Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Antivirus System PRO" infection.


  • This topic is locked This topic is locked
2 replies to this topic

#1 mightymatt777

mightymatt777

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 27 November 2009 - 10:59 PM

Just tonight I got this annoying rogue program on my laptop. I'm in safe mode with networking right now because this program pretends to be a virus protection program and closes every other program i try to open! Here's a hijack this log; could anyone offer some help? thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:19 PM, on 11/27/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Safe mode

Running processes:
C:WindowsExplorer.EXE
C:Windowssystem32wbemunsecapp.exe
C:UsersMatthewDownloadsHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://en.us.acer.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:Windowssystem32ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Windowssystem32eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [LVCOMSX] "C:Program FilesCommon FilesLogitechLComMgrLVComSX.exe"
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [IgfxTray] C:Windowssystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe
O4 - HKLM..Run: [Persistence] C:Windowssystem32igfxpers.exe
O4 - HKLM..Run: [WinampAgent] "C:Program FilesWinampwinampa.exe"
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKCU..Run: [SansaDispatch] C:UsersMatthewAppDataRoamingSanDiskSansa UpdaterSansaDispatch.exe
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [afmbvend] C:UsersMatthewAppDataLocalsddbhdgolqsysguard.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: eNetHook.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:AcerALaunchALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:Program FilesCisco SystemsVPN Clientcvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:Program FilesIntelWiFibinEvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:Program FilesCommon FilesLogitechSrvLnchSrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe

--
End of file - 6561 bytes

sorry, here's the DDS log. At the end of the root repeal scan, an error message popped up that said it couldn't scan the registry. but it seems to have worked. hmmm

DDS (Ver_09-11-24.02) - NTFSx86 NETWORK
Run by Matthew at 23:10:19.89 on Fri 11/27/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1490 [GMT -5:00]

SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k secsvcs
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k NetworkService
C:Windowssystem32svchost.exe -k LocalService
C:Program FilesLavasoftAd-Awareaawservice.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:WindowsExplorer.EXE
C:Windowssystem32wbemunsecapp.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Windowssystem32NOTEPAD.EXE
C:UsersMatthewDownloadsdds.scr
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 7.0activexAcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg8avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0_05binssv.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:windowssystem32ActiveToolBand.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:windowssystem32eDStoolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:program filesavgavg8toolbarIEToolbar.dll
uRun: [SansaDispatch] c:usersmatthewappdataroamingsandisksansa updaterSansaDispatch.exe
uRun: [ehTray.exe] c:windowsehomeehTray.exe
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
uRun: [afmbvend] c:usersmatthewappdatalocalsddbhdgolqsysguard.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LVCOMSX] "c:program filescommon fileslogitechlcommgrLVComSX.exe"
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [Persistence] c:windowssystem32igfxpers.exe
mRun: [WinampAgent] "c:program fileswinampwinampa.exe"
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportbinAppleSyncNotifier.exe
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [AVG8_TRAY] c:progra~1avgavg8avgtray.exe
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupvpncli~1.lnk - c:windowsinstaller{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}Icon3E5562ED7.ico
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:program filesjavajre1.6.0_05binssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg8avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: eNetHook.dll,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:usersmatthewappdataroamingmozillafirefoxprofiles5jg12ym3.default
FF - component: c:program filesavgavg8firefoxcomponentsavgssff.dll
FF - component: c:program filesmozilla firefoxcomponentsScriptff.dll
FF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint.dll
FF - plugin: c:usersmatthewappdataroamingmove networkspluginsnpqmp071505000010.dll
FF - plugin: c:usersmatthewappdataroamingmozillafirefoxprofiles5jg12ym3.defaultextensionsbattlefieldheroespatcher@ea.complatformwinnt_x86-msvcpluginsnpBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.14);user_pref(general.useragent.extra.zencast,
============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:windowssystem32driversavgtdix.sys [2009-9-20 108552]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:windowssystem32driversNETw5v32.sys [2008-11-17 3668480]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-9-20 335240]
S2 ALaunchService;ALaunch Service;c:aceralaunchALaunchSvc.exe [2007-4-10 50688]
S2 avg8wd;AVG Free8 WatchDog;c:progra~1avgavg8avgwdsvc.exe [2009-9-20 297752]
S3 FontCache;Windows Font Cache Service;c:windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-6-9 21504]

