Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter #1
Hello there!

I am a first time user here at Tech Support Forum. I've come because I need help in cleaning up my infected computer. I used SUPERAntiSpyware to scan the computer and it appears to be infected with several trojans and malware programs. I tried to fix it, but they just keep coming back. When I first turn on my computer, it boots up and then it opens the My Documets folder without me doing anything. Also, every once in a while there's an error about HOSTS and svchost and that they need to close. I've noticed my computer a tad slower so I'm a bit concerned.

If you guys can help me I'd be forever grateful.

Thank you!

=====================================


DDS (Ver_10-03-17.01) - NTFSx86
Run by Hector at 15:26:33.52 on Thu 08/12/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.897 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBDBMgrN10.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Pcsx2\pcsx2 0.9.6.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Hector\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Skype] "c:\users\hector\appdata\roaming\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Semagic - c:\program files\semagic\link.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - c:\program files\common files\intuit\quickbooks\QBPOSProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\hector\appdata\roaming\mozilla\firefox\profiles\2w3de38r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\nbc direct\npDirectPlayerMozilla.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\hector\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\hector\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\hector\appdata\roaming\idm\bin\flash\platform\winnt\plugins\npidmdcp.dll
FF - plugin: c:\users\hector\appdata\roaming\mozilla\firefox\profiles\2w3de38r.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\hector\appdata\roaming\mozilla\firefox\profiles\2w3de38r.default\extensions\[email protected]
networks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000005.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-8-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 67656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-3 172032]
R2 Intuit Entitlement Service v6.0;Intuit Entitlement Service v6.0;c:\program files\common files\intuit\entitlement client\v6.0\server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2009-6-2 20480]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-11-9 90112]
R2 QBPOSDBServiceV9;QBPOS Database Manager v9;c:\program files\intuit\quickbooks point of sale 9.0\databaseserver\QBPOSDBService.exe [2009-9-1 2735480]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-4-13 14976]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-3-3 5340160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-3-2 152064]
R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-11-9 27632]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-8-6 27320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 RTCore32;RTCore32;c:\program files\msi afterburner\RTCore32.sys [2009-11-11 12088]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2009-5-5 124256]

