Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijacker virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 Csjogren

Csjogren

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 23 June 2010 - 07:40 PM

I cannot get google chrome to open at all, and internet explorer is redirected to other websites while searching. I have tried using PCPitstop, search and destroy, and symantic anitvirus with no luck. I am trying to get this computer back up quickly since it is used to assisst a boy with autism with his communication device. Thank you for any help with this, it is greatly appreciated.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Candace Sjogren at 19:10:50.01 on Wed 06/23/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3035.1624 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Candace Sjogren\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\Users\Candace Sjogren\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Candace Sjogren\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} -
mURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar
TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SignupShield] "c:\users\candace sjogren\documents\my programs\signupshield\bin-06-02-04\SignupShield.exe" /e"1"
uRun: [Google Update] "c:\users\candace sjogren\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\candac~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\candace sjogren\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\candac~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office14\officesas\OfficeSASScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\candac~1\appdata\roaming\mozilla\firefox\profiles\jdqg7e6p.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\candace sjogren\appdata\local\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\candace sjogren\appdata\roaming\mozilla\firefox\profiles\jdqg7e6p.default\extensions\{38ab6a6c-cc4c-4f9e-a3dd-3c5681ef18a1}\plugins\npsoe.dll
FF - plugin: c:\users\candace sjogren\appdata\roaming\mozilla\firefox\profiles\jdqg7e6p.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-3-25 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 13336]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2010-6-4 3026]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-2-15 85504]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-4-1 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-4-1 49152]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-4-1 38400]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-23 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-5 2477304]
R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-6-23 636272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2008-4-30 6144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-4-29 277536]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2009-11-13 546816]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-2 1343400]

