don99anytime Posted February 17, 2010 ID:201459 Share Posted February 17, 2010 I would like to see if I have a key logger on my laptop?DDS (Ver_09-12-01.01) - NTFSx86 Run by Don Glascock at 0:14:40.06 on Wed 02/17/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1217 [GMT -6:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\Program Files\AVG\AVG9\avgchsvx.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\DellTPad\Apoint.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DellTPad\Apntex.exeC:\Program Files\DellTPad\HidFind.exesvchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\rpcnet.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Don Glascock\Desktop\keylogger\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.ca/uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.localuURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dlluURLSearchHooks: H - No FilemURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllBHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dllTB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileuRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /backgrounduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exemRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exemRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exemRun: [Apoint] c:\program files\delltpad\Apoint.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllDPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cabDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cabDPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.car-research.com/carinteractive/includes/ScriptX.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cabDPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://manheim.webex.com/client/T26L10NSP49EP8/webex/ieatgpc.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cabDPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5486/mcfscan.cabDPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllNotify: avgrsstarter - avgrsstx.dllNotify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dllNotify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dllNotify: igfxcui - igfxdev.dllNotify: LMIinit - LMIinit.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllLSA: Authentication Packages = msv1_0 wvauth nwprovauHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\docume~1\dongla~1\applic~1\mozilla\firefox\profiles\9hql6mqi.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=FF - prefs.js: browser.search.selectedEngine - Yahoo! SearchFF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dllFF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dllFF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dllFF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dllFF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dllFF - component: c:\program files\mozilla firefox\extensions\{ff704fc3-5ad0-a232-3ab5-3e42a54087f1}\components\p4-CgY8khR.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dllFF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dllFF - plugin: c:\program files\microsoft\office live\npOLW.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{ff704fc3-5ad0-a232-3ab5-3e42a54087f1}---- FIREFOX POLICIES ----FF - user.js: google.toolbar.linkdoctor.enabled - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-16 64160]R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-17 333192]R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-17 28424]R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-17 360584]R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2008-8-19 101528]R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-30 285392]R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-21 54752]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-19 47640]R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2008-8-19 24876]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-22 135664]S2 StudioPro;StudioPro webcam;c:\windows\system32\drivers\StudioPro.sys [2009-1-20 120320]S3 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-1-20 38784]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2008-6-2 29952]S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2008-6-2 41856]S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2008-6-2 39936]S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2008-6-2 59520]S3 tdidrv2;tdidrv2;\??\c:\windows\system32\tdidrv2.sys --> c:\windows\system32\tdidrv2.sys [?]S4 LMIRfsClientNP;LMIRfsClientNP; [x]=============== Created Last 30 ================2010-02-06 23:51:55 0 d-----w- c:\program files\Sun2010-02-06 23:51:46 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-02-01 23:38:36 0 d-----w- c:\program files\ESET2010-01-30 19:26:38 0 ----a-w- c:\documents and settings\don glascock\defogger_reenable==================== Find3M ====================2010-02-17 01:26:47 17408 ----a-w- c:\windows\system32\rpcnetp.exe2010-02-17 01:26:44 56680 ----a-w- c:\windows\system32\rpcnet.dll2010-02-06 23:51:31 411368 ----a-w- c:\windows\system32\deploytk.dll2010-01-31 16:02:26 96512 ------w- c:\windows\system32\drivers\atapi.sys2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe2009-12-18 13:05:43 634648 ------w- c:\windows\system32\dllcache\iexplore.exe2009-12-18 13:04:09 161792 ------w- c:\windows\system32\dllcache\ieakui.dll2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys2009-12-01 02:56:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\dllcache\msyuv.dll2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\dllcache\tsbyuv.dll2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\dllcache\iyuv_32.dll2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll2009-11-21 15:51:04 471552 ------w- c:\windows\system32\dllcache\aclayers.dll============= FINISH: 0:14:54.75 ===============ark.zipAttach.zip Link to post Share on other sites More sharing options...
Ltangelic Posted February 21, 2010 ID:203466 Share Posted February 21, 2010 Hey don99anytime,Welcome to Malwarebytes! I'm Ltangelic and I'll be helping you fix your computer problem.Before we proceed, here are some things that you can take note of so that the cleaning up process will be more smooth and efficient. Do not worry, the points below are not any form of rules, it's just a few pointers that can ensure that you will get the best help from me. To ensure that you are informed of the latest replies to your thread, you may like to right click on Options at the top right hand corner of this page and select "Subscribe to this forum". That way, you will be notified via email when a reply was posted to your thread. If you have any doubts or uncertainty about any part of my instructions, feel free to post on here and ask me about them. Please do NOT attempt to run any tools or do any fixing on your own unless I tell you to, this will avoid any confusion that can occur during the cleaning process. Furthermore, fixing malware problems without sufficient knowledge can be dangerous at times and you can mess up your own computer without knowing. Please do not PM me for malware removal assistance, any request for malware removal assistance should be posted in this thread only. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message to me on here. Please do not start multiple topics (especially when you are already being assisted by an authorised staff). All staff are volunteers on here, starting multiple topics will waste the limited resource of manpower we have here at Malwarebytes, and this can further hinder our ability to assist other users. Please be considerate and stick to one thread.I'm looking at your log now and will be back with a fix soon. Thanks for your patience and understanding. Link to post Share on other sites More sharing options...
Ltangelic Posted February 22, 2010 ID:204073 Share Posted February 22, 2010 Hey don99anytime,I don't see much in your log, let's do some scans to see what we can find. Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) (AVG anti-virus) as it/they may hinder the tools from running. Instructions is in the link below:http://www.bleepingcomputer.com/forums/topic114351.html1) Run ComboFixDownload ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.2) Run OTSTo ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.Download OTS to your DesktopClose ALL OTHER PROGRAMS.Double-click on OTS.exe to start the program.Check the box that says Scan All UsersUnder Additional Scans check the following:Reg - Shell SpawningFile - Lop CheckFile - Purity ScanEvnt - EvtViewer (last 10)[*]Under custom scans copy and paste the followingnetsvcs%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\*.* %ProgramFiles%\Movie Maker\*.dll%ALLUSERSAPPDATA%\*.dll%SYSTEMROOT%\*.tmp%PROGRAMFILES%\Internet Explorer\*.dll%DriveLetter%\RECYCLER\*S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d*.%systemroot%\system32\*.dll /lockedfiles/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.sys/md5stop%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfilesc:\$recycle.bin\*.* /sCREATERESTOREPOINT[*]Now click the Run Scan button on the toolbar.[*]Let it run unhindered until it finishes.[*]When the scan is complete Notepad will open with the report file loaded in it.[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Please attach the log in your next post.To attach a file, do the following:Click Add ReplyUnder the reply panel is the Attachments PanelBrowse for the attachment file you want to upload, then click the green Upload buttonOnce it has uploaded, click the Manage Current Attachments drop down boxClick on to insert the attachment into your postNext reply (please include in your post):ComboFix.txtOTS.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 3, 2010 ID:208955 Share Posted March 3, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts