Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Restore virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 luv2bike2nv

luv2bike2nv

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 27 April 2011 - 04:54 PM

windows XP SP3, MS Updates are up to date.

I have followed the instructions to remove Windows Restore virus from Bleepingcomputer.com, I believe the virus has been removed however I noticed that when the user (who has admin rights to the computer) logs into the computer Task Manger is grayed out. If I log in to the computer I can access Task Manager and I have admin rights as well.
I downloaded and ran RKill, did not reboot the computer.
Ran Malwarebytes which found 3 infections (1 folder and 2 files) and quarantined and deleted them all successfully.
Downloaded and ran Unhide.
Ran the Secunia Personal Software Inspector, which found a couple of programs that were out of date.

I rebooted the computer and I have not seen the Windows Restore box come up, however as mentioned above, Task Manager is grayed out when the user logs in, so I am thinking that there is something else that is infected on this computer. I don't know of any other issues besides that one. What could be causing Task Manager to be grayed out when the user logs in (who is an admin on the computer)?


with that said, I followed the Preparationi guide for use before using Malware removal tools and requestin help etc....
below is the DDS.txt text:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by robinadmin at 12:08:51.09 on Tue 04/26/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1246 [GMT -7:00]
.
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {9096DA61-DBD7-4B25-A1E7-43BBB3352FC0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\PMService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\PatchLink\Update Agent\GravitixService.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\QO6EAD.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\PatchLink\Update Agent\pddm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\robinadmin\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [EPA_EZ_GPO_Tool] c:\windows\system32\EZ_GPO_Tool.exe
mRun: [niDevMon] c:\program files\national instruments\ni-daq\hwconfig\nidevmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PDDM] c:\program files\patchlink\update agent\pddm.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 1 = bckgzm.exe
uPolicies-disallowrun: 2 = chkrzm.exe
uPolicies-disallowrun: 3 = freecell.exe
uPolicies-disallowrun: 4 = hrtzzm.exe
uPolicies-disallowrun: 5 = mshearts.exe
uPolicies-disallowrun: 6 = pinball.exe
uPolicies-disallowrun: 7 = Rvsezm.exe
uPolicies-disallowrun: 8 = shvlzm.exe
uPolicies-disallowrun: 9 = sol.exe
uPolicies-disallowrun: 10 = spider.exe
uPolicies-disallowrun: 11 = winmine.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: patch.alvaka.net
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2008-8-21 15448]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 EPA_GPO_PMService;Energy Star™ EZ GPO Power Management Configuration Tool;c:\windows\system32\PMService.exe [2009-6-17 94208]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-16 2146496]
R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [2008-8-21 12696]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2007-4-16 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2007-4-16 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [2007-4-16 674304]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2008-8-21 12696]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2007-4-16 50688]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\ivi foundation\visa\winnt\nivisa\niLxiDiscovery.exe [2009-3-5 131704]
R2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\national instruments\shared\mdns responder\nimdnsResponder.exe [2009-6-4 193648]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2007-4-16 30208]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2009-6-4 11344]
R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [2007-4-16 111616]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2009-6-21 11360]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2008-11-26 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2008-11-26 36432]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2008-6-13 11360]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2008-11-23 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2008-12-29 11360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c987e37860d211;Google Update Service (gupdate1c987e37860d211);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-6 30192]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-5 20104]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2009-4-1 26192]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2009-6-17 11344]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2009-4-1 22608]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2009-1-28 16968]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2009-1-2 11352]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2009-5-28 11336]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2009-6-16 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2009-6-17 11344]
S3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2009-5-27 11360]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2009-5-28 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2009-5-28 11336]
S3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2009-6-17 11640]
S3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [2009-4-8 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-12-29 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2009-6-5 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2009-6-5 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2009-6-16 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2009-3-30 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2009-5-26 11904]
S3 nipalusb;NI-PAL USB Driver;c:\windows\system32\drivers\nipalusb.sys [2009-5-26 10872]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2009-5-26 11896]
S3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [2009-6-11 11392]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2008-6-25 20568]
S3 nirfsa2k;nirfsa2k;c:\windows\system32\drivers\niRFSA2kl.sys [2009-6-1 11328]
S3 niRFSGk;niRFSGk;c:\windows\system32\drivers\niRFSGkl.sys [2009-4-27 11328]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2009-1-5 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2009-2-5 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2009-3-30 11344]
S3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [2009-6-18 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2009-1-5 11376]
S3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [2009-6-26 11352]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2009-5-28 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-1-2 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-1-2 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-7-28 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2009-1-2 11360]
S3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2009-4-10 11328]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2009-5-28 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2009-3-5 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2009-6-21 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2009-5-28 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2009-5-28 11336]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2007-4-27 575064]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [2009-3-9 29152]
S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-26 17:09:04 -------- d-----w- c:\docume~1\robina~1\locals~1\applic~1\Secunia PSI
2011-04-26 17:08:56 -------- d-----w- c:\program files\Secunia
2011-04-21 21:26:38 -------- d-sh--w- c:\documents and settings\robinadmin\PrivacIE
2011-04-21 20:13:40 -------- d-----w- c:\docume~1\robina~1\locals~1\applic~1\Sunbelt Software
2011-04-21 19:28:18 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-21 15:49:33 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-21 15:03:43 -------- d-----w- c:\program files\Lavasoft
2011-04-21 13:56:31 -------- dc----w- c:\docume~1\alluse~1\applic~1\{870E601A-FE70-4098-94B2-6E9963FCAA51}
2011-04-21 13:55:16 -------- d-----w- c:\docume~1\robina~1\applic~1\GlarySoft
2011-04-20 19:18:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-20 19:18:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-20 19:16:35 -------- d-----w- c:\program files\SpywareBlaster
2011-04-20 19:16:00 -------- d-----w- c:\program files\Glary Utilities
2011-04-20 19:13:56 -------- d-----w- c:\docume~1\robina~1\applic~1\Malwarebytes
2011-04-20 19:13:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 19:13:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-20 19:13:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 19:13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-20 18:58:55 -------- d-sh--w- c:\documents and settings\robinadmin\IETldCache
2011-04-15 20:22:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-04-15 20:22:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-04-15 20:22:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-04-15 20:22:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-04-15 20:22:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-04-15 20:22:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-04-15 20:22:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
.
============= FINISH: 12:10:12.46 ===============


Thank you so much for your assistance. :)

Robin

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:37 AM

Posted 07 May 2011 - 12:10 PM

Hello luv2bike2nv ,



Sorry for the delay. :( If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:37 AM

Posted 12 June 2011 - 01:45 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users