============== File Associations ===============

.reg=Regedit.Document

=============== Created Last 30 ================

2010-06-24 00:00:38 20 -c--a-w- c:\users\candace sjogren\defogger_reenable
2010-06-23 22:47:52 0 dc----w- c:\programdata\Spybot - Search & Destroy
2010-06-23 22:47:52 0 dc----w- c:\program files\Spybot - Search & Destroy
2010-06-22 05:31:31 0 dc----w- c:\program files\VS Revo Group
2010-06-22 04:59:09 0 dc----w- c:\users\candac~1\appdata\roaming\Dropbox
2010-06-21 23:56:06 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2010-06-21 23:55:01 0 dc----w- c:\users\candac~1\appdata\roaming\Teleca
2010-06-21 23:54:39 0 dc----w- c:\program files\common files\Teleca Shared
2010-06-21 23:53:58 0 dc----w- c:\program files\Spirent Communications
2010-06-21 23:53:52 0 dc----w- c:\program files\HTC
2010-06-18 13:35:56 65536 --sha-w- c:\users\candace sjogren\ntuser.dat{7b1fb1f0-7ad7-11df-8b88-002618749269}.TM.blf
2010-06-18 13:35:56 524288 --sha-w- c:\users\candace sjogren\ntuser.dat{7b1fb1f0-7ad7-11df-8b88-002618749269}.TMContainer00000000000000000002.regtrans-ms
2010-06-18 13:35:56 524288 --sha-w- c:\users\candace sjogren\ntuser.dat{7b1fb1f0-7ad7-11df-8b88-002618749269}.TMContainer00000000000000000001.regtrans-ms
2010-06-17 19:32:51 0 dc----w- c:\programdata\NCH Swift Sound
2010-06-17 19:31:28 0 dc----w- c:\program files\NCH Swift Sound
2010-06-16 23:40:06 264 -c--a-w- c:\windows\system32\winsusrm.dll
2010-06-16 23:40:06 120 -c--a-w- c:\windows\system32\winsusrx.dll
2010-06-16 23:09:47 691696 -c--a-w- c:\windows\system32\drivers\sptd.sys
2010-06-16 15:16:53 107888 -c--a-w- c:\windows\system32\CmdLineExt.dll
2010-06-16 14:17:47 0 dc----w- c:\program files\SlySoft
2010-06-15 02:18:27 0 dc----w- c:\programdata\OptiTex
2010-06-15 02:16:44 0 dc----w- c:\users\candac~1\appdata\roaming\DAZ 3D
2010-06-15 02:16:24 0 dc----w- c:\program files\common files\DAZ
2010-06-15 02:15:51 0 dc----w- c:\program files\DAZ 3D
2010-06-15 01:16:04 0 dc----w- c:\program files\Xilisoft
2010-06-14 20:46:30 200 -c--a-w- c:\windows\ulead32.ini
2010-06-14 20:45:29 0 dc----w- c:\programdata\Ulead Systems
2010-06-14 20:45:23 0 dc----w- c:\program files\Ulead Systems
2010-06-14 20:44:44 0 dc----w- c:\windows\Noslip
2010-06-14 14:54:55 26600 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-14 14:54:55 107368 -c--a-w- c:\windows\system32\GEARAspi.dll
2010-06-14 14:53:59 0 dc----w- c:\program files\iPod
2010-06-14 14:53:58 0 dc----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-14 14:53:58 0 dc----w- c:\program files\iTunes
2010-06-14 14:52:48 0 dc----w- c:\programdata\Apple Computer
2010-06-14 14:51:26 0 dc----w- c:\program files\Bonjour
2010-06-09 08:27:47 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 08:27:46 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 08:27:46 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 08:27:43 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 08:27:43 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 01:45:35 0 dc----w- c:\windows\BBSTORE
2010-06-09 01:44:59 0 dc----w- c:\program files\The Learning Company
2010-06-09 01:44:46 306688 -c--a-w- c:\windows\IsUninst.exe
2010-06-09 01:44:44 0 -c--a-w- c:\windows\setup32.INI
2010-06-09 00:33:13 0 dc----w- c:\program files\YouTube Downloader
2010-06-09 00:01:12 21504 -c--a-w- c:\windows\jestertb.dll
2010-06-09 00:00:21 0 dc----w- c:\program files\Fogware
2010-06-08 23:49:33 0 dc----w- c:\program files\Davidson
2010-06-08 23:27:11 306 -c--a-w- c:\windows\KA.INI
2010-06-08 23:27:06 283648 -c--a-w- c:\windows\uninst.exe
2010-06-08 02:55:35 0 dc--a-w- c:\programdata\TEMP
2010-06-08 02:28:54 688 -c--a-w- c:\windows\wnstn.sch
2010-06-04 15:42:50 3026 -c--a-w- c:\windows\system32\drivers\hwinterface.sys
2010-06-04 14:06:54 69448 -c--a-w- c:\windows\system32\XAPOFX1_3.dll
2010-06-04 14:06:54 517448 -c--a-w- c:\windows\system32\XAudio2_4.dll
2010-06-04 14:06:53 81768 -c--a-w- c:\windows\system32\xinput1_3.dll
2010-06-04 14:06:53 235352 -c--a-w- c:\windows\system32\xactengine3_4.dll
2010-06-04 14:06:53 22360 -c--a-w- c:\windows\system32\X3DAudio1_6.dll
2010-06-04 14:06:52 3495784 -c--a-w- c:\windows\system32\d3dx9_33.dll
2010-06-04 14:06:52 2414360 -c--a-w- c:\windows\system32\d3dx9_31.dll
2010-06-04 14:06:43 0 dc----w- c:\program files\Microsoft XNA
2010-06-03 18:18:09 31732 -c--a-w- c:\windows\system32\SEBRS___.TTF
2010-06-03 18:18:09 109472 -c--a-w- c:\windows\system32\Sebran3_.ttf
2010-06-01 15:21:00 0 dc----w- c:\program files\common files\DVDVideoSoft
2010-05-26 11:49:23 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-26 00:31:36 0 dc----w- c:\users\candac~1\appdata\roaming\PrimoPDF
2010-05-26 00:30:51 176235 -c--a-w- c:\windows\system32\Primomonnt.dll
2010-05-26 00:30:50 0 dc----w- c:\program files\Nitro PDF

==================== Find3M ====================

2010-05-24 19:12:54 165379 -c--a-w- c:\windows\Zac Browser - English Uninstaller.exe
2010-05-13 15:14:30 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-12 16:21:16 221568 -c--a-w- c:\windows\system32\MpSigStub.exe
2010-05-07 15:39:36 421888 -c--a-w- c:\windows\system32\EKIJ5000MON.dll
2010-05-07 15:38:44 131072 -c--a-w- c:\windows\system32\EKIJCOINST08.dll
2010-04-29 19:33:08 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-29 19:33:02 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-29 19:33:02 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-16 13:33:36 3003680 -c--a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 12:48:03 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-16 12:45:32 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-16 12:45:32 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-16 12:45:23 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-16 12:45:19 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-08 18:20:02 91424 -c--a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20:02 107808 -c--a-w- c:\windows\system32\dns-sd.exe
2010-04-05 00:30:44 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2009-07-14 04:56:42 31548 -c--a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 -c--a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 -c--a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 -c--a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 -c--a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 -c--a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 -c--a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 -c--a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-11-24 04:16:15 245760 -csha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-01 03:18:49 245760 -csha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:12:08.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:40 PM

Posted 29 June 2010 - 02:56 AM

Hi Csjogren,

Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.

If the issue is not resolved please update me on the current condition of your computer.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:40 PM

Posted 04 July 2010 - 05:54 AM

This thread will now be closed due to lack of activity.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users