Jump to content

Random pop ups


Recommended Posts

  • Replies 65
  • Created
  • Last Reply

Top Posters In This Topic

OTM log

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Google Toolbar\gtb3A.tmp.exe not found.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 720202 bytes

->Temporary Internet Files folder emptied: 2811962 bytes

->Java cache emptied: 135048 bytes

->Flash cache emptied: 1809 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16867 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.15.0 log created on 07282010_000257

Files moved on Reboot...

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3A5E.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8A1C.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8AC4.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8B95.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8BA7.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8FB5.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF91BE.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF974A.tmp not found!

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\TEGP7OZS\index[5].htm moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2THZ7V0L\iframe[1].htm moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

File C:\WINDOWS\temp\Perflib_Perfdata_2e0.dat not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

Link to post
Share on other sites

uninstall list

Adobe Flash Player 10 ActiveX

Broadcom Management Programs

Broadcom TPM Driver Installer

Google Toolbar for Internet Explorer

Google Toolbar for Internet Explorer

Google Update Helper

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

Hotfix for Windows XP (KB935448)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB981793)

HP Backup and Recovery Manager

HP Help and Support

HP Performance Tuning Framework

HP Workstation User Guides

Java 6 Update 21

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Visual C++ 2005 Redistributable

Norton AntiVirus

NVIDIA Drivers

NVIDIA nView Desktop Manager

NVIDIA Performance Drivers

PDF Complete

Realtek High Definition Audio Driver

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB898461)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Windows Defender

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows XP Hotfix - KB885222

Link to post
Share on other sites

Make sure you plug in all your removable devices, otherwise you could spread this infecton into another computer.

Flash Drive Disinfector

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Then let me have some others experts look at this topic.

Link to post
Share on other sites

I don't mean to post so hastily, but one thing that concerns me the most is the fact that I can not update MBAM. I have followed the instuctions from the self help guide here, but it still will not let me. I then tried to manually install them, It tells me that the link cannot be found, and then opens a pop up. Whatever i am infected with doesnt want me to update MBAM.

Link to post
Share on other sites

I like to run Bootkit your PC doesn't have all the symptoms, but lets make sure.

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL C
  • Open a Notepad and press CTRL V
  • Post the output back here.

Link to post
Share on other sites

Here is the output

Bootkit Remover

© 2009 eSage Lab

www.esagelab.com

Program version: 1.1.0.0

OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:

\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Boot sector MD5 is: 684a08f018bc557facca041f15265e7f

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.

To inspect the boot code manually, dump the master boot sector:

remover.exe dump <device_name> [output_file]

To disinfect the master boot sector, use the following command:

remover.exe fix <device_name>

Done;

Press any key to quit...

Link to post
Share on other sites

We got it now!

Open Notepad

Copy and Paste everything from the Code box into Notepad:

@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
EXIT

Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

Then in the FILE NAME box type fix.bat.

Save fix.bat to your Desktop.

Run fix.bat by double clicking.

You may see a black box appear; this is normal.

When done, run remover.exe again and post its output.

Link to post
Share on other sites

Finally got, that was wierd here it is

Bootkit Remover

© 2009 eSage Lab

www.esagelab.com

Program version: 1.1.0.0

OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:

\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;

Press any key to quit...

Also my AV is not working right and is advising me to reinstall should I proceed?

Link to post
Share on other sites

Not yet.

Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Here is log from the quick scan

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

7/28/2010 3:48:15 AM

mbam-log-2010-07-28 (03-48-15).txt

Scan type: Quick scan

Objects scanned: 108754

Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Yeah that version is outdated. The new one is 4362. The redirects are gone?

Follow these instructions please:

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.

2. Restart your computer (very important).

3. Download and run this utility. http://www.malwarebytes.org/mbam-clean.exe

4. It will ask to restart your computer (please allow it to).

5. After the computer restarts, install the latest version 1.46 from here. http://www.malwarebytes.org/mbam-download.php

Note: You will need to reactivate the program using the license you were sent

Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan.

Link to post
Share on other sites

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.

Link to post
Share on other sites

That line never came this all i got and i ran it three times to be sure

MBRCheck, version 1.1.1

© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Windows XP MBR code detected

Done! Press ENTER to exit...

Link to post
Share on other sites

Please drag ComboFix Icon into the Recycle Bin.

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Combofix log

ComboFix 10-07-27.02 - Administrator 07/28/2010 4:20.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3055.2435 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

.

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))

.

