Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rouge Trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 D!3.xero

D!3.xero

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 10 March 2011 - 01:35 PM

first of all, hi my name is Dave.

i pulled a newbie and ran a batch file that i got from *something* that i downloaded from the internet.
needless to say, my computer is now bleeped up.
please save me and my beloved machine by sharing some of your infinite wisdom.


Peace and Love,

-Dave



--------------------------------------------------------------------------------------------------------------------------------

<!-- OS is 64-bit vista, hence no gmer log. -->

<!-- i deleted conime a long time ago, it has since reappeared. -->
<!-- when i tried to run unlocker in safe mode, it was killed (obviously) -->
<!-- when i right-clicked on unlocker, then on properties some strange process called fileextloader.exe popped up for a second in taskmgr.exe,
i tried to right-click it to open file location, but it just hides without showing me the goods. did the same thing when i tried to click on properties.
will edit with screenshot -->

--------------------------------------------------------------------------------------------------------------------------------





.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by xero at 9:14:30.67 on 10/03/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.4026.2781 [GMT -8:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\vfsFPService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\agr64svc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\xero\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer = http=
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\xero\AppData\Roaming\Mozilla\Firefox\Profiles\wdny6kkc.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: C:\Users\xero\AppData\Roaming\Mozilla\Firefox\Profiles\wdny6kkc.default\extensions\firesheep@codebutler.com\platform\WINNT_x86-msvc\components\mozpopen.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-10 55280]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-7 125440]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-7-17 302928]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-2-17 365952]
R2 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-11-18 721712]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-9-21 126464]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-6-25 24664]
R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETwNv64.sys [2010-8-29 7653888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-5-19 89920]
S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-6-15 30520]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-03-10 09:05:52 -------- d-----w- C:\Users\xero\AppData\Local\temp
2011-03-10 08:55:51 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-10 08:38:13 98816 ----a-w- C:\Windows\sed.exe
2011-03-10 08:38:13 89088 ----a-w- C:\Windows\MBR.exe
2011-03-10 08:38:13 256512 ----a-w- C:\Windows\PEV.exe
2011-03-10 08:38:13 161792 ----a-w- C:\Windows\SWREG.exe
2011-03-10 07:45:37 -------- d-----w- C:\Program Files (x86)\Unlocker
2011-03-09 08:36:12 12554240 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
2011-03-09 08:36:08 88896 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\mgspidx.dll
2011-03-09 08:30:36 9859072 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
2011-03-09 08:27:44 -------- d-----w- C:\PROGRA~3\Age of Empires 3
2011-03-09 06:30:04 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games
2011-03-09 06:29:25 34304 ------r- C:\Program Files (x86)\Microsoft Games\Age of Empires III\SetupENU2.dll
2011-03-09 01:17:07 2425344 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-09 01:17:07 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-09 01:17:06 731136 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-09 01:17:06 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-09 01:17:03 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-09 01:17:03 416768 ----a-w- C:\Windows\System32\sbe.dll
2011-03-09 01:17:02 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-09 01:17:02 322560 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 01:17:02 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 01:17:02 210944 ----a-w- C:\Windows\System32\sbeio.dll
2011-03-09 01:17:02 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-09 01:17:02 153088 ----a-w- C:\Windows\SysWow64\sbeio.dll
2011-03-06 19:42:56 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-03-06 19:13:00 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys
2011-03-06 19:11:31 -------- d-----w- C:\Users\xero\AppData\Roaming\DAEMON Tools Lite
2011-03-06 19:11:27 -------- d-----w- C:\PROGRA~3\DAEMON Tools Lite
2011-03-02 00:00:49 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-03-02 00:00:48 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-02-28 20:14:21 15256 ----a-w- C:\Users\xero\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2011-02-28 19:42:14 462864 ----a-w- C:\Windows\SysWow64\d3dx10_37.dll
2011-02-28 19:42:14 1420824 ----a-w- C:\Windows\SysWow64\D3DCompiler_37.dll
2011-02-28 19:42:11 3786760 ----a-w- C:\Windows\SysWow64\D3DX9_37.dll
2011-02-28 19:42:10 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2011-02-28 19:41:15 -------- d-----w- C:\Windows\SysWow64\xlive
2011-02-28 19:41:14 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-02-27 22:36:53 -------- d-----w- C:\Program Files (x86)\Sierra
2011-02-27 01:27:08 -------- d-----w- C:\Users\xero\AppData\Local\PassMark
2011-02-27 01:25:26 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2011-02-27 01:25:26 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2011-02-27 01:25:22 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2011-02-27 01:25:16 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll
2011-02-27 01:24:19 -------- d-----w- C:\PROGRA~3\Passmark
2011-02-27 01:24:18 -------- d-----w- C:\Program Files\PerformanceTest
2011-02-26 23:19:33 -------- d-----w- C:\Users\xero\AppData\Local\Gas Powered Games
2011-02-26 07:15:59 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll
2011-02-26 07:15:59 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
2011-02-26 07:13:29 -------- d-----w- C:\Program Files (x86)\TmNationsForever
