Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Guardian Problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 Marlon_NFFC

Marlon_NFFC

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 06 February 2010 - 03:06 AM

Hello.

I have scoured the internet in order to try to remove this from my computer without success. I have used Spyware Doctor and Malwarebytes Anti-Malware without luck.

I am getting desperate and want to avoid a fresh install.

Please help.

dds.txt


DDS (Ver_09-12-01.01) - NTFSx86
Run by Darren Conlon at 20:19:02.55 on 05/02/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2005 [GMT 0:00]

AV: avast! antivirus 4.8.1229 [VPS 081118-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1229 [VPS 081118-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
d:\Alwil Software\Avast4\aswUpdSv.exe
d:\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\System32\rundll32.exe
D:\HP\HP Software Update\hpwuSchd2.exe
D:\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\RtHDVCpl.exe
D:\CyberLink\PowerDVD9\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
d:\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
d:\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
d:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
d:\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
D:\Bandoo\Bandoo.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
D:\TomTom HOME 2\TomTomHOMERunner.exe
D:\CleanMyPC\Registry Cleaner\RCHelper.exe
D:\Internet Download Manager\IDMan.exe
D:\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\HP\Digital Imaging\bin\hpqtra08.exe
D:\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
d:\Alwil Software\Avast4\ashMaiSv.exe
d:\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
d:\Raxco\PerfectDisk2008\PD91AgentS1.exe
d:\Raxco\PerfectDisk2008\PD91AgentS1.exe
d:\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\iPod\bin\iPodService.exe
d:\Raxco\PerfectDisk2008\PD91AgentS1.exe
d:\Raxco\PerfectDisk2008\PD91AgentS1.exe
D:\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Internet Download Manager\IEMonitor.exe
D:\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
D:\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Users\Darren Conlon\AppData\Local\av.exe
D:\Mozilla Firefox\firefox.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Darren Conlon\AppData\Local\av.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
O:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.talkforest.com/index.php
uInternet Settings,ProxyOverride = local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - d:\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - d:\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - d:\bandoo\plugins\ie\ieplugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - d:\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "d:\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Registry Cleaner Scheduler] "d:\cleanmypc\registry cleaner\RCHelper.exe" /startup
uRun: [IDMan] d:\internet download manager\IDMan.exe /onboot
uRun: [PC Suite Tray] "d:\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [P17RunE] "RunDll32" P17RunE.dll,RunDLLEntry
mRun: [HP Software Update] "d:\hp\hp software update\HPWuSchd2.exe"
mRun: [avast!] d:\alwils~1\avast4\ashDisp.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Mobile-based device management] "%windir%\WindowsMobile\wmdSync.exe"
mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [JMB36X IDE Setup] "c:\windows\raidtool\xInsIDE.exe"
mRun: [RtHDVCpl] "RtHDVCpl.exe"
mRun: [Skytel] "Skytel.exe"
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [RemoteControl9] "d:\cyberlink\powerdvd9\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "d:\cyberlink\powerdvd9\powerdvd9\language\Language.exe"
mRun: [BDRegion] "c:\program files\cyberlink\shared files\brs.exe"
mRun: [Adobe Reader Speed Launcher] "d:\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - d:\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - d:\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - d:\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\internet download manager\IEGetVL.htm
IE: Download with IDM - d:\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://d:\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://d:\iespell\wikipedia.HTM
IE: Send image to &Bluetooth Device... - d:\belkin\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - d:\belkin\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\belkin\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: d:\bandoo\bndhook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\darren~1\appdata\roaming\mozilla\firefox\profiles\luf3ym3u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.talkforest.com/index.php?sid=811a10fd6cffa7988ab38ca054d199ff|http://ukbkk.co.uk/forum/index.php?act=idx|http://www.worldsexguide.com/forum/forumdisplay.php?f=1025|http://www.punternet.com/forum/index.php|http://annajet.myfastforum.org/index.php?sid=b1589e832b4f9ddb7bc9ffdb26e75545|http://www.facebook.com/home.php?ref=home
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\users\darren conlon\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\darren conlon\appdata\roaming\mozilla\firefox\profiles\luf3ym3u.default\extensions\firefox@bandoo.com\components\FFPlugin.dll
FF - component: d:\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: d:\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\divx\divx web player\npdivx32.dll
FF - plugin: d:\divx\divx web player\npdivx32.dll
FF - plugin: d:\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\mozilla firefox\plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-7-19 39472]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-5 207792]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-7-20 114768]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/03/16 20:37:20];d:\cyberlink\powerdvd9\powerdvd9\000.fcl [2009-9-1 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-7-20 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-7-20 53328]
R2 avast! Antivirus;avast! Antivirus;d:\alwil software\avast4\ashServ.exe [2008-7-20 138680]
R2 Browser Defender Update Service;Browser Defender Update Service;d:\spyware doctor\bdt\BDTUpdateService.exe [2010-2-5 112592]
R2 PD91Agent;PD91Agent;d:\raxco\perfectdisk2008\PD91Agent.exe [2008-9-25 693512]
R2 StarWindServiceAE;StarWind AE Service;d:\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TomTomHOMEService;TomTomHOMEService;d:\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
R3 avast! Mail Scanner;avast! Mail Scanner;d:\alwil software\avast4\ashMaiSv.exe [2008-7-20 254040]
R3 avast! Web Scanner;avast! Web Scanner;d:\alwil software\avast4\ashWebSv.exe [2008-7-20 352920]
S2 .1216442781SsTR;1216442781SsTR;c:\programdata\webroot\Darren Conlon9332306.exe [2009-6-2 343435]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-19 133104]
S3 CardiopulmonaryBypass;CardiopulmonaryBypass;c:\windows\system32\drivers\CardiopulmonaryBypass.sys [2010-2-5 10824]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\common files\creative labs shared\service\AL1Licensing.exe [2008-7-19 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-12-21 79360]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-1 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2009-1-25 24197]
S3 NDISKIO;NDISKIO;c:\users\darren~1\appdata\local\temp\00001c51.nmc\nse\bin\ndiskio.sys [2010-2-5 24168]
S3 nsak;nsak;c:\users\darren~1\appdata\local\temp\00001c51.nmc\nse\bin\nsak.sys [2010-2-5 18120]
S3 PD91Engine;PD91Engine;d:\raxco\perfectdisk2008\PD91Engine.exe [2008-9-25 910600]
S3 sdAuxService;PC Tools Auxiliary Service;d:\spyware doctor\pctsAuxs.exe [2010-2-5 359624]
S3 sdCoreService;PC Tools Security Service;d:\spyware doctor\pctsSvc.exe [2010-2-5 1141712]

