Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected eith "antispy live scan: scare ware


  • This topic is locked This topic is locked
2 replies to this topic

#1 Donk242

Donk242

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 PM

Posted 13 December 2009 - 10:28 AM

I keep getting those anoying screen pops...I would like to get rid of then.

I'm trying to follow the instructions, I've never posted on a forum before..

DDS (Ver_09-12-01.01) - NTFSX64
Run by Don at 10:11:13.56 on Sun 12/13/2009
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2046.952 [GMT -5:00]

AV: avast! antivirus 4.8.1229 [VPS 081125-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: AVG Anti-Spyware *enabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1229 [VPS 081125-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\Don\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1M58DXJ\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim6]
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
mRunOnce: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /install /silent
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-5 89680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-5 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2007-7-25 65616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-5-24 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-5-24 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-5-24 352920]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-6-13 22528]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-16 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-13 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-6-13 19968]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-12-10 10:13:20 32768 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 10:13:19 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2009-12-10 10:13:15 620032 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 10:13:14 33792 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 10:13:14 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2009-12-05 14:27:25 0 d-----w- c:\programdata\Real
2009-12-02 22:57:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-02 22:57:17 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2009-12-02 22:57:17 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2009-12-02 22:56:37 0 d-----w- c:\program files (x86)\iPod
2009-12-02 22:56:35 0 d-----w- c:\programdata\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
2009-12-02 22:56:35 0 d-----w- c:\program files\iTunes
2009-12-02 22:55:32 0 d-----w- c:\program files\Bonjour
2009-12-02 22:55:32 0 d-----w- c:\program files (x86)\Bonjour
2009-12-02 22:50:50 0 d-----w- c:\program files\common files\Apple
2009-11-29 23:50:23 154403694 ----a-w- c:\users\don\ccc.mp4
2009-11-29 22:38:12 154496406 ----a-w- c:\users\don\ff.mp4
2009-11-29 20:31:39 161946620 ----a-w- c:\users\don\aa.mp4
2009-11-28 13:29:39 0 dc----w- C:\DVD_VIDEO
2009-11-25 08:01:29 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-11-25 08:01:29 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 22:49:54 1869824 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 22:49:53 1797120 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 22:49:52 1401856 ----a-w- c:\windows\syswow64\msxml6.dll
2009-11-24 22:49:51 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2009-11-24 22:49:48 880640 ----a-w- c:\windows\system32\timedate.cpl
2009-11-24 22:49:47 714240 ----a-w- c:\windows\syswow64\timedate.cpl
2009-11-18 20:48:34 149280 ----a-w- c:\windows\syswow64\javaws.exe
2009-11-18 20:48:34 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-11-18 20:48:34 145184 ----a-w- c:\windows\syswow64\java.exe
2009-11-17 08:20:43 0 d-----w- c:\program files (x86)\Windows Portable Devices
2009-11-17 08:20:40 0 d-----w- c:\program files\Windows Portable Devices
2009-11-17 08:20:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 08:20:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-17 08:04:01 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2009-11-17 08:04:01 369664 ----a-w- c:\windows\syswow64\WMPhoto.dll
2009-11-17 08:04:01 342016 ----a-w- c:\windows\system32\winspool.drv
2009-11-17 08:04:01 258048 ----a-w- c:\windows\syswow64\winspool.drv
2009-11-17 08:02:48 34816 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 08:00:31 4096 ----a-w- c:\windows\syswow64\oleaccrc.dll
2009-11-17 08:00:30 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 08:00:28 736256 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 08:00:28 555520 ----a-w- c:\windows\syswow64\UIAutomationCore.dll
2009-11-17 08:00:28 315904 ----a-w- c:\windows\system32\oleacc.dll
2009-11-17 08:00:28 234496 ----a-w- c:\windows\syswow64\oleacc.dll
2009-11-15 14:33:39 0 d-----w- c:\users\don\appdata\roaming\Malwarebytes
2009-11-15 14:33:32 0 d-----w- c:\programdata\Malwarebytes
2009-11-15 14:33:31 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-15 14:33:31 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-12-13 14:08:33 88081 ----a-w- c:\programdata\nvModes.dat
2009-12-05 14:28:41 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2009-12-05 14:28:25 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2009-12-05 14:28:25 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2009-12-05 14:27:43 278528 ----a-w- c:\windows\syswow64\pncrt.dll
2009-12-02 22:52:06 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-02 22:52:06 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-02 22:52:06 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-24 23:54:29 1280480 ----a-w- c:\windows\syswow64\aswBoot.exe
2009-11-24 23:49:56 65616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-21 06:52:02 1147904 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:46:36 77312 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:46:36 132096 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:40:20 916480 ----a-w- c:\windows\syswow64\wininet.dll
2009-11-21 06:40:03 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2009-11-21 06:38:17 206848 ----a-w- c:\windows\syswow64\occache.dll
