Jump to content

Malware cannot be removed


Recommended Posts

Hello,

I keep getting warnings for dp32.exe trojan and uuu.uuu & xxx.xxx malware. Malwarebytes removes it but the just come back. Any help would be appreciated. Thanks.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4231

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

6/24/2010 1:41:06 AM

mbam-log-2010-06-24 (01-41-06).txt

Scan type: Quick scan

Objects scanned: 128486

Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsdisplaydrivers (Trojan.Backdoor) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Patrick\AppData\Roaming\WindowsDP\dp32.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

C:\Users\Patrick\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Patrick\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Patrick\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

================================================================================

==========================================================================

DDS log:

DDS (Ver_10-03-17.01) - NTFSX64

Run by Patrick at 22:43:44.31 on Wed 06/23/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_10

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2843 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

C:\Windows\system32\lsm.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Yammm\YammmSvc.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\AVG\AVG9\avgnsa.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\explorer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Patrick\Desktop\dds(2).scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=15784&l=dis

mLocal Page = c:\windows\syswow64\blank.htm

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files (x86)\ask.com\GenericAskToolbar.dll

uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files (x86)\pdfforge toolbar\SearchSettings.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre6\bin\ssv.dll

BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files (x86)\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files (x86)\pdfforge toolbar\SearchSettings.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files (x86)\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll

uRun: [Google Update] "c:\users\patrick\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"

mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe

mRun: [switchBoard] c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [searchSettings] c:\program files (x86)\pdfforge toolbar\SearchSettings.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [AdobeAAMUpdater-1.0] "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\patrick\appdata\roaming\mozilla\firefox\profiles\hpvin983.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15781&locale=en_US&q=

FF - component: c:\program files (x86)\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll

FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files (x86)\pdfforge toolbar\ff\components\pdfforgeToolbarFF.dll

FF - component: c:\program files (x86)\pdfforge toolbar\ssff\components\SearchSettingsFF.dll

FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npContribute.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files (x86)\veetle\player\npvlc.dll

FF - plugin: c:\program files (x86)\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files (x86)\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\users\patrick\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\users\patrick\appdata\roaming\mozilla\firefox\profiles\hpvin983.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll

FF - plugin: c:\users\patrick\appdata\roaming\mozilla\firefox\profiles\hpvin983.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-4-24 55280]

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-3-18 269320]

R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-3-18 35536]

R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-3-18 317520]

R2 Application Updater;Application Updater;c:\program files (x86)\application updater\ApplicationUpdater.exe [2010-1-8 380928]

R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-3-21 308064]

R2 YammmSvc;Yet Another Media Meta Manager;c:\program files (x86)\yammm\YammmSvc.exe [2009-9-3 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-29 136176]

S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\19D7.tmp [2010-6-11 6144]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe [2009-12-15 515560]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-11 1255736]

=============== Created Last 30 ================

2010-06-24 02:36:05 188 ----a-w- c:\users\patrick\defogger_reenable

2010-06-11 14:43:32 0 d-----w- c:\users\patrick\appdata\roaming\Xilisoft Corporation

2010-06-11 14:43:19 0 d-----w- c:\program files (x86)\Xilisoft

2010-06-11 14:30:49 0 d-----w- c:\users\patrick\appdata\roaming\Xilisoft

2010-06-11 13:36:56 6144 ------w- c:\windows\system32\19D7.tmp

2010-06-11 13:35:24 6144 ------w- c:\windows\system32\B318.tmp

2010-06-11 13:35:09 0 d-----w- c:\program files (x86)\Sophos

2010-06-11 06:47:02 0 d-----w- c:\users\patrick\appdata\roaming\Malwarebytes

2010-06-11 06:46:49 0 d-----w- c:\programdata\Malwarebytes

2010-06-11 06:46:48 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-11 06:46:34 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-06-11 06:13:46 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-11 06:11:37 0 d-----w- c:\programdata\Lavasoft

2010-06-11 05:55:54 175104 ----a-w- c:\users\patrick\appdata\roaming\SQLite3.dll

2010-06-11 05:55:51 0 d-----w- c:\users\patrick\appdata\roaming\WindowsDP

2010-06-11 02:00:16 0 d-----w- c:\program files (x86)\Ask.com

2010-06-10 23:44:06 49152 ------w- c:\windows\syswow64\INETWH32.dll

2010-06-10 23:44:06 1089536 ------w- c:\windows\syswow64\ROBOEX32.DLL

2010-06-10 03:28:33 0 d-----w- c:\program files (x86)\Red Kawa

2010-06-08 22:27:02 84992 ----a-w- c:\windows\system32\asycfilt.dll

2010-06-08 22:27:02 67584 ----a-w- c:\windows\syswow64\asycfilt.dll

2010-06-08 22:27:00 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-06-08 22:27:00 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-06-08 22:27:00 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-06-08 22:27:00 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-30 02:59:34 0 d-----w- c:\users\patrick\appdata\roaming\Digsby

2010-05-30 02:59:34 0 d-----w- c:\programdata\Digsby

2010-05-30 02:58:56 0 d-----w- c:\program files (x86)\Digsby

2010-05-28 19:04:32 14311680 ----a-w- c:\windows\system32\xlive.dll

2010-05-28 18:57:48 3574 --sh--w- c:\windows\syswow64\sound.mod

2010-05-28 15:44:24 0 d-----w- c:\programdata\Yammm

2010-05-28 15:44:19 0 d-----w- c:\program files (x86)\Yammm

2010-05-28 15:25:17 580096 ----a-w- c:\windows\system32\ac3filter64.acm

2010-05-28 15:25:17 0 d-----w- c:\program files (x86)\AC3Filter

2010-05-28 15:21:55 0 d-----w- c:\program files\MPC HomeCinema (x64)

2010-05-28 15:19:38 0 d-----w- c:\program files (x86)\Haali

2010-05-28 15:16:37 438272 ----a-w- c:\windows\system32\MatroskaSplitter.ax

2010-05-28 04:46:31 0 d-----w- c:\users\patrick\appdata\roaming\BoneTown

2010-05-28 04:39:44 0 d-----w- c:\program files (x86)\BoneTown

2010-05-25 22:42:06 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-05-25 22:42:06 2048 ----a-w- c:\windows\system32\tzres.dll

==================== Find3M ====================

2010-06-02 22:55:52 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2010-06-02 22:55:51 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2010-03-08 12:56:38 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-03-18 01:59:40 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:44:31.33 ===============

Attach.zip

Link to post
Share on other sites

  • 2 weeks later...

Please follow the instructions below to run OTL:

  1. Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
  2. Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
  3. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
    • When the scan completes, it will open two Notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL (which should be on your desktop).
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Note that you can also attach the OTListIt and Extras files to your reply.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.