=============== Created Last 30 ================

2009-11-25 03:51:45 2048 ----a-w- c:windowssystem32tzres.dll
2009-11-25 00:35:22 1401856 ----a-w- c:windowssystem32msxml6.dll
2009-11-25 00:35:21 1248768 ----a-w- c:windowssystem32msxml3.dll
2009-11-25 00:35:18 714240 ----a-w- c:windowssystem32timedate.cpl
2009-11-12 19:14:20 2421760 ----a-w- c:windowssystem32wucltux.dll
2009-11-12 19:13:43 87552 ----a-w- c:windowssystem32wudriver.dll
2009-11-12 19:13:31 33792 ----a-w- c:windowssystem32wuapp.exe
2009-11-12 19:13:31 171608 ----a-w- c:windowssystem32wuwebv.dll
2009-11-11 15:30:08 2036736 ----a-w- c:windowssystem32win32k.sys
2009-11-11 15:30:05 355328 ----a-w- c:windowssystem32WSDApi.dll
2009-11-07 18:31:08 36277 ----a-w- c:windowsDIIUnin.dat
2009-11-07 18:31:04 94208 ----a-w- c:windowsDIIUnin.exe
2009-11-07 18:31:04 2829 ----a-w- c:windowsDIIUnin.pif
2009-11-02 23:37:12 1638912 ----a-w- c:windowssystem32mshtml.tlb
2009-10-31 21:51:23 0 d-----w- c:program filesiDump (Freeware)
2009-10-31 14:14:05 0 d-----w- c:program filesWindows Portable Devices
2009-10-31 14:13:52 0 ---ha-w- c:windowssystem32driversMsft_User_WpdMtpDr_01_07_00.Wdf
2009-10-31 14:13:11 0 ---ha-w- c:windowssystem32driversMsft_User_WpdFs_01_07_00.Wdf
2009-10-31 13:55:16 92672 ----a-w- c:windowssystem32UIAnimation.dll
2009-10-31 13:55:15 3023360 ----a-w- c:windowssystem32UIRibbon.dll
2009-10-31 13:55:15 1164800 ----a-w- c:windowssystem32UIRibbonRes.dll
2009-10-31 13:53:58 81920 ----a-w- c:windowssystem32wpdbusenum.dll
2009-10-31 13:52:05 555520 ----a-w- c:windowssystem32UIAutomationCore.dll
2009-10-31 13:52:05 4096 ----a-w- c:windowssystem32oleaccrc.dll
2009-10-31 13:52:05 234496 ----a-w- c:windowssystem32oleacc.dll

==================== Find3M ====================

2009-11-21 03:57:50 139456 ----a-w- c:windowssystem32driversPnkBstrK.sys
2009-11-21 03:57:41 190160 ----a-w- c:windowssystem32PnkBstrB.exe
2009-11-07 18:43:13 21840 ----atw- c:windowssystem32SIntfNT.dll
2009-11-07 18:43:13 17212 ----atw- c:windowssystem32SIntf32.dll
2009-11-07 18:43:13 12067 ----atw- c:windowssystem32SIntf16.dll
2009-11-03 01:42:06 195456 ------w- c:windowssystem32MpSigStub.exe
2009-10-31 14:14:01 665600 ----a-w- c:windowsinfdrvindex.dat
2009-10-31 14:14:01 51200 ----a-w- c:windowsinfinfpub.dat
2009-10-31 14:14:00 143360 ----a-w- c:windowsinfinfstrng.dat
2009-10-31 14:14:00 143360 ----a-w- c:windowsinfinfstor.dat
2009-10-24 02:06:02 138056 ----a-w- c:usersmatthewappdataroamingPnkBstrK.sys
2009-10-24 02:05:45 75064 ----a-w- c:windowssystem32PnkBstrA.exe
2009-10-24 02:05:45 2395944 ----a-w- c:windowssystem32pbsvc_heroes.exe
2009-10-09 23:24:10 413696 ----a-w- c:windowssystem32wrap_oal.dll
2009-10-09 23:24:10 110592 ----a-w- c:windowssystem32OpenAL32.dll
2009-10-01 01:02:17 2537472 ----a-w- c:windowssystem32wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:windowssystem32WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:windowssystem32PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:windowssystem32WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:windowssystem32BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:windowssystem32wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:windowssystem32PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:windowssystem32PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:windowssystem32WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:windowssystem32PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:windowssystem32PortableDeviceClassExtension.dll
2009-10-01 01:01:54 40448 ----a-w- c:windowssystem32driversWpdUsb.sys
2009-10-01 01:01:50 226816 ----a-w- c:windowssystem32WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:windowssystem32WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:windowssystem32WpdConns.dll
2009-09-27 20:00:26 479943 ----a-w- c:usersmatthewMachiavelli - The Prince.zip
2009-09-25 02:10:10 974848 ----a-w- c:windowssystem32WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:windowssystem32WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:windowssystem32PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:windowssystem32xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:windowssystem32XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:windowssystem32OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:windowssystem32XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:windowssystem32XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:windowssystem32dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:windowssystem32d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:windowssystem32WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:windowssystem32dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:windowssystem32d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:windowssystem32d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:windowssystem32d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:windowssystem32d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:windowssystem32d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:windowssystem32d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:windowssystem32dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:windowssystem32d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:windowssystem32FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:windowssystem32cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:windowssystem32DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:windowssystem32winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:windowssystem32printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:windowssystem32printfilterpipelineprxy.dll
2009-09-20 17:17:59 11952 ----a-w- c:windowssystem32avgrsstx.dll
2009-09-18 14:56:00 37665 ----a-w- c:windowsfontsGlobalUserInterface.CompositeFont
2009-09-14 16:11:42 794408 ----a-w- c:windowssystem32pbsvc.exe
2009-09-10 16:48:01 218624 ----a-w- c:windowssystem32msv1_0.dll
2009-09-10 14:59:26 8147456 ----a-w- c:windowssystem32wmploc.DLL
2009-09-10 14:58:28 310784 ----a-w- c:windowssystem32unregmp2.exe
2009-09-04 11:41:59 60928 ----a-w- c:windowssystem32msasn1.dll
2008-06-10 23:08:13 174 --sha-w- c:program filesdesktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfc.dat

============= FINISH: 23:12:45.78 ===============

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 28 November 2009 - 12:19 AM.


BC AdBot (Login to Remove)

 


#2 mightymatt777

mightymatt777
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 28 November 2009 - 03:30 PM

Nevermind, I did a system restore in safe mode to a week ago and it seems to have fixed the problem. I'm gonna scan the crap out of my laptop to see if it can pick up any threats and make sure its gone for good. Thanks!

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:30 AM

Posted 04 December 2009 - 07:44 PM

Since you fixed it yourself, I will close this thread.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users