2009-11-21 06:35:43 5940736 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-21 06:35:38 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-11-21 06:35:38 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-11-21 06:34:58 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2009-11-21 06:34:39 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2009-11-21 06:34:39 164352 ----a-w- c:\windows\syswow64\ieui.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2009-11-21 06:34:38 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2009-11-21 06:34:38 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2009-11-21 06:34:38 11069952 ----a-w- c:\windows\syswow64\ieframe.dll
2009-11-21 06:34:33 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-11-21 05:07:24 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 04:59:58 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-11-21 04:59:52 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2009-11-21 04:59:14 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-11-17 08:20:28 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-12 14:46:36 178562 ----a-w- c:\windows\hpwins20.dat
2009-11-03 01:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-11 09:17:27 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-10-07 12:20:17 280576 ----a-w- c:\windows\system32\rastls.dll
2009-10-07 11:36:36 243712 ----a-w- c:\windows\syswow64\rastls.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\syswow64\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\syswow64\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\syswow64\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\syswow64\WPDShServiceObj.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\syswow64\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\syswow64\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\syswow64\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\syswow64\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\syswow64\PortableDeviceClassExtension.dll
2009-10-01 00:52:29 2727936 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 00:52:10 453120 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 00:51:59 110080 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 00:51:56 37888 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 00:51:54 573440 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 00:51:50 433152 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 00:51:46 218624 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 00:51:45 77824 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 00:51:45 113152 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 00:51:40 295936 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 00:51:40 107008 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 00:51:34 214528 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 00:51:33 75264 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 00:51:32 37376 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-27 22:24:22 3778664 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 22:23:00 4546152 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 22:23:00 3746920 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 22:23:00 289896 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 22:23:00 1647720 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 22:23:00 1646696 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-27 22:22:00 991848 ----a-w- c:\windows\system32\nvsvc64.dll
2009-09-27 22:22:00 82536 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 22:22:00 5426792 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 22:22:00 5208168 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 22:22:00 383592 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-27 22:22:00 244840 ----a-w- c:\windows\system32\nvshext.dll
2009-09-27 22:22:00 16666728 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-25 02:27:43 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\syswow64\WindowsCodecs.dll
2009-09-25 02:10:01 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:09:10 411648 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\syswow64\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\syswow64\PhotoMetadataHandler.dll
2009-09-25 02:00:39 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:56:42 643072 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\syswow64\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\syswow64\XpsPrint.dll
2009-09-25 01:40:43 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:40:07 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:39:09 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\syswow64\OpcServices.dll
2009-09-25 01:36:16 262656 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\syswow64\XpsGdiConverter.dll
2009-09-25 01:36:08 1548800 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:35:49 328192 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:35:31 135680 ----a-w- c:\windows\syswow64\XpsRasterService.dll
2009-09-25 01:34:58 1269248 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:33:48 792576 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\syswow64\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\syswow64\d3d10warp.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\syswow64\dxdiag.exe
2009-09-25 01:32:22 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:53 519680 ----a-w- c:\windows\syswow64\d3d11.dll
2009-06-27 02:20:44 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-27 02:20:44 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-27 02:20:44 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-27 02:20:44 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-06-13 15:19:40 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 10:13:49.79 ===============
:(

Edited by Orange Blossom, 13 December 2009 - 01:09 PM.
Move to HJT from Vista. ~ OB


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:51 PM

Posted 24 December 2009 - 09:50 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:51 PM

Posted 29 December 2009 - 09:52 AM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users