Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Renos Infection


  • This topic is locked This topic is locked
3 replies to this topic

#1 iVisionz

iVisionz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 05 February 2010 - 01:37 PM

Windows Defender keeps popping up with a infection about Renos but it can not be removed.

I have included both the DDS and Rootrepeal logs.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Vince at 19:14:57,87 on vr 05-02-2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.2943.1790 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
F:\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
F:\iTunesHelper.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
F:\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Vince\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=c:\recycler\s-1-5-21-7114082742-2624223738-311380199-8779\dllhost.exe,explorer.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /systray /nologon
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\vince\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [iTunesHelper] "F:\iTunesHelper.exe"
mRun: [Xfire Music] "c:\program files\xfire\xfiremusic.exe"
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gamers~1.lnk - c:\program files\gamersfirst\live!\Live.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Toevoegen aan Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\vince\appdata\roaming\mozilla\firefox\profiles\7vb52nd3.default\
FF - prefs.js: browser.startup.homepage - www.google.nl
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\users\vince\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\vince\appdata\roaming\mozilla\firefox\profiles\7vb52nd3.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: f:\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-5-15 21008]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/14 12:18:52];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-5-25 303376]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-25 12672]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-11-20 240232]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-12-8 185640]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-25 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [2009-11-27 86568]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [2009-11-27 15016]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [2009-11-27 114472]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [2009-11-27 108200]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [2009-5-25 26024]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [2009-11-27 104488]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [2009-11-27 109480]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-02-04 15:43:48 0 d-----w- c:\program files\HJT
2010-01-31 13:13:29 0 d-----w- c:\program files\CCleaner
2010-01-30 21:17:45 719872 ----a-w- c:\windows\system32\devil.dll
2010-01-30 21:17:45 0 d-----w- c:\program files\common files\Common Share
2010-01-30 21:17:44 351744 ----a-w- c:\windows\system32\avisynth.dll
2010-01-30 21:17:43 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-01-24 19:15:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-01-24 19:15:14 0 d-----w- c:\users\vince\Office Genuine Advantage
2010-01-22 01:33:06 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-17 16:16:46 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-17 16:16:46 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-17 16:16:46 0 d-----w- c:\program files\OpenAL
2010-01-16 15:41:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
2010-01-16 15:41:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2010-01-16 15:39:59 0 d-----w- c:\programdata\Logitech
2010-01-14 14:23:45 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-14 14:23:45 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-10 14:42:18 0 d-----w- c:\program files\LP Recorder Trial
2010-01-10 14:40:46 0 d-----w- c:\program files\LP Ripper Trial
2010-01-09 21:13:43 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-01-09 21:13:33 0 d-----w- c:\windows\system32\QuickTime
2010-01-09 21:13:14 0 d-----w- c:\program files\common files\TechSmith Shared
2010-01-09 18:01:35 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-01-08 21:48:12 0 d-----w- c:\program files\Paint.NET
2010-01-08 18:04:01 0 d-----w- c:\users\vince\appdata\roaming\.ZMatrix
2010-01-08 18:03:56 0 d-----w- c:\program files\ZMatrix

