l2schemas
2009-11-07 03:14:16 0 d-----w- c:\windows\system32\en
2009-11-07 03:06:33 1393 ----a-w- c:\windows\imsins.BAK
2009-11-07 02:47:46 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-07 02:44:14 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-11-07 02:44:14 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-11-07 02:44:13 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-11-07 02:44:13 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-11-07 02:44:13 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-11-07 02:44:12 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-11-07 02:44:11 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-11-07 02:44:09 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-11-07 02:44:09 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-11-07 02:43:54 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-11-07 02:43:12 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-11-07 02:39:52 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-11-07 02:39:47 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-07 02:39:41 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-11-07 02:39:34 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-11-07 02:39:24 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-11-07 02:38:58 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-11-07 02:38:49 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-07 02:38:47 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-11-07 02:38:46 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-07 02:35:31 53248 ------w- c:\windows\system32\tsgqec.dll
2009-11-07 02:35:31 50688 ------w- c:\windows\system32\tspkg.dll
2009-11-07 02:35:16 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-11-07 02:35:15 32768 ------w- c:\windows\system32\setupn.exe
2009-11-07 02:35:11 290304 ------w- c:\windows\system32\rhttpaa.dll
2009-11-07 02:35:09 61952 ------w- c:\windows\system32\rasqec.dll
2009-11-07 02:35:08 76800 ------w- c:\windows\system32\qutil.dll
2009-11-07 02:35:07 62464 ------w- c:\windows\system32\qcliprov.dll
2009-11-07 02:35:06 291328 ------w- c:\windows\system32\qagentrt.dll
2009-11-07 02:35:06 150528 ------w- c:\windows\system32\qagent.dll
2009-11-07 02:35:02 144384 ------w- c:\windows\system32\onex.dll
2009-11-07 02:33:57 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2009-11-07 02:23:23 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-07 02:07:05 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-11-07 02:06:58 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-11-07 02:06:09 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-11-07 02:06:08 1203922 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2009-11-07 02:06:07 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-11-07 02:06:02 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2009-11-07 01:53:01 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

==================== Find3M ====================

2009-09-18 08:27:16 99356 ----a-w- c:\windows\fonts\MyriadWebPro-Bold.ttf
2009-09-18 08:27:16 96588 ----a-w- c:\windows\fonts\MyriadWebPro-Condensed.ttf
2009-09-18 08:27:16 93552 ----a-w- c:\windows\fonts\MyriadWebPro-Italic.ttf
2009-09-18 08:27:16 93432 ----a-w- c:\windows\fonts\MyriadWebPro.ttf
2009-09-18 08:27:16 101128 ----a-w- c:\windows\fonts\MyriadWebPro-CondensedIt.ttf
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2005-09-10 02:44:22 708 ----a-w- c:\program files\INSTALL.LOG
2003-12-18 15:33:46 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 11:46:54 10960 ----a-w- c:\program files\EULA.txt
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

============= FINISH: 14:30:41.03 ===============
Attached File  ark.txt   5.26KB   1 downloads
Attached File  Attach.txt   14.29KB   1 downloads

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:41 AM

Posted 27 November 2009 - 01:12 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:41 AM

Posted 04 December 2009 - 06:54 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users