Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Agent_r.XJ


  • This topic is locked This topic is locked
3 replies to this topic

#1 dici59

dici59

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern ON, Canada
  • Local time:08:14 PM

Posted 25 December 2010 - 03:58 AM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Denise at 3:49:44.03 on 25/12/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3061.1004 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Wireless USB\Components\Association\CableAssociation.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\mqsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Denise\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Denise\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Users\Denise\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Denise\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Denise\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Denise\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\Denise\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Denise\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\sdclt.exe
C:\Users\Denise\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Users\Denise\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://ca.yahoo.com
uURLSearchHooks: H - No File
mURLSearchHooks: Mininova Toolbar: {f592709f-ff4a-4862-b659-4afabda56312} - c:\program files\mininova\tbMini.dll
mURLSearchHooks: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\tbMin0.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Mininova Toolbar: {f592709f-ff4a-4862-b659-4afabda56312} - c:\program files\mininova\tbMini.dll
TB: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\tbMin0.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [Google Update] "c:\users\denise\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [WirelessUSBManager] c:\program files\wireless usb\components\wirelessusbmanager\WirelessUSBManager.exe
mRun: [shawnotify] c:\progra~1\shaw\update\siuloader.exe /notify
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\shawsu~1.lnk - c:\program files\shaw\bin\shawsupport.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - c:\program files\mindjet\mindmanager 7\Mm7InternetExplorer.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\go333c~1\GoogleDesktopNetwork3.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\denise\appdata\roaming\mozilla\firefox\profiles\epwqxgwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://ca.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://ca.yahoo.com
FF - prefs.js: network.proxy.type - 2
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\denise\appdata\roaming\mozilla\firefox\profiles\epwqxgwb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\denise\appdata\roaming\mozilla\firefox\profiles\epwqxgwb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\denise\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\denise\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\denise\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\denise\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\denise\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\denise\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Auto Hide IP: support@auto-hide-ip.com - %profile%\extensions\support@auto-hide-ip.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-23 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-12-23 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-12-23 656320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 CableAssociation;CableAssociation;c:\program files\wireless usb\components\association\CableAssociation.exe [2008-9-28 675840]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-12-23 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-12-23 1150936]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9e07bfccecba0;Google Update Service (gupdate1c9e07bfccecba0);c:\program files\google\update\GoogleUpdate.exe [2009-5-29 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-20 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-11-21 30192]
S3 hwa;Wireless USB Host Adapter;c:\windows\system32\drivers\WSR_HWA.SYS [2008-9-28 683008]
S3 HWARadio;Wireless USB Host Radio;c:\windows\system32\drivers\WSR_RCI.SYS [2008-9-28 112640]
S3 TunnelDrv;Wireless USB Cable Association;c:\windows\system32\drivers\WSR_CBA.SYS [2008-9-28 92800]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2009-7-24 11264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSR_USF;Debug1;c:\windows\system32\drivers\WSR_USF.sys [2008-9-28 36352]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]

=============== Created Last 30 ================

2010-12-25 06:56:18 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{bf7b30bc-f959-43c4-8634-30e0d82376c5}\mpengine.dll
2010-12-24 21:06:43 -------- d-----w- c:\program files\ESET
2010-12-24 18:18:14 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-24 13:00:54 1345624 ----a-w- c:\program files\mozilla firefox\tdsskiller\TDSSKiller.exe
2010-12-24 04:14:59 -------- d-----w- c:\users\denise\appdata\roaming\SUPERAntiSpyware.com
2010-12-24 04:14:59 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-24 04:14:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-24 04:11:07 -------- d-----w- c:\users\denise\appdata\roaming\Malwarebytes
2010-12-24 04:11:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-24 04:11:03 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-24 04:11:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-24 04:11:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-24 02:17:49 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2010-12-24 02:17:49 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2010-12-24 02:17:46 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-24 02:17:46 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-12-24 02:17:35 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-24 02:17:35 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-24 02:17:11 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-24 02:16:59 -------- d-----w- c:\users\denise\appdata\roaming\PC Tools
2010-12-24 02:16:59 -------- d-----w- c:\program files\PC Tools Security
2010-12-24 02:16:59 -------- d-----w- c:\program files\common files\PC Tools
2010-12-24 02:16:59 -------- d-----w- c:\progra~2\PC Tools
2010-12-24 02:15:53 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2010-12-24 02:15:35 -------- d-----w- c:\program files\common files\xing shared
2010-12-24 02:15:15 151776 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2010-12-24 02:15:03 100352 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2010-12-24 00:56:33 -------- d-----w- c:\users\denise\appdata\roaming\AutoHideIP
2010-12-24 00:56:33 -------- d-----w- c:\progra~2\AutoHideIP
2010-12-21 01:38:49 -------- d-----w- c:\program files\iPod
2010-12-21 01:38:42 -------- d-----w- c:\program files\iTunes
2010-12-19 21:45:49 -------- d-----w- c:\users\denise\appdata\roaming\Delete Cookie
2010-12-19 21:41:28 -------- d-----w- c:\users\denise\appdata\roaming\Hide IP NG
2010-12-18 18:34:41 -------- d-----w- c:\program files\Hulu Downloader
2010-12-15 20:42:59 -------- d-----w- c:\users\denise\appdata\roaming\AVG10
2010-12-15 20:03:28 -------- d--h--w- c:\progra~2\Common Files
2010-12-15 20:00:49 -------- d-----w- c:\progra~2\AVG10
2010-12-15 19:52:35 -------- d-----w- c:\progra~2\MFAData
2010-12-15 05:16:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 05:16:20 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-09 08:15:41 605960 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-12-24 02:14:44 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-24 02:14:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 11:10:29 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-06 11:10:13 357376 ----a-w- c:\windows\system32\taskschd.dll
2010-11-06 11:10:13 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-06 11:09:57 603648 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-05 00:53:47 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-10-28 15:02:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:03:07 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-20 17:45:29 833024 ----a-w- c:\windows\system32\wininet.dll
2010-10-20 17:41:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-20 16:16:50 389632 ----a-w- c:\windows\system32\html.iec
2010-10-20 15:51:56 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 14:01:05 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:56:44 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 08:19:37 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-10-14 23:44:02 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

============= FINISH: 3:52:35.56 ===============

BC AdBot (Login to Remove)

 


#2 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:09:14 AM

Posted 02 January 2011 - 02:16 AM

Hello and welcome to Bleeping Computer.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Watch Topic near the top of the page, then select Immediate Notification. Click on Proceed.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 5 days, this topic will be closed.

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.


#3 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:09:14 AM

Posted 05 January 2011 - 03:02 AM

Hello dici59 :),

I usually close the topic after 5 days without any reply, and it has already been 3 days since my last post. Do you still need help? Any problems following my instructions? Need more time?

If I do not get any response within the next 2 days, this topic will be closed.

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.


#4 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:09:14 AM

Posted 07 January 2011 - 03:06 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users