==================== Find3M ====================

2010-02-05 18:09:09 667114 ----a-w- c:\windows\system32\perfh013.dat
2010-02-05 18:09:09 126648 ----a-w- c:\windows\system32\perfc013.dat
2010-01-30 12:19:26 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-30 12:19:26 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-30 12:19:24 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-18 10:34:24 96152 ----a-w- c:\windows\fonts\INFECTED.ttf
2010-01-14 10:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-23 15:53:45 35424 ----a-r- c:\windows\fonts\bankgthd.ttf
2009-12-18 08:56:40 526336 ---ha-w- c:\users\vince\appdata\roaming\NewPort.dll
2009-12-11 17:52:52 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-12-04 16:03:31 390454 ----a-w- c:\programdata\nvModes.dat
2009-12-03 19:47:50 1538592 ----a-w- c:\windows\system32\RtkPgExt.dll
2009-12-03 19:47:44 55328 ----a-w- c:\windows\system32\RtkCoInst.dll
2009-12-03 19:47:44 363040 ----a-w- c:\windows\system32\RtkApoApi.dll
2009-12-03 19:47:40 2796064 ----a-w- c:\windows\system32\RtkAPO.dll
2009-12-01 14:43:08 296864 ----a-w- c:\windows\system32\FMAPO.dll
2009-11-24 16:40:20 838176 ----a-w- c:\windows\RtlExUpd.dll
2009-11-24 08:55:08 345328 ----a-w- c:\windows\system32\SRSTSXT.dll
2009-11-24 08:55:08 185584 ----a-w- c:\windows\system32\SRSTSHD.dll
2009-11-24 08:55:08 173296 ----a-w- c:\windows\system32\SRSHP360.dll
2009-11-24 08:55:08 140528 ----a-w- c:\windows\system32\SRSWOW.dll
2009-11-21 15:35:47 22328 ----a-w- c:\users\vince\appdata\roaming\PnkBstrK.sys
2009-11-21 09:27:17 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-21 02:34:54 9333352 ----a-w- c:\windows\system32\nvd3dum.dll
2009-11-21 02:34:54 76392 ----a-w- c:\windows\system32\OpenCL.dll
2009-11-21 02:34:54 592488 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-21 02:34:54 4241000 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-11-21 02:34:54 4001384 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-21 02:34:54 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
2009-11-21 02:34:54 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-11-21 02:34:54 182888 ----a-w- c:\windows\system32\nvcod178.dll
2009-11-21 02:34:54 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34:54 14064232 ----a-w- c:\windows\system32\nvoglv32.dll
2009-11-21 02:34:54 1249896 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 02:34:54 11381352 ----a-w- c:\windows\system32\nvcompiler.dll
2009-11-20 19:33:00 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 19:33:00 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:33:00 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 19:33:00 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-19 20:42:56 592488 ----a-w- c:\windows\system32\nvuninst.exe
2009-11-18 17:42:48 311568 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2009-11-18 17:42:48 1938704 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2009-11-18 17:42:48 1783056 ----a-w- c:\windows\system32\WavesLib.dll
2009-11-18 06:13:00 531032 ----a-w- c:\windows\system32\MBAPO32.dll
2009-11-18 06:13:00 50776 ----a-w- c:\windows\system32\MBPPCn32.dll
2009-11-18 06:12:00 68696 ----a-w- c:\windows\system32\MBWrp32.dll
2009-11-18 06:12:00 53848 ----a-w- c:\windows\system32\MBppld32.dll
2009-11-17 17:13:36 96160 ----a-w- c:\windows\system32\AERTARen.dll
2009-11-17 17:10:14 146336 ----a-w- c:\windows\system32\AERTACap.dll
2009-11-14 21:00:02 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-14 11:03:37 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-13 14:16:02 73216 ----a-w- c:\windows\system32\RTEEL32A.dll
2009-11-13 14:16:02 59392 ----a-w- c:\windows\system32\RTEEG32A.dll
2009-11-13 14:16:02 348160 ----a-w- c:\windows\system32\RTEEP32A.dll
2009-11-13 14:16:02 165376 ----a-w- c:\windows\system32\RTEED32A.dll
2009-11-09 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-04-17 08:12:56 12846336 ----a-w- c:\program files\vegas90.exe.bak
2009-04-17 08:11:48 2340608 ----a-w- c:\program files\applicationregistration.exe.bak
2008-01-21 06:34:34 41976 ----a-w- c:\windows\inf\perflib\0413\perfd.dat
2008-01-21 06:34:34 41976 ----a-w- c:\windows\inf\perflib\0413\perfc.dat
2008-01-21 06:34:34 336440 ----a-w- c:\windows\inf\perflib\0413\perfi.dat
2008-01-21 06:34:34 336440 ----a-w- c:\windows\inf\perflib\0413\perfh.dat
2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-25 09:37:38 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-24 16:27:13 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-24 18:22:29 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat

============= FINISH: 19:15:46,64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 iVisionz

iVisionz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 05 February 2010 - 02:11 PM

Bump, Help please.

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 05 February 2010 - 03:15 PM.


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 AM

Posted 12 February 2010 - 07:44 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 AM

Posted 18 February 2010 - 07:15 AM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users