2010-07-28 09:02 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-28 09:02 . 2010-07-28 09:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-28 09:02 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-28 08:22 . 2010-07-28 08:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec

2010-07-28 08:22 . 2010-07-28 08:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tific

2010-07-28 08:01 . 2010-07-28 08:01 -------- d-----w- c:\program files\7-Zip

2010-07-28 07:35 . 2010-07-28 07:35 0 ----a-w- c:\windows\nsreg.dat

2010-07-28 07:35 . 2010-07-28 07:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2010-07-28 05:02 . 2010-07-28 05:02 -------- d-----w- C:\_OTM

2010-07-27 09:44 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-07-27 09:43 . 2010-07-27 09:43 -------- d-----w- c:\program files\Windows Defender

2010-07-27 09:27 . 2010-07-27 09:27 -------- d-----w- c:\program files\Common Files\Java

2010-07-27 09:26 . 2010-07-27 09:26 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62ee3fed-n\msvcp71.dll

2010-07-27 09:26 . 2010-07-27 09:26 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62ee3fed-n\jmc.dll

2010-07-27 09:26 . 2010-07-27 09:26 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62ee3fed-n\msvcr71.dll

2010-07-27 09:26 . 2010-07-27 09:26 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1a66e7b6-n\decora-sse.dll

2010-07-27 09:26 . 2010-07-27 09:26 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1a66e7b6-n\decora-d3d.dll

2010-07-27 09:26 . 2010-07-27 09:26 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-27 09:26 . 2010-07-27 09:26 -------- d-----w- c:\program files\Java

2010-07-27 09:22 . 2010-07-27 09:22 -------- d-----w- c:\windows\Sun

2010-07-27 05:40 . 2010-07-27 05:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp

2010-07-27 05:40 . 2010-07-27 05:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-07-27 05:35 . 2010-07-27 05:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-07-27 04:50 . 2010-07-28 05:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2010-07-27 04:49 . 2010-07-27 04:49 -------- d-----w- c:\program files\Trend Micro

2010-07-27 04:47 . 2010-07-27 05:35 -------- d-----w- c:\program files\Google

2010-07-27 04:47 . 2010-07-27 04:47 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe

2010-07-27 04:47 . 2010-07-27 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-27 04:35 . 2010-07-27 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2010-07-27 04:35 . 2010-07-27 04:41 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-07-27 04:35 . 2010-07-27 04:41 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-07-27 04:35 . 2010-07-27 04:41 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-07-27 04:35 . 2010-07-27 04:36 -------- d-----w- c:\program files\NVIDIA Corporation

2010-07-27 04:35 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-07-27 04:35 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll

2010-07-27 04:35 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll

2010-07-27 04:35 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-07-27 04:35 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin

2010-07-27 04:35 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll

2010-07-27 04:35 . 2010-07-27 04:35 -------- d-----w- C:\NVIDIA

2010-07-27 03:53 . 2010-07-27 03:53 -------- d-----w- c:\windows\ServicePackFiles

2010-07-27 03:11 . 2010-07-27 04:10 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-07-27 03:09 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-07-27 03:09 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-27 03:09 . 2009-10-15 17:21 82432 ------w- c:\windows\system32\dllcache\fontsub.dll

2010-07-27 03:09 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2010-07-27 03:09 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-07-27 03:07 . 2010-07-28 09:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-07-27 03:07 . 2010-07-28 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-27 03:07 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys

2010-07-27 03:07 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys

2010-07-27 03:07 . 2009-12-31 16:14 352640 ------w- c:\windows\system32\dllcache\srv.sys

2010-07-27 03:06 . 2010-02-24 12:31 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-07-27 03:04 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys

2010-07-27 02:54 . 2008-06-12 14:16 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll

2010-07-27 02:54 . 2008-06-12 14:16 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll

2010-07-27 02:54 . 2008-06-12 14:16 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll

2010-07-27 02:54 . 2008-06-12 14:16 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll

2010-07-27 02:54 . 2008-06-12 14:16 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll

2010-07-27 02:54 . 2008-06-12 14:16 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll

2010-07-27 02:54 . 2008-10-23 13:01 283648 ------w- c:\windows\system32\dllcache\gdi32.dll

2010-07-27 02:54 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe

2010-07-27 02:54 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

2010-07-27 02:53 . 2009-12-24 07:05 177664 ------w- c:\windows\system32\dllcache\wintrust.dll

2010-07-27 02:53 . 2010-01-13 14:10 85504 ------w- c:\windows\system32\dllcache\cabview.dll

2010-07-27 02:53 . 2010-07-27 02:53 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2010-07-27 02:52 . 2010-07-27 02:52 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2010-07-27 02:51 . 2010-07-27 02:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-07-27 02:50 . 2010-07-28 08:00 -------- d-----w- c:\windows\ie8updates

2010-07-27 02:49 . 2010-07-27 02:50 -------- dc-h--w- c:\windows\ie8

2010-07-27 02:49 . 2008-06-24 16:23 74240 ------w- c:\windows\system32\dllcache\mscms.dll

2010-07-27 02:49 . 2009-05-07 15:44 344064 ------w- c:\windows\system32\dllcache\localspl.dll

2010-07-27 02:49 . 2009-11-27 17:33 17920 ------w- c:\windows\system32\dllcache\msyuv.dll

