Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What's controlling my computer?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Callmemum

Callmemum

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern California
  • Local time:05:49 PM

Posted 06 May 2011 - 07:21 AM

My computer is running several programs I don't want and didn't install. My BIOS setup looks strange to me, although that may just be a 'new' style. In setup, I don't have any info about hard drives, memory access and other major stuff. PC itself denies me access to many files. If I make changes in files, or to the registry, on re-boot, it's like I never did anything at all. I've tried restore, recovery, and even wiped one of my PCs with drive erase (this is affecting 3 computers) My system seems to have some sort of virtual disk, or RAID setup installed. I try to uninstall programs, like iis, net framework, sql, visual c+ etc, and after a couple of programs, the installed programs screen goes blank, and says, quote, there are no programs installed on this computer. I've run every anti-virus I can find, showing no infections. I do have run and run once pgms on start up, if I disable or delete they come right back, also a rundll32. Logs show that sysprep or winpe are being used to run setup. Registry entries show that only terminal services users may install any setup pgms. Terminal services, remote desktop, and several remote access programs run freely, without my being able to disable them. I have gotten so paranoid I wonder if someone has set up my lojack programs in their own name, to be able to control my PC at will? My wireless adapter buttons go backwards, meaning if I click disable wireless, I'm actually enabling it. The panel button doesn't work at all, it shows that I'm always disconnected (red) even if wireless is on. I have several wireless miniadapters, which are active but won't show up in network lists. Looking at available networks, there will be 5 or 6 'local networks' which I'm set up to connect to automatically, whether my preferred network or not, I had Norton set to 'block ALL network access' when it said you are now connected to a local network with file and printer sharing enabled. click restrict if you don't want to share....clicking restrict got me a msg. saying Norton couldn't locate the network, it must be a VPN or no longer online, yet it was still online. My backups are removed without my doing it, my anti-virus programs settings are changed without my doing it, whether I set them with a password or not. I find logs listing my passwords to my router and to my PC. and so forth and so on! Half my PC seems to be a 'shared' file, which I can't disable. I even had a 'certified' repair guy look at all my computers, and he couldn't find anything wrong. I can't access Microsoft update websites, or several major anti-virus security websites, I get msgs saying the server can't locate, or get bounced to a redirect somewhere else. Help!!! Please! I ran DDS in safe mode, and attach here. GMER didn't install the way it was supposed to, I couldn't check options, I run a 64 bit machine, that may be the problem. If logs are needed in regular mode, I'll try, but I get shut down pretty quickly by my 'non-existent' problems...Thanks for anyone who can figure any of this out! Also, I'm unsure, should I paste logs or attach? and did u need dds.attach or just txt? I will run hijack this, as soon as out of safe mode, it wouldn't allow me to install in safe mode.
.
DDS (Ver_11-03-05.01) - NTFS_AMD64 NETWORK
Run by GRETCH at 4:06:37.43 on Fri 05/06/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1977 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\GRETCH\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRunOnce-x64: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\GRETCH\AppData\Roaming\Mozilla\Firefox\Profiles\s91htynb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0402000.00C\symds64.sys [2011-4-23 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0402000.00C\symefa64.sys [2011-4-23 221232]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-4-22 38456]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110430.001\BHDrvx64.sys [2011-5-4 1127032]
S1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0402000.00C\cchpx64.sys [2011-4-23 615040]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110504.001\IDSviA64.sys [2011-5-4 476792]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0402000.00C\ironx64.sys [2011-4-23 150064]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0402000.00C\symtdiv.sys [2011-4-23 451120]
S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [2011-4-23 126392]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-20 7767552]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-20 279040]
S3 AtiDCM;AtiDCM;C:\Users\GRETCH\AppData\Local\Temp\atdcm64a.sys [2011-5-6 26640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-4-23 132656]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-4-22 245792]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-22 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-22 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-22 98208]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-22 203264]
S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-6-25 92216]
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
S4 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
.
=============== Created Last 30 ================
.
2011-05-06 07:28:36 -------- d-----w- C:\Program Files\ATI Technologies
2011-05-06 04:22:59 -------- d-----w- C:\Users\GRETCH\AppData\Roaming\WinBatch
2011-05-06 04:10:01 -------- d-----w- C:\Windows\pss
2011-05-06 03:38:58 -------- d-----w- C:\Users\GRETCH\AppData\Local\ElevatedDiagnostics
2011-05-06 02:37:15 -------- d-----w- C:\PROGRA~3\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2011-04-26 15:47:58 -------- d-----w- C:\Users\GRETCH\AppData\Local\Diagnostics
2011-04-26 15:08:28 -------- dc----w- C:\Users\GRETCH\AppData\Local\MigWiz
2011-04-23 19:48:03 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\symtdiv.sys
2011-04-23 19:48:02 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\cchpx64.sys
2011-04-23 19:48:02 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\srtsp64.sys
2011-04-23 19:48:02 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0402000.00C\symds64.sys
2011-04-23 19:48:02 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\srtspx64.sys
2011-04-23 19:48:02 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\symefa64.sys
2011-04-23 19:48:02 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\ironx64.sys
2011-04-23 19:47:34 -------- d-----w- C:\Windows\System32\drivers\N360x64\0402000.00C
2011-04-23 17:40:47 -------- d-----w- C:\Users\GRETCH\AppData\Roaming\Auslogics
2011-04-23 17:26:41 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-04-23 17:17:53 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-04-23 17:17:53 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
2011-04-23 17:17:53 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
2011-04-23 17:17:51 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-04-23 17:17:32 -------- d-----w- C:\Program Files\Symantec
2011-04-23 17:17:32 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-04-23 17:17:10 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-04-23 17:17:09 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2011-04-23 17:16:59 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-04-23 06:13:25 -------- d-----w- C:\Windows\System32\SPReview
2011-04-23 06:12:41 -------- d-----w- C:\Windows\System32\EventProviders
2011-04-23 06:10:00 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-04-23 06:10:00 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-04-23 06:08:59 933888 ----a-w- C:\Windows\System32\sqlsrv32.dll
2011-04-23 06:07:59 80896 ----a-w- C:\Windows\SysWow64\QUTIL.DLL
2011-04-23 06:05:09 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-04-23 06:05:09 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-04-23 06:05:09 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-04-23 06:05:03 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-04-23 06:05:01 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-04-23 06:04:43 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-04-23 06:04:43 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-04-23 05:46:51 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-04-23 05:46:51 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-04-23 05:46:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-04-23 05:46:50 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-04-23 05:46:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-04-23 05:13:00 -------- d-----w- C:\Windows\SysWow64\Wat
2011-04-23 05:13:00 -------- d-----w- C:\Windows\System32\Wat
2011-04-23 05:10:30 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-04-23 05:08:05 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-04-23 05:08:05 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-04-23 05:08:05 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-04-23 05:08:05 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-04-23 04:21:05 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-04-23 04:20:12 8802128 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{4D2A152A-E6C0-4CD5-AC46-BC14613924A1}\mpengine.dll
2011-04-23 04:17:51 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-04-23 04:16:45 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-04-23 04:16:45 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-04-23 04:16:34 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-04-23 04:16:34 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-04-23 04:16:34 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-04-23 04:16:34 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-04-23 04:16:34 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-04-23 04:16:34 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-04-23 04:16:33 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-04-23 04:13:19 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-04-23 04:13:19 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-23 04:11:29 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-04-23 04:11:29 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-23 04:11:29 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-23 04:11:29 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-23 02:29:07 -------- d-----w- C:\Users\GRETCH\AppData\Local\Adobe
2011-04-23 02:28:27 -------- d-----w- C:\Users\GRETCH\AppData\Local\ATI
2011-04-22 17:48:45 -------- d-----w- C:\Users\GRETCH\AppData\Roaming\hpqLog
2011-04-22 17:48:21 -------- d-----w- C:\Users\GRETCH\AppData\Local\VirtualStore
2011-04-22 17:48:00 -------- d-----w- C:\Users\GRETCH\AppData\Local\Hewlett-Packard
2011-04-22 15:45:29 141399376 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc3ABE.tmp
2011-04-22 15:44:42 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2011-04-22 15:41:17 -------- d-----w- C:\Windows\ehome
2011-04-22 15:39:06 -------- d-----w- C:\Program Files (x86)\HP Games
2011-04-22 15:39:05 -------- d-----w- C:\PROGRA~3\WildTangent
2011-04-22 15:36:53 -------- d-----w- C:\PROGRA~3\Norton
2011-04-22 15:36:12 -------- d-----w- C:\PROGRA~3\NortonInstaller
2011-04-22 15:35:55 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2011-04-22 15:34:40 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-04-22 15:34:23 -------- d-----w- C:\PROGRA~3\Uninstall
2011-04-22 15:34:13 -------- d-----w- C:\PROGRA~3\CinemaNow
2011-04-22 15:34:10 -------- d-----w- C:\Program Files (x86)\CinemaNow
2011-04-22 15:34:00 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2011-04-22 15:32:25 -------- d-----w- C:\PROGRA~3\Recovery
2011-04-22 15:25:55 0 ----a-w- C:\Windows\ativpsrm.bin
2011-04-22 15:18:09 -------- d-----w- C:\Windows\Hewlett-Packard
2011-04-22 15:16:03 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2011-04-22 15:16:01 -------- d-----w- C:\Program Files\Broadcom
2011-04-22 15:15:03 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-04-22 15:13:49 -------- d-----w- C:\Program Files\Synaptics
2011-04-22 15:13:41 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2011-04-22 15:13:31 38456 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2011-04-22 15:13:30 -------- d-----w- C:\Program Files (x86)\AMD
2011-04-22 15:11:42 -------- d-----w- C:\Program Files\ATI
2011-04-22 15:11:39 -------- d-----w- C:\Program Files (x86)\ATI Technologies
.
==================== Find3M ====================
.
2011-04-23 06:20:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-23 06:20:41 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-22 15:34:34 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-04-22 15:34:34 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-18 10:56:44 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-18 05:43:28 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe
.
============= FINISH: 4:07:17.35 ===============

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:49 AM

Posted 14 May 2011 - 08:37 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:49 AM

Posted 19 May 2011 - 06:29 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users