Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with live sewcurity suite


  • This topic is locked This topic is locked
6 replies to this topic

#1 mk92pj

mk92pj

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 23 May 2010 - 01:33 PM

Hi i am in great difficulty so i need solution for my problem plz...
Whenever i try hibernate turn off or restart my pc it doesnt give resultsd to commands
Further More Task manager is not showing
Plz.. Help

DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 21:59:03.25 on Sun 05/23/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.90 [GMT 5:00]

AV: Live Security Suite *On-access scanning disabled* (Updated) {D81921C9-C293-4251-B2BC-2C741BAFF411}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\CMMON32.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Cm\CONNECTB\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local
mWinlogon: Taskman=c:\documents and settings\administrator\ctfmon.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: : {083b28f4-f559-48d6-86e0-7d769c3470f0} - c:\windows\system32\rumqlhd.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Microsoft Windows logon process] c:\documents and settings\administrator\application data\microsoft\windows\winlogon.exe
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
uExplorerRun: [Live Security Suite] "c:\program files\live security suite\LiveSS.exe" /s
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\dagsudzl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://connect.net.pk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\dagsudzl.default\extensions\{4d144bc3-23fb-47de-90c5-63ccb0139ccf}\plugins\npww.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 sqzdqeth;sqzdqeth;c:\windows\system32\drivers\sqzdqeth.sys [2008-4-14 23424]
R2 kotbsufg;Intel Processor Monitor;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]

