Jump to content

MBAM has supposedly destroyed ZeroAccess on my PC ... or has it?


Recommended Posts

Hi guys,

Let me begin my tale of woe.

Early last week I opened the wrong email or something and a truckload of trojans and other nasties infected my computer because my AVG resident shield started going beserk. I ran MS Security Essentials and it supposedly killed a bunch of things but after I rebooted, MS Security Essentials had been nuked and simply wouldn't run!

I immediately ran MBAM (using database version 8356) and it cleared away a whole bunch of malware - 11 items altogether, I think. I did another scan later that same day and this time MBAM gave me a clean bill of health.

BUT, I thought, I'd better just updte MBAM's database and scan again ... just in case I was infected with a virus newer than MBAM database 8356. So I updated MBAM to database 8363, did a full system scan and lo and behold, this time MBAM detected 4 infected files with the worrying name Backdoor.0Access). I did some Googling ad was startled to see that I had become infected with one of the world's worst rootkits: ZeroAccess, a piece of malware that's almost impossible to eradicate.

After that scan, MBAM said ZeroAccess had been "Quarantined and deleted successfully." Not taking any chances, I decided to scan again. This time it found 3 files infected with ZeroAccess. I removed them, MBAM said "Quarantined and deleted successfully" and since then I've done about 3 more MBAM scans and they've all come up clean.

However, somewhere along the line, my internet access has been disabled. My local area connection icon is on and says I'm connected, but Firefox just won't browse to any websites. My Asus wi-fi netbook can access the 'net just fine, but not my desktop PC. I click "Repair" and I get the message "Windows could not finish repairing the problem because the following action cannot be completed: Failed to query TCP/IP settings of the connection. Cannot proceed." Also my Windows Firewall is disabled. I double click on it and it says "Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) service?" I click Yes and I get "Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service."

After all this, I have two questions:

1. Has ZeroAccess REALLY been wiped off my computer, or has it just hidden itself deeper in my OS where MBAM can't find it? By all accounts, this rootkit sounds EXTREMELY hard to eliminate, so I'm a little surprised that I managed to apparently zap it so "easily."

2. How on earth can I re-enable my internet connection?

My DDS log is below, and the other one is attached. Any help at all would be hugely appreciated.

.

DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_21

Run by Trav and Bec at 18:29:11 on 2011-12-19

Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3070.2736 [GMT 10:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\Explorer.EXE

.

============== Pseudo HJT Report ===============

.

uSearch Page = www.google.com

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll

BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdmcks.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll

TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear

uRun: [WinMem] c:\program files\wincleaner memory optimizer\WinMemOpt.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

uRun: [Wbozuruboh] rundll32.exe "c:\windows\isprstk.dll",Startup

uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe

mRun: [WinFast Schedule] c:\program files\winfast\wftvfm\WFWIZ.exe

mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTuner.exe" /S

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRunOnce: [wextract_cleanup0] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\travan~1\locals~1\temp\ixp000.tmp\"

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\travan~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\fortem~1.lnk - c:\program files\lg soft india\fortemanager\bin\Monitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wintvr~1.lnk - c:\program files\wintv\wintv7\WinTVTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm

IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm

IE: Download using FlashGet - c:\program files\flashget\jc_link.htm

IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - e:\lotus\org6\organize\bandobjs.dll

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: WRNotifier - WRLogonNTF.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\trav and bec\application data\mozilla\firefox\profiles\i1piewl7.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2007-3-23 15172]

R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2010-1-3 902432]

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2008-10-28 27704]

S0 ysidtrq;ysidtrq; [x]

S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-25 11608]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-29 335240]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-1-20 27784]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-29 108552]

S1 cesyhmbe;cesyhmbe;\??\c:\windows\system32\drivers\cesyhmbe.sys --> c:\windows\system32\drivers\cesyhmbe.sys [?]

S1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;c:\windows\system32\drivers\dcxxmjpg.sys --> c:\windows\system32\drivers\DCxxMJPG.sys [?]

S1 fbqnbhzf;fbqnbhzf;\??\c:\windows\system32\drivers\fbqnbhzf.sys --> c:\windows\system32\drivers\fbqnbhzf.sys [?]

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

S1 pqcbyqes;pqcbyqes;\??\c:\windows\system32\drivers\pqcbyqes.sys --> c:\windows\system32\drivers\pqcbyqes.sys [?]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-8-19 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-8-19 67656]

S1 whqncgqe;whqncgqe;\??\c:\windows\system32\drivers\whqncgqe.sys --> c:\windows\system32\drivers\whqncgqe.sys [?]

S2 a2free;a-squared Free Service;"c:\program files\a-squared free\a2service.exe" --> c:\program files\a-squared free\a2service.exe [?]

S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-1-3 2326920]

S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\astsrv.exe --> c:\windows\system32\ASTSRV.EXE [?]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-11 902284]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-11 289100]

S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-25 56816]

S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2008-4-22 59776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-19 130560]

S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]

S2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\tvserver\HAUPPA~1.EXE [2010-7-10 431824]

S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2007-4-23 17432]

S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-20 63372]

S2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\drivers\p1c1394.sys --> c:\windows\system32\drivers\p1c1394.sys [?]

S2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2008-4-11 14976]

S2 SVKP;SVKP;\??\c:\windows\system32\svkp.sys --> c:\windows\system32\SVKP.sys [?]

S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2009-3-1 66944]

S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2008-4-22 19456]

S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [2008-4-22 9600]

S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-1-3 159168]

S3 ALSysIO;ALSysIO;\??\c:\docume~1\travan~1\locals~1\temp\alsysio.sys --> c:\docume~1\travan~1\locals~1\temp\ALSysIO.sys [?]

