Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something, but unable to find it??


  • This topic is locked This topic is locked
3 replies to this topic

#1 regayd

regayd

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 12 October 2010 - 12:34 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:18:04 AM, on 10/12/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\IPFax\FaxMonitor.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://drudgereport.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: CommuniKate Toolbar - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - C:\Program Files (x86)\ucietb\ucietb.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files (x86)\IPFax\FaxMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Spell Check Options... - res://C:\Program Files (x86)\ucietb\Speller.dll/RUNOPTIONS.HTM
O8 - Extra context menu item: Spell Check this page... - res://C:\Program Files (x86)\ucietb\Speller.dll/RUNSPELLER.HTM
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files (x86)\ucietb\ucietb.dll
O9 - Extra 'Tools' menuitem: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files (x86)\ucietb\ucietb.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apricorn Scheduler Service (AcrSch2Svc) - Apricorn - C:\Program Files (x86)\Common Files\Apricorn\Schedule2\schedul2.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7761 bytes

First time posting here. Not sure how this works. I've run all kinds of scans and nothing turns up. Opening links from pages results in 'unable to connect' and the 'diagnise connection problems' window. Can take 6 or 7 tries to get a page open. Computer is about six months old and ran great the first three months then rapidly got worse.

Please help!

Here are the running processes:


DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Primc at 10:14:51.25 on Tue 10/12/2010
Internet Explorer: 9.0.7930.16406
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1557 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apricorn\Schedule2\schedul2.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\IPFax\FaxMonitor.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Primc\Desktop\dds (1).scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://drudgereport.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: CommuniKate Toolbar: {2ad46959-7ee4-47c3-b976-c0912755de1f} - C:\Program Files (x86)\ucietb\ucietb.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun: [<NO NAME>]
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [FaxMonitor] C:\Program Files (x86)\IPFax\FaxMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: Spell Check Options... - C:\Program Files (x86)\ucietb\Speller.dll/RUNOPTIONS.HTM
IE: Spell Check this page... - C:\Program Files (x86)\ucietb\Speller.dll/RUNSPELLER.HTM
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - C:\Program Files (x86)\ucietb\ucietb.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-7-2 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-7-2 267432]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-7-2 81072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-15 1255736]

=============== Created Last 30 ================

2010-10-12 11:56:25 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{FDCB2481-4ED2-49D4-AB5A-B71972976659}\mpengine.dll
2010-10-11 18:08:25 388096 ----a-r- C:\Users\Primc\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-11 18:08:25 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-10-11 16:25:59 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-11 16:25:59 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-11 16:25:58 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-11 16:25:57 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-11 16:25:57 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-11 16:25:56 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-11 16:25:56 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-11 16:15:18 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-10-11 16:15:17 899072 ----a-w- C:\Windows\System32\d2d1.dll
2010-10-11 16:15:17 737280 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-10-11 16:15:17 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-10-11 16:15:17 1844224 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-10-11 16:15:17 1543168 ----a-w- C:\Windows\System32\DWrite.dll
2010-10-11 16:15:17 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-10-11 16:15:17 1137664 ----a-w- C:\Windows\System32\FntCache.dll
2010-10-11 16:15:17 1076224 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-10-11 16:14:40 466432 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-10-11 16:14:40 279552 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-10-11 16:14:40 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-10-11 16:14:40 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-10-11 16:13:57 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2010-10-11 16:13:56 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2010-10-11 16:12:47 -------- d-----w- C:\Program Files (x86)\Feedback Tool
2010-10-10 05:02:31 -------- d-----w- C:\Users\Primc\AppData\Roaming\Malwarebytes
2010-10-10 05:02:22 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-10 05:02:20 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-10 05:02:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-10 05:02:20 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-10 00:11:54 -------- d-----w- C:\Users\Primc\AppData\Roaming\Avira
2010-10-05 01:33:18 -------- d-----w- C:\Lexmark
2010-10-05 01:24:47 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LXKPTPRC.DLL
2010-09-29 10:00:54 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 02:04:24 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-29 02:04:24 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-15 20:57:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe

==================== Find3M ====================

2010-09-09 22:39:14 2826240 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2010-09-01 21:24:35 608 --sha-w- C:\Windows\System32\winzvprt5.sys
2010-09-01 07:46:36 1355264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2010-09-01 07:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-01 07:44:30 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-01 07:44:24 1122304 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-01 07:44:06 424960 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-09-01 07:43:22 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-01 07:43:12 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-01 07:43:12 114176 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-01 07:43:10 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2010-09-01 07:43:10 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2010-09-01 07:43:02 448512 ----a-w- C:\Windows\System32\html.iec
2010-09-01 07:41:56 601088 ----a-w- C:\Windows\System32\vbscript.dll
2010-09-01 07:40:56 76800 ----a-w- C:\Windows\System32\tdc.ocx
2010-09-01 07:40:40 215552 ----a-w- C:\Windows\System32\msls31.dll
2010-08-10 12:15:58 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-08-10 12:15:58 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-07-16 20:51:00 14904 ----a-w- C:\Windows\help\OEM\Scripts\LaunchHPForums.exe

============= FINISH: 10:15:04.73 ===============

EDIT: Posts merged ~BP

Edited by Budapest, 12 October 2010 - 04:09 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:08 AM

Posted 20 October 2010 - 04:31 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 regayd

regayd
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 20 October 2010 - 06:01 PM

Thanks for your reply. I wasn't sure how long the turn around would be here and the problems got so that I couldn't do much of anything. I just reformatted and then spent to hours on the phone with Hp customer support. Things are running great now! I just got up an running and haven't even had time to update this post.

Thanks again. Feel free to close this.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:08 AM

Posted 20 October 2010 - 06:23 PM

Thanks for letting me know. :thumbup2:

---------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users