=============== Created Last 30 ================

2010-02-05 17:55:05 10824 ----a-w- c:\windows\system32\drivers\CardiopulmonaryBypass.sys
2010-02-05 17:41:25 0 d-----w- c:\users\darren~1\appdata\roaming\Malwarebytes
2010-02-05 17:41:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 17:41:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-05 17:41:20 0 d-----w- c:\programdata\Malwarebytes
2010-02-05 16:41:10 883 ----a-w- c:\windows\RegSDImport.xml
2010-02-05 16:41:10 880 ----a-w- c:\windows\RegISSImport.xml
2010-02-05 16:41:10 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-05 16:41:10 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-05 16:41:10 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-02-05 16:41:10 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-05 16:41:10 131 ----a-w- c:\windows\IDB.zip
2010-02-05 16:41:10 1152444 ----a-w- c:\windows\UDB.zip
2010-02-05 16:39:57 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-05 16:39:57 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-02-05 16:39:57 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-05 16:39:56 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-05 16:39:56 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-02-05 16:39:56 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-02-05 16:39:56 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-05 16:39:53 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-02-05 16:39:53 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 16:39:48 0 d-----w- c:\users\darren~1\appdata\roaming\PC Tools
2010-02-05 16:39:48 0 d-----w- c:\programdata\PC Tools
2010-02-05 16:39:48 0 d-----w- c:\program files\common files\PC Tools
2010-02-05 14:13:51 0 ---ha-w- C:\ProgramData.LOG2
2010-02-05 14:13:51 0 ---ha-w- C:\ProgramData.LOG1
2010-02-04 00:22:15 0 d-----w- c:\program files\iPod
2010-01-13 01:47:11 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 01:47:11 156672 ----a-w- c:\windows\system32\t2embed.dll

==================== Find3M ====================

2010-02-05 20:13:22 54151 ----a-w- c:\programdata\nvModes.dat
2010-01-15 22:44:13 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-14 11:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 15:44:20 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-12 15:44:20 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-05 15:08:54 87608 ----a-w- c:\users\darren~1\appdata\roaming\inst.exe
2010-01-05 15:08:54 47360 ----a-w- c:\users\darren~1\appdata\roaming\pcouffin.sys
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-29 17:27:09 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-21 12:12:21 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-21 12:12:21 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-21 02:34:54 9333352 ----a-w- c:\windows\system32\nvd3dum.dll
2009-11-21 02:34:54 76392 ----a-w- c:\windows\system32\OpenCL.dll
2009-11-21 02:34:54 592488 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-21 02:34:54 4001384 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-21 02:34:54 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
2009-11-21 02:34:54 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-11-21 02:34:54 182888 ----a-w- c:\windows\system32\nvcod178.dll
2009-11-21 02:34:54 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34:54 14064232 ----a-w- c:\windows\system32\nvoglv32.dll
2009-11-21 02:34:54 1249896 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 02:34:54 11381352 ----a-w- c:\windows\system32\nvcompiler.dll
2009-11-20 20:33:00 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 20:33:00 66664 ----a-w- c:\windows\system32\nvshext.dll
2009-11-20 20:33:00 1323624 ----a-w- c:\windows\system32\nvsvcr.dll
2009-11-20 20:33:00 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 20:33:00 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 20:33:00 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-19 21:42:56 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-18 03:21:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2008-07-21 00:31:59 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-16 12:58:44 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 20:19:43.56 ===============

I tried to run the rootrepeallog, but after 12 hours it still wasn't done and seemed stuck.

Help !!!!

Thanks

Forgot to attach the other file.

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 06 February 2010 - 10:42 PM.


BC AdBot (Login to Remove)

 


#2 Marlon_NFFC

Marlon_NFFC
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 06 February 2010 - 11:07 PM

I've now sorted it thanks to advice off another forum.

Thanks

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:37 AM

Posted 07 February 2010 - 05:58 AM

Since the issue seems to be resolved, this topic is now closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users