Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

java/ddr.agent and applications not responding


  • This topic is locked This topic is locked
2 replies to this topic

#1 romymart

romymart

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 15 November 2010 - 02:52 PM

hello,

here is my problem:

I used to have a Sony Vaio laptop but it started not responding and freezing all the time...I ran a virus scan but everything came back clean. I tried to restore it to previous configurations or to restore it to factory settings and reinstall everything, but it wouldn't let me do it. The computer was old, so I thought it was just going out on me and bought a new laptop (HP).
I used a data cable so that the new laptop had the same data and configuration of the old one and everything seemed to work fine until yesterday, when the new laptop started having the same problems as the old one.
when I use firefox, it takes forever to load a page and the application is often not responding. I tried to use explorer instead, but with the same results.
Also when I try to use other applications, they freeze and start not responding as well.

I ran a virus scan with Avira antivirus (the free one) and it showed I had java/ddr.agent and 3 hidden objects.
It quarantined java/ddr.agent, but it didn't do anything with the hidden objects (I don't even know what they are).

Since it quarantined that .agent, it seemed to work better, until I used firefox again and everything (every application I open) started freezing and taking forever to open.

I tried restoring it to a previous configuration, but it's telling me that there isn't a restore point set, even if I remember setting one previously.

I read online that a lot of people had this problem with Windows 7, but my old laptop was using Windows Vista and I had the same problems.
Could it be a rootkit?
I ran all the applications you suggested, but when I ran gmer, the log file came out blank.


dds log:


DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by BaBing at 11:47:41.01 on Mon 11/15/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2379 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Avira\AntiVir Desktop\guardhlp.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
H:\scan\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Qwest
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
mRun-x64: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
mRun-x64: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\BaBing\AppData\Roaming\Mozilla\Firefox\Profiles\vnefe1oa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-5-23 98208]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-10-23 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-10-23 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-10-23 81584]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-8-4 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE [2010-5-23 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-5 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-3-5 271872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-5 347680]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-5-23 1088544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-11 245792]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-23 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-11-15 05:23:25 -------- d-----w- C:\Users\BaBing\Pavark
2010-11-15 03:06:43 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{D2E3E941-ADDC-411C-8DF3-C1E301AE952A}\mpengine.dll
2010-11-11 21:14:51 9112096 ----a-w- C:\Windows\SysWow64\RtsUStoricon.dll
2010-11-11 21:14:51 245792 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys
2010-11-11 21:14:48 422432 ----a-w- C:\Windows\System32\RtsUStor.dll
2010-11-06 03:20:27 396584 ----a-w- C:\Windows\System32\SynCOM.dll
2010-11-06 03:20:27 318000 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2010-11-06 03:20:27 265000 ----a-w- C:\Windows\System32\SynCtrl.dll
2010-11-06 03:20:27 214824 ----a-w- C:\Windows\System32\SynTPAPI.dll
2010-11-06 03:20:27 210216 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2010-11-06 03:20:27 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2010-11-06 03:20:27 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2010-11-06 03:20:27 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2010-11-06 03:19:48 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2010-11-06 03:19:48 347680 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2010-11-06 03:19:11 158976 ----a-w- C:\Windows\System32\drivers\Impcd.sys
2010-11-06 03:18:31 476192 ----a-w- C:\Windows\System32\RtkApi64.dll
2010-11-06 03:18:31 332320 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2010-11-06 03:18:31 2603040 ----a-w- C:\Windows\System32\RtkAPO64.dll
2010-11-06 03:18:31 2374560 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2010-11-06 03:18:31 1964576 ----a-w- C:\Windows\System32\RtPgEx64.dll
2010-11-06 03:18:31 149536 ----a-w- C:\Windows\System32\RtkCfg64.dll
2010-11-06 03:18:31 1146912 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2010-11-06 03:18:30 70176 ----a-w- C:\Windows\System32\RCoInst64.dll
2010-11-06 03:18:30 1216032 ----a-w- C:\Windows\System32\RTCOM64.dll
2010-11-03 20:15:48 -------- d-----w- C:\Program Files (x86)\Amazon
2010-10-31 17:31:47 -------- d-----w- C:\Users\BaBing\AppData\Roaming\Windows Live Writer
2010-10-31 17:31:47 -------- d-----w- C:\Users\BaBing\AppData\Local\Windows Live Writer
2010-10-29 05:19:36 -------- d-----w- C:\Windows\SysWow64\spool
2010-10-29 05:16:43 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2010-10-28 19:48:56 -------- d-----w- C:\Users\BaBing\AppData\Roaming\HP Support Assistant
2010-10-27 15:07:37 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 15:07:37 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 15:07:37 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 15:07:36 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 15:07:36 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 15:07:36 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 15:07:36 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 15:07:32 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-27 00:24:18 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-27 00:13:31 -------- d-----w- C:\Windows\en
2010-10-27 00:11:25 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-10-27 00:11:25 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-10-27 00:11:25 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-10-27 00:11:25 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-10-26 03:09:00 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2332b7811cb74bb22\MeshBetaRemover.exe
2010-10-26 03:08:44 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\192f3f081cb74bb1a\DSETUP.dll
2010-10-26 03:08:44 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\192f3f081cb74bb1a\DXSETUP.exe
2010-10-26 03:08:44 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\192f3f081cb74bb1a\dsetup32.dll
2010-10-26 03:08:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17c040591cb74bb19\DSETUP.dll
2010-10-26 03:08:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17c040591cb74bb19\DXSETUP.exe
2010-10-26 03:08:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17c040591cb74bb19\dsetup32.dll
2010-10-26 03:07:58 -------- d-----w- C:\Users\BaBing\AppData\Local\Windows Live
2010-10-26 03:07:31 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-26 03:07:31 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-26 03:07:30 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-26 03:07:30 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-26 03:07:30 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-26 03:07:29 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-26 03:07:29 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-26 03:06:13 -------- d-----w- C:\Users\BaBing\AppData\Local\Microsoft Help
2010-10-25 22:40:23 -------- d-----w- C:\Users\BaBing\AppData\Roaming\Avira
2010-10-25 18:14:47 -------- d-----w- C:\Users\BaBing\AppData\Roaming\WildTangent
2010-10-24 02:36:55 -------- d-----w- C:\Users\BaBing\AppData\Local\Adobe
2010-10-23 18:10:39 -------- d-----w- C:\Windows\SysWow64\Wat
2010-10-23 18:10:39 -------- d-----w- C:\Windows\System32\Wat
2010-10-23 17:45:32 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-10-23 17:45:32 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-10-23 17:45:32 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-10-23 17:45:31 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-10-23 17:45:31 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-10-23 17:45:31 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-10-23 17:45:31 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-10-23 17:45:31 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-10-23 17:45:31 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-10-23 17:45:31 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-10-23 17:36:13 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-10-23 17:36:12 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-10-23 16:07:11 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-10-23 16:07:11 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2010-10-23 16:07:11 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2010-10-23 16:05:59 -------- d-----w- C:\Users\BaBing\AppData\Local\Apple
2010-10-23 16:05:31 -------- d-----w- C:\Program Files\Bonjour
2010-10-23 16:05:31 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-10-23 15:56:44 81584 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-10-23 15:56:44 -------- d-----w- C:\Program Files (x86)\Avira
2010-10-23 15:56:44 -------- d-----w- C:\PROGRA~3\Avira
2010-10-23 15:42:56 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2010-10-23 15:37:21 -------- d-----r- C:\Program Files (x86)\Skype
2010-10-23 04:19:17 -------- d-----w- C:\Users\BaBing\AppData\Local\Apple Computer
2010-10-23 04:19:00 -------- d-----w- C:\Users\BaBing\AppData\Local\Mozilla
2010-10-23 04:17:16 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-23 04:09:36 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-10-23 04:05:28 -------- d-----w- C:\Users\BaBing\AppData\Roaming\HpUpdate
2010-10-23 04:04:17 -------- dc----w- C:\Users\BaBing\AppData\Local\MigWiz
2010-10-23 03:54:50 -------- d-----w- C:\Users\BaBing\AppData\Local\VirtualStore
2010-10-23 03:54:38 -------- d-----w- C:\Users\BaBing\AppData\Roaming\hpqlog
2010-10-23 03:54:25 -------- d-----w- C:\Users\BaBing\AppData\Local\Hewlett-Packard
2010-10-23 03:46:33 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-10-23 03:46:33 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-10-23 03:46:33 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-10-23 03:46:33 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

==================== Find3M ====================

2010-11-06 03:19:22 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2010-11-06 03:17:38 1251872 ----a-w- C:\Windows\RtlExUpd.dll
2010-09-23 07:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 07:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 21:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 21:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 11:48:38.69 ===============


thank you for your help!!

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 PM

Posted 23 November 2010 - 09:05 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 PM

Posted 28 November 2010 - 07:33 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users