Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page something not so nice
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 07-02-2009, 08:21 AM   #1 (permalink)
Registered User
 
a_ross84's Avatar
 
Join Date: Jan 2009
Location: Doncaster
Posts: 14
OS: Windows Vista Home Premium 32 bit


Send a message via MSN to a_ross84
something not so nice
Some how, the other day i managed to pick sometihng up that doesnt want to leave. Not sure what it is but it is giving me a constant upload speed of around 650 - 700 Kbs which nearly my complete upload speed.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Andrew at 15:15:54.11 on 02/07/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1722 [GMT 1:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\isposure\IsposureAgent.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Andrew\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://search.live.com
uStart Page = hxxp://www.bbc.co.uk/?ok
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [LphantAutoRun] c:\program files\bitlord2\BitLord.exe
uRun: [MoeMonitor.exe] "c:\users\andrew\appdata\local\microsoft\live mesh\bin\servicing\0.9.4014.4\MoeMonitor.exe"
uRun: [BitComet] "c:\program files\bitlord\BitLord.exe"
uRun: [Gbridge] "c:\program files\gbridge llc\gbridge\pstartw.exe" "c:\program files\gbridge llc\gbridge\Gbridge.exe" -autostart
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [tbbMeter] c:\program files\thinkbroadband.com\tbbmeter\tbbmeter.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
StartupFolder: c:\users\andrew\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\andrew\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: bmnet.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\xdx67i98.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/?ok
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\xdx67i98.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.40115.0\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\andrew\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2007-9-19 41456]
R2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\drivers\avwebcam.sys [2009-3-17 215552]
R2 isposure_svc;IsposureAgent;c:\program files\isposure\IsposureAgent.exe [2008-10-23 733184]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-24 935208]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-3-22 24936]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 WebCamHelper;WebCamHelper;c:\progra~1\avwebc~1\WebCamHelper.sys [2009-3-17 2688]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\live mesh\remote desktop\wlcrasvc.exe [2009-6-24 44880]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [2009-5-10 41216]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 468480]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2009-6-24 9040]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-30 33752]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\RpcAgentSrv.exe [2009-5-20 98488]

=============== Created Last 30 ================

2009-07-02 13:42 <DIR> --d----- C:\Kontiki
2009-07-02 10:19 <DIR> --d----- c:\program files\Trend Micro
2009-07-01 19:12 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-07-01 19:09 <DIR> --d----- c:\users\andrew\.housecall6.6
2009-06-30 17:15 107 a------- c:\windows\Gbridge.INI
2009-06-30 14:25 <DIR> --d----- c:\users\andrew\appdata\roaming\Gbridge
2009-06-30 14:25 <DIR> --d----- c:\program files\Gbridge LLC
2009-06-25 17:45 67 a------- c:\windows\Easy DVD Creator.INI
2009-06-25 17:44 <DIR> --d----- c:\program files\Easy DVD Creator
2009-06-25 14:58 <DIR> --d----- c:\program files\Easy CD & DVD Cover Creator
2009-06-24 15:17 118,720 a------- c:\windows\system32\rdpdispd.dll
2009-06-24 15:17 9,040 a------- c:\windows\system32\drivers\rdpdispm.sys
2009-06-24 15:16 <DIR> --d----- c:\program files\Live Mesh
2009-06-19 09:07 <DIR> --d----- c:\program files\BitLord
2009-06-13 07:59 <DIR> --d----- c:\users\andrew\appdata\roaming\IMVU
2009-06-13 07:58 <DIR> --d----- c:\users\andrew\appdata\roaming\IMVUClient
2009-06-11 20:12 37,440 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-06-11 20:12 91,200 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-06-11 20:12 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-06-11 20:12 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-06-11 19:37 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-06-11 19:17 <DIR> --d----- c:\program files\Mozilla Firefox 3.5 Beta 4
2009-06-10 09:58 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-10 09:54 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-09 06:38 <DIR> --dsh--- C:\Boot
2009-06-08 21:39 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-06-08 20:38 250,032 a--shr-- C:\ntldr
2009-06-08 20:04 2 -------- C:\$UpgDrv$
2009-06-08 19:24 <DIR> --d----- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-06-08 19:20 1,890 a------- c:\windows\diagwrn.xml
2009-06-08 19:20 1,890 a------- c:\windows\diagerr.xml

==================== Find3M ====================

2009-06-30 14:25 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-30 14:25 51,200 a------- c:\windows\inf\infpub.dat
2009-06-30 14:25 86,016 a------- c:\windows\inf\infstor.dat
2009-06-09 08:21 87,608 a------- c:\users\andrew\appdata\roaming\inst.exe
2009-06-09 08:21 47,360 a------- c:\users\andrew\appdata\roaming\pcouffin.sys
2009-05-28 03:14 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-21 11:17 724,992 a------- c:\windows\iun6002.exe
2009-05-10 18:46 41,216 a------- c:\windows\system32\drivers\gbridge.sys
2009-05-09 06:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 06:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-23 13:14 623,616 a------- c:\windows\system32\localspl.dll
2009-04-11 07:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 07:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 07:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 07:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-11 07:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-11 07:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-11 07:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-11 07:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-11 07:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-11 07:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-11 07:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-11 07:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-11 07:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-11 07:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 07:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 07:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 06:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 06:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 05:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-11 05:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-11 05:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-11 05:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-11 05:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-11 05:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-11 02:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-01-08 12:16 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-07-02 15:16 262,144 a--sh--- c:\windows\serviceprofiles\networkservice\NTUSER.DAT

============= FINISH: 15:16:32.58 ===============


attached are all the logs.

any help would be appreciated
Attached Files
File Type: zip Attach.zip (3.5 KB, 0 views)
a_ross84 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 07-27-2009, 07:00 AM   #2 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,463
OS: XP SP3


Re: something not so nice
Hello and welcome to TSF.

Apologies for the long delay in response. Since it has been a while you posted, if you still require assistance, please provide us with a new set of logs in a new topic as this one shall be closed.

New Instructions - Read This Before Posting for Malware Removal Help
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:02 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85