Jump to content

Recommended Posts

Ok, so here is my problem. I believe that I downloaded something bad when I unzipped a subtitles files that turned out to not be what it was supposed to be. Within 24 hours I was getting popups when I wasn't even doing anything on my browser, I couldn't log into my gmail account without it freezing up. I ran malwarebytes and my AVG anti-virus software, it told me some things were infected, I removed them, restarted my computer and thought everything was ok. My husband was on a little later just roaming ebay, not actually doing anything, and the blue screen of death came up saying something about a PRAGMad.sys is causing all the problems. I went in under safe mode, and went looking for this program. I couldn't find it. I went to a few websites and followed instructions on how to remove this.. whatever this is affecting my system. I downloaded a Combofix program, and it found the items and deleted them, but when I restarted in normal mode, I got the blue screen again. I downloaded a TDSS killer program, and that says that there is nothing there, it's all clean. So I ran malwarebytes again, and it keeps coming up with a fake trogan and something in the registry, but everytime I go to remove it and restart, I keep getting a Windows Security Alert program popping up. I have had no problems in the past removing this program, but when I try to do anything with this, like even just move the window around on the desktop, my system freezes and I get the blue screen again with the same message about pragmad.sys. I followed the directions from the pinned topics on this forum, and I have my malwarebytes log, and the DDS.txt file and also the Attach.txt file if someone was needing it. The only thing I do not have is the GMAR file, I let the program run for over an hour and a half and it didn't stop, so I didnt know if this was normal, or if I'm supposed to stop it or what. The directions were kinda vague on what to do if it DOESN'T say something about rootkits. So I will post my DDS file here in the thread, and hopefully someone can help me remove this from my system. I only have my one computer, so I'm having to do everything in safe mode right now, including my limited networking. I'm really just kinda at a loss as to how to get this program off my system. I want to thank anyone in advance also who helps me get this back up and running, as this is a huge system, controlling my home business and also my family items that we all use, and copying over 300 Gig of harddrive to cd's to rewrite the drive does not sound like fun.

Lisa M.

Link to post
Share on other sites

Here is my DDS.txt file that was made with the DDS program:

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK

Run by Lisa at 22:42:36.34 on Mon 05/10/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1723 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Lisa\My Documents\remove pragmad info\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=C1E3A24001CAD602015D9103&src_id=11567&camp_id=93&tb_version=2.5.9000.490

uURLSearchHooks: H - No File

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

TB: i5 Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\i5\tbcore3.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [bqjwonav] c:\documents and settings\lisa\local settings\application data\nexfypicu\xnjeiwwtssd.exe

uRun: [napstatxt.exe] c:\docume~1\lisa\locals~1\temp\napstatxt.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [nwiz] nwiz.exe /install

mRun: [Motive SmartBridge] c:\progra~1\virtua~1\smartb~1\SprintDSLAlert.exe

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [barbieGirlsTray] c:\program files\mattel\barbie girls\Mattel.BarbieGirls.Tray.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\docume~1\lisa\startm~1\programs\startup\highro~1.lnk - c:\documents and settings\lisa\my documents\downloads\HighRollerNotifier.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embarq~1.lnk - c:\program files\virtual assistant\bin\matcli.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoffi~1.lnk - c:\program files\hewlett-packard\hp officejet series 700\bin\HPOstr05.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

uPolicies-system: DisableTaskMgr = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/CLUE%20Classic/Images/stg_drm.ocx

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab

DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220661839984

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab

DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab

DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/CLUE%20Classic/Images/armhelper.ocx

DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://livenj02.custhelp.com/8102-b424h/rnl/java/RntX.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lisa\applic~1\mozilla\firefox\profiles\qwrmmmzu.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GAM&o=15364&locale=en_US&q=

FF - component: c:\documents and settings\lisa\application data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\FFTextLinks.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\lisa\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-5-10 30320]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-5 242896]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-5-10 24400]

S0 luukw;luukw; [x]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-5 216200]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-5 29512]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-2-21 916760]

S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-21 308064]

S2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-5-10 6367576]

S2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-5-10 54792]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-22 24652]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [2008-12-5 56576]

S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\saiuFF0C.sys [2008-12-5 19584]

=============== Created Last 30 ================

2010-05-11 02:39:40 176 ----a-w- c:\documents and settings\lisa\defogger_reenable

2010-05-11 02:15:59 0 d-----w- c:\windows\PRAGMAcwbwqwecxn

2010-05-11 01:48:06 61440 ----a-w- c:\windows\system32\PxSecure.dll

2010-05-11 01:48:06 54792 ----a-w- c:\windows\system32\drivers\pxrts.sys

2010-05-11 01:48:06 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys

2010-05-11 01:48:06 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2010-05-11 01:48:06 0 d-----w- c:\program files\Prevx

2010-05-11 01:48:02 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI

2010-05-11 01:41:14 0 d-----w- c:\windows\PRAGMAnsvpiwwkic

2010-05-11 01:32:12 0 d-----w- C:\Combo-Fix8689C

2010-05-11 01:30:21 0 d-----w- C:\Combo-Fix

2010-05-11 00:53:07 0 d-sha-r- C:\cmdcons

2010-05-11 00:48:06 77312 ----a-w- c:\windows\MBR.exe

2010-05-11 00:48:05 98816 ----a-w- c:\windows\sed.exe

2010-05-11 00:48:05 256512 ----a-w- c:\windows\PEV.exe

2010-05-11 00:48:05 161792 ----a-w- c:\windows\SWREG.exe

2010-05-09 17:23:42 0 d-----w- c:\docume~1\alluse~1\applic~1\vsosdk

2010-05-08 22:10:28 0 d-----w- c:\docume~1\lisa\applic~1\Microgaming

2010-05-07 16:25:05 50990 ----a-w- c:\windows\system32\lgwcvehvajvrvu.exe

2010-05-07 16:24:49 0 d-----w- c:\docume~1\lisa\applic~1\F20E48F139A4DC440B555B5B04CF786C

2010-04-28 14:48:33 87608 ----a-w- c:\docume~1\lisa\applic~1\inst.exe

2010-04-28 14:48:33 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-04-28 14:48:33 47360 ----a-w- c:\docume~1\lisa\applic~1\pcouffin.sys

2010-04-28 14:48:18 65602 ----a-w- c:\windows\system32\cook3260.dll

2010-04-28 14:48:18 217127 ----a-w- c:\windows\system32\drv43260.dll

2010-04-28 14:48:18 208935 ----a-w- c:\windows\system32\drv33260.dll

2010-04-28 14:48:18 176165 ----a-w- c:\windows\system32\drv23260.dll

2010-04-28 14:48:18 102439 ----a-w- c:\windows\system32\sipr3260.dll

2010-04-28 14:48:17 626688 ----a-w- c:\windows\system32\vp7vfw.dll

2010-04-28 14:48:17 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll

2010-04-28 14:48:15 0 d-----w- c:\program files\VSO

2010-04-27 13:36:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-04-27 13:35:01 0 d-----r- c:\program files\Skype

==================== Find3M ====================

2010-04-22 14:00:36 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-29 19:24:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-29 19:24:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-13 13:02:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-13 13:01:40 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-07 20:23:41 855 ----a-w- c:\program files\Play DominoesStars.lnk

============= FINISH: 22:43:09.71 ===============

Link to post
Share on other sites

  • 3 weeks later...

Hello Lisa M,

As it appears you have not had any replies, and also, it has been more than 2 weeks, please let us know if you have resolved all your issues ?

If not, let me know that too right away, and get a fresh DDS log and Gmer log too

as per steps outlined in directions here

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.