=============== Created Last 30 ================

2010-05-23 17:14 <DIR> --d----- c:\program files\Trend Micro
2010-05-23 17:07 218,624 a------- c:\windows\system32\uxtheme.uxtender
2010-05-22 22:03 19 a------- c:\windows\system32\pb.sys
2010-05-22 22:03 <DIR> --d----- c:\docume~1\admini~1\applic~1\Live Security Suite
2010-05-21 13:22 <DIR> --d----- c:\program files\Electrotank
2010-05-21 12:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2010-05-21 09:05 <DIR> --d----- c:\program files\VideoLAN
2010-05-20 19:20 <DIR> --dsh--- c:\documents and settings\administrator\PrivacIE
2010-05-18 18:49 <DIR> --d----- C:\DriveKey
2010-05-18 18:45 157,696 ---shr-- c:\documents and settings\administrator\ctfmon.exe
2010-05-15 18:37 23,500 -------- c:\windows\system32\1
2010-05-15 15:48 8,628 a---h--- c:\windows\system32\CMMGR32.GID
2010-05-15 15:35 <DIR> --d----- c:\windows\pss
2010-05-15 15:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2010-05-15 14:58 <DIR> --d----- c:\program files\Yahoo! Games
2010-05-14 18:55 <DIR> --dsh--- c:\documents and settings\administrator\IETldCache
2010-05-14 18:13 247,808 -c------ c:\windows\system32\dllcache\ieproxy.dll
2010-05-14 18:13 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2010-05-14 18:13 <DIR> --d----- c:\windows\ie8updates
2010-05-14 18:12 64,000 -c------ c:\windows\system32\dllcache\iecompat.dll
2010-05-14 18:08 <DIR> -cd-h--- c:\windows\ie8
2010-05-14 17:47 221,184 a------- c:\windows\system32\wmpns.dll
2010-05-14 16:30 2,146,304 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2010-05-14 16:30 2,189,952 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2010-05-14 16:30 2,024,448 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2010-05-14 15:36 455,680 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2010-05-14 14:47 2,560 -------- c:\windows\system32\xpsp4res.dll
2010-05-14 14:41 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2010-05-13 22:07 3,245 a------- c:\windows\system32\wbem\Outlook_01caf2bebd492178.mof
2010-05-13 08:00 <DIR> --d----- c:\documents and settings\administrator\Tracing
2010-05-12 22:11 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2010-05-12 22:11 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2010-05-12 22:09 <DIR> --d----- c:\program files\Microsoft
2010-05-12 22:09 <DIR> --d----- c:\program files\Windows Live SkyDrive
2010-05-12 21:31 <DIR> --d----- c:\docume~1\admini~1\applic~1\Flock
2010-05-12 21:29 <DIR> --d----- c:\program files\Flock
2010-05-12 21:09 <DIR> --d----- c:\program files\common files\Windows Live
2010-05-12 21:09 <DIR> --d----- c:\docume~1\admini~1\applic~1\OpenOffice.org
2010-05-12 21:06 <DIR> --d----- c:\program files\JRE
2010-05-12 21:06 <DIR> --d----- c:\program files\OpenOffice.org 3
2010-05-12 21:05 411,368 a------- c:\windows\system32\deploytk.dll
2010-05-12 21:05 73,728 a------- c:\windows\system32\javacpl.cpl
2010-05-12 13:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GRETECH
2010-05-12 13:55 <DIR> --d----- c:\program files\GRETECH
2010-05-12 13:43 165,376 a------- c:\windows\system32\unrar.dll
2010-05-12 13:43 38 a------- c:\windows\avisplitter.ini
2010-05-12 13:43 839,680 a------- c:\windows\system32\lameACM.acm
2010-05-12 13:43 414 a------- c:\windows\system32\lame_acm.xml
2010-05-12 13:43 881,664 a------- c:\windows\system32\xvidcore.dll
2010-05-12 13:43 630,784 a------- c:\windows\system32\vp7vfw.dll
2010-05-12 13:43 217,088 a------- c:\windows\system32\yv12vfw.dll
2010-05-12 13:43 205,824 a------- c:\windows\system32\xvidvfw.dll
2010-05-12 13:43 151,552 a------- c:\windows\system32\ac3acm.acm
2010-05-12 13:43 39,936 a------- c:\windows\system32\huffyuv.dll
2010-05-12 13:43 85,504 a------- c:\windows\system32\ff_vfw.dll
2010-05-12 13:43 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2010-05-12 13:43 <DIR> --d----- c:\program files\K-Lite Codec Pack
2010-05-12 12:41 <DIR> --d----- c:\program files\Yahoo!
2010-05-12 11:42 <DIR> --d----- c:\program files\InkMon4
2010-05-11 19:29 4,444 a------- c:\windows\system32\pid.PNF
2010-05-11 19:28 3,072 a------- c:\windows\system32\drivers\audstub.sys
2010-05-11 19:27 57,600 a------- c:\windows\system32\drivers\redbook.sys
2010-05-11 19:26 5,504 a------- c:\windows\system32\drivers\intelide.sys
2010-05-11 19:26 74,240 a------- c:\windows\system32\usbui.dll
2010-05-11 19:25 <DIR> --d----- c:\docume~1\admini~1\applic~1\MSNInstaller
2010-05-11 19:25 <DIR> --d----- c:\program files\common files\ODBC
2010-05-11 19:25 <DIR> --d----- c:\program files\common files\SpeechEngines
2010-05-11 19:25 <DIR> --d--r-- c:\documents and settings\all users\Documents
2010-05-11 19:24 2,144,487 ac------ c:\windows\system32\dllcache\NT5.CAT
2010-05-11 19:22 261 a------- c:\windows\system32\$winnt$.inf
2010-05-11 16:08 <DIR> --d----- c:\program files\common files\L&H
2010-05-11 16:08 <DIR> --d----- c:\program files\Microsoft ActiveSync
2010-05-11 16:03 <DIR> --d----- c:\docume~1\admini~1\applic~1\Thinstall
2010-05-11 15:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2010-05-11 15:42 <DIR> --d----- c:\program files\common files\HP
2010-05-11 15:39 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2010-05-11 15:36 <DIR> --d----- c:\program files\HP
2010-05-11 14:52 <DIR> --d----- c:\program files\CCleaner
2010-05-11 14:34 <DIR> --dsh--- c:\documents and settings\all users\DRM
2010-05-11 14:34 <DIR> --d-h--- c:\program files\WindowsUpdate
2010-05-11 14:33 <DIR> --d----- c:\program files\common files\MSSoap
2010-05-11 14:31 <DIR> --d----- c:\program files\Online Services
2010-05-11 14:31 <DIR> --d----- c:\program files\Windows Media Connect 2
2010-05-11 14:31 <DIR> --d----- c:\program files\Messenger
2010-05-11 14:31 <DIR> --d----- c:\program files\MSN Gaming Zone
2010-05-11 14:30 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2010-05-23 17:07 218,624 a------- c:\windows\system32\uxtheme.dll
2010-05-11 15:47 163,428 a------- c:\windows\hphins33.dat
2010-05-11 14:34 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2010-05-11 14:32 21,640 a------- c:\windows\system32\emptyregdb.dat
2010-04-17 00:04 306,032 a------- c:\windows\WLXPGSS.SCR
2010-04-16 22:12 48,464 a------- c:\windows\system32\sirenacm.dll
2010-03-10 11:15 420,352 a------- c:\windows\system32\vbscript.dll
2010-02-25 11:24 916,480 a------- c:\windows\system32\wininet.dll

============= FINISH: 22:01:08.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 mk92pj

mk92pj
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 25 May 2010 - 06:02 AM

WTH is wrong with you guys i am waiting for past 48 hours!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

bump

EDIT: There are over 100 unanswered topics in the forum at present and the average wait time is approximately 3 days. Please be patient. ~BP

Edited by Budapest, 25 May 2010 - 07:37 PM.


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:48 PM

Posted 26 May 2010 - 04:13 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:48 PM

Posted 01 June 2010 - 12:10 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:48 PM

Posted 03 June 2010 - 03:14 PM

Reopened at user's request

-----------------------------------------

Please run OTL and we'll attempt to extract this pest
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:48 PM

Posted 06 June 2010 - 07:57 AM

Hello? Are you still here?
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:48 PM

Posted 07 June 2010 - 05:38 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users