2011-02-26 03:11:43 -------- d-----w- C:\Users\xero\AppData\Local\Trapped Dead
2011-02-26 03:11:43 -------- d-----w- C:\Users\xero\AppData\Local\CrashRpt
2011-02-26 03:11:17 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-02-25 22:33:28 -------- d-----w- C:\Users\xero\AppData\Roaming\Rovio
2011-02-20 21:33:11 1251840 ----a-w- C:\Windows\System32\sdclt.exe
2011-02-20 21:33:00 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-02-20 21:33:00 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-02-20 21:27:48 96256 ----a-w- C:\Windows\System32\fontsub.dll
2011-02-20 21:27:48 72704 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-02-20 21:27:48 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-20 21:27:48 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-20 21:27:48 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-20 21:27:48 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-20 21:27:45 2757632 ----a-w- C:\Windows\System32\win32k.sys
2011-02-20 21:26:39 87552 ----a-w- C:\Windows\System32\consent.exe
2011-02-20 21:20:26 4699024 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-02-20 21:20:25 1585168 ----a-w- C:\Windows\System32\ntdll.dll
2011-02-20 21:20:24 1168512 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-02-20 21:20:01 855040 ----a-w- C:\Windows\System32\schedsvc.dll
2011-02-20 21:20:01 655872 ----a-w- C:\Windows\System32\taskschd.dll
2011-02-20 21:20:01 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-02-20 21:20:00 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2011-02-20 21:20:00 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll
2011-02-20 21:20:00 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2011-02-20 21:20:00 267776 ----a-w- C:\Windows\System32\taskeng.exe
2011-02-20 21:20:00 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2011-02-20 10:15:41 -------- d-----w- C:\Users\xero\AppData\Local\Google Translator
2011-02-14 09:42:10 -------- d-----w- C:\Users\xero\AppData\Local\IsolatedStorage
2011-02-14 09:41:08 -------- d-----w- C:\Users\xero\AppData\Local\Sublight_Labs
2011-02-14 09:41:03 -------- d-----w- C:\Program Files (x86)\Sublight
.
==================== Find3M ====================
.
2011-02-28 00:00:34 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2011-01-20 16:46:10 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-20 16:17:15 366592 ----a-w- C:\Windows\System32\winspool.drv
2011-01-20 16:17:03 625152 ----a-w- C:\Windows\System32\dxgi.dll
2011-01-20 16:16:53 287232 ----a-w- C:\Windows\System32\d3d10core.dll
2011-01-20 16:16:52 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-01-20 16:16:52 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-01-20 16:16:52 1268224 ----a-w- C:\Windows\System32\d3d10.dll
2011-01-20 16:16:47 748544 ----a-w- C:\Windows\System32\stobject.dll
2011-01-20 16:16:40 47104 ----a-w- C:\Windows\System32\cdd.dll
2011-01-20 16:16:10 3548672 ----a-w- C:\Windows\System32\mf.dll
2011-01-20 16:16:08 35840 ----a-w- C:\Windows\System32\printfilterpipelineprxy.dll
2011-01-20 16:14:49 278528 ----a-w- C:\Windows\System32\mfplat.dll
2011-01-20 16:14:49 195072 ----a-w- C:\Windows\System32\mfps.dll
2011-01-20 16:08:16 478720 ----a-w- C:\Windows\SysWow64\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
2011-01-20 16:07:42 258048 ----a-w- C:\Windows\SysWow64\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- C:\Windows\SysWow64\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- C:\Windows\SysWow64\mf.dll
2011-01-20 16:04:54 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- C:\Windows\SysWow64\mfplat.dll
2011-01-20 15:01:50 3068416 ----a-w- C:\Windows\System32\xpsservices.dll
2011-01-20 15:01:09 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-20 14:59:59 1032192 ----a-w- C:\Windows\System32\printfilterpipelinesvc.exe
2011-01-20 14:58:38 1461760 ----a-w- C:\Windows\System32\OpcServices.dll
2011-01-20 14:57:44 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-20 14:57:28 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll
2011-01-20 14:42:00 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll
2011-01-20 14:41:29 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
2011-01-20 14:40:17 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll
2011-01-20 14:40:14 34304 ----a-w- C:\Windows\System32\mfpmp.exe
2011-01-20 14:40:11 377344 ----a-w- C:\Windows\System32\mfmp4src.dll
2011-01-20 14:37:06 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-01-20 14:35:30 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2011-01-20 14:28:38 1554432 ----a-w- C:\Windows\SysWow64\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-20 14:25:25 847360 ----a-w- C:\Windows\SysWow64\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2011-01-20 14:06:15 834048 ----a-w- C:\Windows\System32\d2d1.dll
2011-01-20 14:02:46 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-01-20 14:02:44 1147904 ----a-w- C:\Windows\System32\FntCache.dll
2011-01-20 13:47:51 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-01-16 16:42:20 40960 ----a-w- C:\Windows\SysWow64\cliconfg.rll
2011-01-16 16:29:27 40960 ----a-w- C:\Windows\System32\cliconfg.rll
2011-01-16 16:23:04 442368 ----a-w- C:\Windows\sttray64.exe
2011-01-16 16:11:59 1486848 ----a-w- C:\Windows\bsdsetup.dll
2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll
2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
2010-12-18 06:55:17 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-12-18 06:50:55 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:50:36 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-12-18 06:50:16 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-12-18 06:50:16 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-12-18 06:27:04 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-12-18 05:57:45 479232 ----a-w- C:\Windows\System32\html.iec
2010-12-18 05:25:26 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 05:16:59 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-12-18 05:15:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 04:48:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 9:15:00.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:37 AM

Posted 15 March 2011 - 07:56 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:37 AM

Posted 20 March 2011 - 07:15 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users