Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Rootkit


  • This topic is locked This topic is locked
3 replies to this topic

#1 jr1948

jr1948

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 10 May 2011 - 07:24 AM

First of all - when all this started I'd never even heard of Bleeping Computers and so I might have done a few things I shouldn't have.

Anyway, this computer belongs to my son and he brought it to me after getting into trouble which left him with a useless computer.

After logging on, the desktop was blank except for one icon(I forgot the name) and the ability to start the task manager was disabled. I

rebooted in command mode and ran 'attrib -h *.* /S' from C:\ to discover that everything was still there though hidden. I rebooted with

the Windows GUI and the desktop was back. From Run I could start Regedit and fix the task manager problem.

After that I installed and ran just about every tool I could think of and knew to be trustworthy, both antivirus and malware. I guess

most of this show up in the logs. The original antivirus protection is Panda but I also tried MS's Security Essentials which now is

disabled. Hopefully they won't interfere that way.

By using the tools mentioned above I managed to fix most problems except for the most important one. I've got a rootkit. How do I know? I

can not run TDSSKiller in the original OS but if I boot from my BartPE CD I can start TDSSKiller, even does it create a logfile if I use

the -l option to RAM disk or USB disk. Then an error message 'Can't load driver' at 40%.

Gmer runs just fine and produces a log. Unfortunately my knowledge is way below the level needed to interpret the results. Hope you can

help me and also I hope I've managed to explain things in a way that is sufficient. English is not my native language - sorry.

Finally - with irregular intervals(within one to twelve hours) IE (auto)starts ad windows with ads for (mainly) casino sites. Again, hope

you can help. I am out of ideas...

The DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Michael Rickard at 22:11:02,56 on 2011-05-09
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.5.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2026.1110 [GMT 2:00]
.
AV: Panda Security for Desktops *Enabled/Updated* {208F4477-D1F0-411A-8D21-0367EC0D3D43}
AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program\Panda Software\AVTC\PavSrvX86.exe
C:\Program\Panda Software\AVTC\AVENGINE.EXE
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Intel\AMT\LMS.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\Panda Software\AVTC\PsCtrlS.exe
C:\Program\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
C:\Program\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Program\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program\Panda Software\AVTC\PSKMsSvc.exe
C:\Program\Panda Software\AVTC\PSCtrlC.exe
C:\Program\Panda Software\AVTC\PsImSvc.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Delade filer\Intel\WirelessCommon\RegSrvc.exe
C:\Program\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Delade filer\Intel\Privacy Icon\UNS\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Utils\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
mDefault_Page_URL = hxxp://lenovo.live.com
BHO: AutorunsDisabled - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot~1\SDHelper.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program\canon\easy-webprint ex\ewpexhlp.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program\synaptics\syntp\SynTPEnh.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [FingerPrintSoftware] "c:\program\lenovo fingerprint software\fpapp.exe" \s
mRun: [CameraApplicationLauncher] c:\program\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe
mRun: [Panda Controller Client] "c:\program\panda software\avtc\PSCtrlC.exe"
mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program\windows defender\MSASCui.exe" -hide
mRun: [MSC] "c:\program\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AutorunsDisabled - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\program\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli ACGina
IFEO: AutorunsDisabled -
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-25 64512]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\Shldrv51.sys [2010-9-1 41144]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2010-9-1 51208]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-26 1676536]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2011-4-19 2146496]
R2 Panda Software Controller;Panda Software Controller;c:\program\panda software\avtc\PSCtrlS.exe [2010-9-1 383232]
R2 PAVAGENTE;Panda AdminSecure Communications Agent;c:\program\panda software\panda administrator 3\pav_agent\Pagent.exe [2010-9-1 435456]
R2 PavAtScheduler;Panda AdminSecure Scheduler;c:\program\panda software\panda administrator 3\scheduler\pavsched.exe [2010-9-1 255232]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2010-9-1 174344]
R2 PavPrSrv;Panda Process Protection Service;c:\program\delade filer\panda software\pavshld\PavPrSrv.exe [2010-9-1 62768]
R2 PavSrv;Panda Antivirus Service;c:\program\panda software\avtc\pavsrvx86.exe [2010-9-1 183040]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program\delade filer\intel\privacy icon\uns\UNS.exe [2009-8-4 2058776]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2009-8-4 72448]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-8-4 482176]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-8-4 243856]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 WinDefend;Windows Defender;c:\program\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-10-26 118784]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-11-9 100736]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program\lavasoft\ad-aware\kernexplorer.sys [2011-4-19 15232]
S3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\drivers\lnvobus.sys [2009-8-4 302464]
S3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\drivers\lnvocard.sys [2009-8-4 378496]
S3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\lnvogps.sys [2009-8-4 76328]
S3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\lnvomdfl.sys [2009-8-4 15104]
S3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\drivers\lnvomdfl2.sys [2009-8-4 15104]
S3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\lnvomdm.sys [2009-8-4 387072]
S3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\drivers\lnvomdm2.sys [2009-8-4 431488]
S3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\drivers\lnvond5.sys [2009-8-4 25984]
S3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\drivers\lnvounic.sys [2009-8-4 402944]
S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [2009-8-9 18560]
S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [2009-8-9 25344]
S3 PavReport;Panda Antivirus Report Service;c:\program\panda software\panda administrator 3\pavreport\PavReport.exe [2010-9-1 926976]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2010-5-7 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2010-5-7 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2010-5-7 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2010-5-7 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2010-5-7 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2010-5-7 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2010-5-7 109736]
S3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\lnvoscard.sys [2009-8-4 24232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-17 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-26 106496]
S4 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\admini~1\lokala~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\admini~1\lokala~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S4 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-6-25 135664]
S4 gupdatem;Tjänsten Google Update (gupdatem);c:\program\google\update\GoogleUpdate.exe [2010-6-25 135664]
S4 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-5-7 90112]
S4 PDFProFiltSrv;PDFProFiltSrv;c:\program\nuance\pdf professional 5\PDFProFiltSrv.exe [2008-2-2 144672]
S4 Power Manager DBC Service;Power Manager DBC Service;c:\program\thinkpad\utilities\PWMDBSVC.exe [2009-8-4 94208]
S4 RoxMediaDB10;RoxMediaDB10;c:\program\delade filer\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S4 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S4 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S4 TVT Backup Protection Service;TVT Backup Protection Service;c:\program\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
S4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
.
=============== Created Last 30 ================
.
2011-05-08 07:49:20 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{dab17d6d-fcc9-4eef-8084-61d437891521}\mpengine.dll
2011-05-03 06:13:30 -------- d-----w- c:\program\Exterminate It!
2011-05-02 09:57:46 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-05-01 09:51:29 -------- d-----w- c:\program\Microsoft Security Client
2011-04-30 22:10:22 -------- d-----w- c:\docume~1\michae~1.ds\applic~1\Malwarebytes
2011-04-30 22:09:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 22:09:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-30 22:09:23 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2011-04-29 16:50:38 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{5f3db495-0d86-48cf-b913-9298b9fd7f27}\mpengine.dll
2011-04-28 08:55:03 -------- d-----w- C:\Utils
2011-04-27 19:44:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2011-04-27 19:44:13 -------- d-----w- c:\program\Security Task Manager
2011-04-27 18:27:52 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-04-27 18:27:49 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-27 08:25:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-04-27 00:54:38 -------- d-----w- c:\docume~1\michae~1.ds\applic~1\f-secure
2011-04-26 16:58:57 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-04-26 16:57:58 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2011-04-26 16:56:59 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2011-04-26 16:55:58 17024 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2011-04-26 16:54:59 30208 ----a-w- c:\windows\system32\dllcache\sm87w.dll
2011-04-26 16:53:58 24064 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2011-04-26 16:52:59 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-04-26 16:51:59 35328 ----a-w- c:\windows\system32\dllcache\pcntpci5.sys
2011-04-26 16:50:58 9472 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-04-26 16:49:59 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-04-26 16:48:58 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-04-26 16:47:58 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-04-26 16:46:59 32768 ----a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2011-04-26 16:45:59 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2011-04-26 16:44:59 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys
2011-04-26 16:43:59 272640 ----a-w- c:\windows\system32\dllcache\cinemclc.sys
2011-04-26 16:42:59 98304 ----a-w- c:\windows\system32\dllcache\a3d.dll
2011-04-26 14:45:56 -------- d-----w- c:\docume~1\michae~1.ds\applic~1\Windows Search
2011-04-26 11:29:38 -------- d-----w- c:\documents and settings\michael rickard.ds\Tracing
2011-04-26 11:28:25 -------- d-----w- c:\program\Microsoft
2011-04-26 11:28:09 -------- d-----w- c:\program\Windows Live SkyDrive
2011-04-26 11:25:14 -------- d-----w- c:\program\delade filer\Windows Live
2011-04-26 11:23:55 -------- d-----w- c:\windows\system32\winrm
2011-04-26 11:23:51 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-04-26 11:23:20 -------- d-----w- c:\docume~1\michae~1.ds\lokala~1\applic~1\Identities
2011-04-26 11:23:17 -------- d-----w- c:\docume~1\michae~1.ds\applic~1\Windows Desktop Search
2011-04-26 11:22:50 -------- d-----w- c:\program\Windows Desktop Search
2011-04-25 15:27:09 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-25 11:13:30 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-25 11:13:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-25 11:12:48 -------- d-----w- c:\docume~1\michae~1.ds\lokala~1\applic~1\Sunbelt Software
2011-04-25 11:12:21 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
2011-04-25 11:12:02 -------- d-----w- c:\program\Lavasoft
2011-04-19 15:54:34 -------- d-----w- c:\program\iPod
2011-04-19 15:51:09 -------- d-----w- c:\program\Bonjour
2011-04-17 20:10:35 -------- d-----w- c:\program\Spybot - Search & Destroy
2011-04-17 20:10:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-17 19:15:37 -------- d-----w- c:\program\Panda Security
2011-04-14 14:53:14 -------- d-----w- C:\7c4e64ac1960eb0bc6151d3e46
2011-04-14 01:39:02 103864 ----a-w- c:\program\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-04-06 14:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-11 14:10:39 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-07 05:33:37 692736 ------w- c:\windows\system32\inetcomm.dll
2011-03-04 06:44:13 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:40 1857920 ------w- c:\windows\system32\win32k.sys
2011-02-17 18:55:58 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 18:55:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 18:55:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 12:54:07 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44:30 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:54:03 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:54:03 186880 ------w- c:\windows\system32\encdec.dll
.
============= FINISH: 22:13:16,28 ===============

Attached Files


/jr

BC AdBot (Login to Remove)

 


#2 jr1948

jr1948
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 17 May 2011 - 10:42 AM

Sorry - needed the machine urgently. Forced to reinstall. Please close...
/jr

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:46 PM

Posted 17 May 2011 - 10:45 AM

Hello!

Sorry about the delay! We've been extremely swamped lately.

We appreciate you letting us know that you performed a reformat and re-install.

Please take good care.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:46 PM

Posted 17 May 2011 - 10:46 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users