=============== Created Last 30 ================

2010-08-12 16:46:24 0 d-----w- C:\$RECYCLE.BIN
2010-08-12 16:20:52 98816 ----a-w- c:\windows\sed.exe
2010-08-12 16:20:52 77312 ----a-w- c:\windows\MBR.exe
2010-08-12 16:20:52 256512 ----a-w- c:\windows\PEV.exe
2010-08-12 16:20:52 161792 ----a-w- c:\windows\SWREG.exe
2010-08-12 16:18:54 0 d-----w- C:\Combo-Fix
2010-08-12 14:52:38 627712 ----a-w- c:\windows\system32\uuuuuuuuuu
2010-08-12 14:45:36 627712 ----a-w- c:\windows\system32\qqqqqqqqq
2010-08-12 14:00:09 627712 ----a-w- c:\windows\system32\ffffff
2010-08-12 13:58:56 627712 ----a-w- c:\windows\system32\aaaa
2010-08-12 13:57:52 627712 ----a-w- c:\windows\system32\oooooooo
2010-08-12 13:47:16 627712 ----a-w- c:\windows\system32\ddddd
2010-08-12 13:47:16 627712 ----a-w- c:\windows\system32\cccc
2010-08-12 12:34:14 627712 ----a-w- c:\windows\system32\yyyyyyyyyyyy
2010-08-12 12:17:00 627712 ----a-w- c:\windows\system32\uuuuuuuuuuu
2010-08-12 12:14:56 627712 ----a-w- c:\windows\system32\lllllll
2010-08-12 12:14:56 627712 ----a-w- c:\windows\system32\kkkkkkk
2010-08-12 12:04:01 627712 ----a-w- c:\windows\system32\bbbb
2010-08-12 12:02:52 627712 ----a-w- c:\windows\system32\fffff
2010-08-12 12:01:12 627712 ----a-w- c:\windows\system32\gggggg
2010-08-12 12:00:25 627712 ----a-w- c:\windows\system32\ooooooooo
2010-08-11 23:33:55 0 d-----w- c:\programdata\Office Genuine Advantage
2010-08-11 23:33:34 627712 ----a-w- c:\windows\system32\mmmmmmmm
2010-08-11 23:01:07 206 ----a-w- c:\windows\system32\MRT.INI
2010-08-11 22:55:10 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 22:55:10 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 22:50:17 15819776 ----a-w- c:\windows\system32\imageres.dll
2010-08-11 19:57:02 627712 ----a-w- c:\windows\system32\rrrrrrrrrr
2010-08-11 13:36:11 627712 ----a-w- c:\windows\system32\zzzzzzzzzzzz
2010-08-11 12:24:09 0 d-----w- c:\users\hector\appdata\roaming\Daily Bible and Prayer 2
2010-08-04 01:47:23 163049067 ----a-w- c:\windows\MEMORY.DMP
2010-07-30 23:47:56 0 d--h--w- c:\windows\msdownld.tmp
2010-07-30 23:47:03 0 d-----w- c:\program files\PCSX2 0.9.7
2010-07-20 22:40:58 0 d-----w- C:\VEMODE_VIDEOS
2010-07-20 21:31:21 0 d-----w- c:\program files\AviSynth 2.5
2010-07-20 21:31:17 57344 ----a-w- c:\windows\SSEUninstaller.exe
2010-07-20 21:31:17 0 d-----w- c:\program files\VEMoDe 1.2b
2010-07-20 21:31:11 44544 ----a-w- c:\windows\system32\Gif89.dll
2010-07-20 21:31:11 32768 ----a-w- c:\windows\system32\ShellLnkSSE.dll
2010-07-20 21:27:37 0 d-----w- c:\users\hector\appdata\roaming\Engelmann Media
2010-07-20 21:26:08 0 d-----w- c:\programdata\Engelmann Media
2010-07-20 21:25:58 0 d-----w- c:\program files\Engelmann Media
2010-07-20 21:25:57 0 d-----w- c:\program files\common files\HDX4
2010-07-18 22:33:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2010-07-18 22:09:02 0 d-----w- c:\users\hector\appdata\roaming\Teleca
2010-07-18 22:08:16 0 d-----w- c:\programdata\HTC
2010-07-18 22:08:14 0 d-----w- c:\programdata\Teleca
2010-07-18 22:08:14 0 d-----w- c:\program files\common files\Teleca Shared
2010-07-18 22:06:35 0 d-----w- c:\program files\Spirent Communications
2010-07-18 22:06:14 0 d-----w- c:\program files\HTC
2010-07-18 22:04:53 0 d-----w- c:\windows\Downloaded Installations
2010-07-16 12:16:52 90112 ----a-w- c:\windows\system32\ccrpTmr6.dll
2010-07-16 12:16:52 0 d-----w- c:\program files\Cool Timer

==================== Find3M ====================

2010-07-18 22:09:43 86016 ----a-w- c:\windows\inf\infpub.dat
2010-07-18 22:09:43 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-18 22:09:43 143360 ----a-w- c:\windows\inf\infstor.dat
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37:03 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31:29 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-16 16:04:57 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16:20 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15:06 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35:04 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35:03 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-06 17:49:28 25864 ----a-w- c:\windows\fonts\BlackInitialText.ttf
2010-06-06 17:26:52 141916 ----a-w- c:\windows\fonts\VTKS LowRider.ttf
2010-06-06 17:26:38 214092 ----a-w- c:\windows\fonts\VTKS LowRiderBox.ttf
2010-06-06 17:16:42 193112 ----a-w- c:\windows\fonts\VTKS Tattoo Shadow.ttf
2010-06-06 17:16:28 49880 ----a-w- c:\windows\fonts\VTKS Tattoo.ttf
2010-06-06 17:11:30 143708 ----a-w- c:\windows\fonts\Vtks Victory.ttf
2010-06-02 08:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 08:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 20:08:17 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 15:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 15:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 15:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 15:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 15:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 11:29:30 20324 ----a-w- c:\windows\fonts\Commodore Pixelized v1.2.ttf
2010-05-16 23:08:10 187252 ----a-w- c:\windows\fonts\WestBalaio.ttf
2010-05-16 22:57:44 1463968 ----a-w- c:\windows\fonts\IntellectaCrowns.ttf
2010-02-01 16:38:00 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:41:56 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-08-16 18:59:09 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-16 19:09:01 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.
dat
2009-08-16 19:09:01 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-08-16 19:09:01 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-08-16 19:09:01 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 15:27:15.76 ===============
 

Attachments

·
Registered
Joined
·
553 Posts
Hello and welcome to Tech Support Forum.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


1. Rerun DDS and post the fresh DDS and Attach.txt logs in your next post/reply.

2. Delete GMER.exe off of your Computer, then follow the instructions below:

Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.
 

·
Registered
Joined
·
553 Posts
1 - 4 of 4 Posts
Status
Not open for further replies.
Top