S3 AvsBluebird;FusionHDTV USB, AVStream Capture;c:\windows\system32\drivers\bluebird2.sys [2006-2-26 329344]

S3 cpuz130;cpuz130;\??\c:\docume~1\travan~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\travan~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-19 130560]

S3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys [2010-2-19 49152]

S3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2010-7-26 14336]

S3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2010-7-26 18432]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-5-21 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-5-21 8320]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-8-19 12872]

S3 USBAV191;Instant VideoXpress;c:\windows\system32\drivers\USBAV191.SYS [2006-9-28 120128]

S3 WFIOCTL;WFIOCTL;c:\program files\winfast\wfdtv\WFIOCTL.sys [2008-4-15 9446]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

regfile=regedit.exe "%1" %*

scrfile="%1" %*

.

=============== Created Last 30 ================

.

2011-12-19 08:10:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-18 02:51:26 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2011-12-18 02:51:23 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2011-12-18 02:51:19 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2011-12-18 02:51:15 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2011-12-18 02:51:11 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2011-12-18 02:50:19 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe

2011-12-18 02:50:15 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys

2011-12-18 02:50:14 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys

2011-12-18 02:50:11 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2011-12-18 02:50:11 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys

2011-12-18 02:50:02 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys

2011-12-18 02:50:01 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys

2011-12-18 02:48:58 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys

2011-12-18 02:47:57 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll

2011-12-18 02:46:56 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys

2011-12-18 02:45:59 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll

2011-12-18 02:44:58 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys

2011-12-18 02:43:57 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys

2011-12-18 02:42:57 17280 ----a-w- c:\windows\system32\dllcache\scr111.sys

2011-12-18 02:41:59 82432 ----a-w- c:\windows\system32\dllcache\rwia450.dll

2011-12-18 02:40:57 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys

2011-12-18 02:39:59 86016 ----a-w- c:\windows\system32\dllcache\pctspk.exe

2011-12-18 02:38:57 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys

2011-12-18 02:37:58 33088 ----a-w- c:\windows\system32\dllcache\n9i128v2.sys

2011-12-18 02:36:49 7680 ----a-w- c:\windows\system32\dllcache\migregdb.exe

2011-12-18 02:35:58 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys

2011-12-18 02:34:59 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys

2011-12-18 02:33:58 28700 ----a-w- c:\windows\system32\dllcache\ibmexmp.sys

2011-12-18 02:32:59 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll

2011-12-18 02:31:58 444416 ----a-w- c:\windows\system32\dllcache\fpcibase.sys

2011-12-18 02:30:59 18503 ----a-w- c:\windows\system32\dllcache\epro4.sys

2011-12-18 02:29:59 91305 ----a-w- c:\windows\system32\dllcache\dimaint.sys

2011-12-18 02:28:59 111872 ----a-w- c:\windows\system32\dllcache\cwcspud.sys

2011-12-18 02:27:57 18944 ----a-w- c:\windows\system32\dllcache\bthusb.sys

2011-12-18 02:26:59 45056 ----a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll

2011-12-18 02:02:09 -------- d-----w- c:\program files\Tweaking.com

2011-12-12 21:41:23 -------- d-----w- c:\documents and settings\trav and bec\local settings\application data\PCHealth

2011-12-12 21:36:50 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee2d4258-2eeb-4e33-b053-08b13b7bd9bc}\offreg.dll

2011-12-12 21:36:33 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee2d4258-2eeb-4e33-b053-08b13b7bd9bc}\mpengine.dll

2011-12-12 21:33:24 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-12-12 14:49:05 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-12-12 14:49:05 215920 ----a-w- c:\windows\system32\muweb.dll

2011-12-12 14:49:05 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2011-12-12 14:22:19 21728 ----a-w- c:\windows\system32\wucltui.dll.mui

2011-12-12 14:22:19 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui

2011-12-12 14:22:19 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2011-12-12 14:22:19 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-12-12 14:16:14 -------- d-----w- c:\program files\Microsoft Security Client

2011-12-12 12:54:34 -------- d-----w- c:\documents and settings\trav and bec\application data\WinPatrol

2011-12-12 12:53:34 -------- d-----w- c:\program files\BillP Studios

2011-12-12 12:53:33 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2011-12-12 10:58:17 -------- d-sh--w- c:\documents and settings\trav and bec\local settings\application data\4380657d

2011-12-12 08:48:16 -------- d-----w- c:\documents and settings\trav and bec\application data\River Past G5

2011-12-12 08:48:16 -------- d-----w- c:\documents and settings\all users\application data\River Past G5

2011-12-11 21:46:01 -------- d-----w- c:\program files\FLAC

2011-12-09 06:34:26 1409 ----a-w- c:\windows\QTFont.for

.

==================== Find3M ====================

.

2011-11-24 20:52:02 73 ----a-w- c:\windows\system32\ssprs.dll

2011-11-24 20:52:02 205 ----a-w- c:\windows\system32\lsprst7.dll

2011-09-26 03:39:04 4073472 ----a-w- c:\windows\system32\ColoristaRenderer.dll

2011-09-20 21:01:46 4070912 ----a-w- c:\windows\system32\PhotoLooksRenderer.dll

2006-10-06 05:54:40 114688 ----a-w- c:\program files\FixVTS.exe

.

============= FINISH: 18:30:52.85 ===============

attach.txt

Link to post
Share on other sites

  • 1 month later...

Hello,

Would you advise if you have resolved your issues or if you have sought help elsewhere?

If not resolved and you are not already seeking help elsewhere, I'd like for you to rerun a new (fresh) DDS and Copy & Paste the DDS.txt into a new reply.

Anyone other than original-poster who has similar issues, do not reply here. Start your own topic.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.