2010-07-27 02:49 . 2009-07-31 04:57 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-07-27 02:43 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-07-27 02:43 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-07-27 02:43 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-07-27 02:43 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-07-27 02:43 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-07-27 02:43 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-07-27 02:43 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-07-27 02:42 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-07-27 02:42 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcache\msctf.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-27 01:19 . 2010-07-27 01:19 -------- d-----w- c:\program files\Program Shortcuts

2010-07-27 01:15 . 2010-07-27 01:15 1744 --sha-r- c:\windows\system32\drivers\103C_HP_WS_HP xw4600 Workstation_YW_0xw_Q2UA805_EU_48WS_I0AA0h_SHP_V_B786F3 v01.04_T071108_WXP2_L409_M3056_J250_7Intel_8Core2 Duo E6850_93_#100726_N14E4167B_()_X_CD6_Z_2_G10DE040E_OATAPI DVD A DH16A1L_DDEFAULT.MRK

2010-07-27 01:15 . 2010-07-27 01:13 -------- d-----w- c:\program files\Hewlett-Packard

2010-07-27 01:14 . 2006-04-26 00:31 91227 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-07-27 01:14 . 2010-07-27 01:14 -------- d-----w- c:\program files\Hewlett-Packard Company

2010-07-27 01:14 . 2010-07-27 01:10 -------- d-----w- c:\program files\Broadcom

2010-07-27 01:13 . 2010-07-27 01:13 -------- d-----w- c:\program files\PDF Complete

2010-07-27 01:13 . 2010-07-27 01:13 -------- d-----w- c:\program files\Common Files\LightScribe

2010-07-27 01:13 . 2010-07-27 01:13 -------- d-----w- c:\program files\Intel

2010-07-27 01:12 . 2010-07-27 01:11 -------- d-----w- c:\program files\HPQ

2010-07-27 01:11 . 2010-07-27 01:11 -------- d-----w- c:\program files\HP

2010-07-27 01:11 . 2010-07-27 01:11 315392 ----a-w- c:\windows\HideWin.exe

2010-07-27 01:11 . 2010-07-27 01:11 -------- d-----w- c:\program files\Realtek

2010-07-27 01:10 . 2010-07-27 01:10 -------- d-----w- c:\program files\Common Files\InstallShield

2010-07-27 01:05 . 2010-07-27 00:53 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-07-27 01:03 . 2010-07-27 01:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SampleView

2010-07-27 01:03 . 2010-07-27 01:03 -------- d-----w- c:\program files\microsoft frontpage

2010-07-27 00:53 . 2010-07-27 00:53 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-07-27 00:53 . 2010-07-27 00:53 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-07-27 00:53 . 2010-07-27 00:53 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-07-27 00:53 . 2010-07-27 00:53 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\program files\Symantec

2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\program files\Norton AntiVirus

2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\program files\Windows Sidebar

2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-07-27 00:51 . 2010-07-27 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-07-27 00:50 . 2010-07-27 00:50 -------- d-----w- c:\program files\NortonInstaller

2010-07-26 23:22 . 2010-07-26 23:22 14024 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-26 23:21 . 2010-07-26 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles

2010-07-26 23:20 . 2010-07-27 01:11 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-09 22:38 . 2010-07-27 01:10 604776 ----a-w- c:\windows\system32\nvudisp.exe

2010-07-09 22:38 . 2010-07-27 00:59 13549568 ----a-w- c:\windows\system32\nvoglnt.dll

2010-07-09 22:38 . 2010-07-27 00:59 236136 ----a-w- c:\windows\system32\nvcodins.dll

2010-07-09 22:38 . 2010-07-27 00:59 236136 ----a-w- c:\windows\system32\nvcod.dll

2010-07-09 22:38 . 2010-07-27 00:59 1388544 ----a-w- c:\windows\system32\nvapi.dll

2010-07-09 22:38 . 2010-07-27 00:59 6343040 ----a-w- c:\windows\system32\nv4_disp.dll

2010-07-09 22:38 . 2010-07-27 00:59 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-07-09 21:24 . 2010-07-09 21:24 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-07-09 21:24 . 2010-07-09 21:24 277608 ----a-w- c:\windows\system32\nvmccs.dll

2010-07-09 21:24 . 2010-07-09 21:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-07-09 21:24 . 2010-07-09 21:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe

2010-07-09 21:24 . 2010-07-09 21:24 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-07-09 21:24 . 2010-07-09 21:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

2010-07-07 18:46 . 2010-07-27 01:10 604776 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-06-14 14:30 . 2004-08-04 07:56 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-05-06 10:41 . 2004-08-04 07:56 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 07:09 . 2004-08-04 06:17 1859968 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-07-27_19.32.58 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-28 09:00 . 2010-07-28 09:00 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat

+ 2010-07-28 08:59 . 2010-07-28 08:59 16384 c:\windows\Temp\Perflib_Perfdata_570.dat

+ 2004-08-04 07:56 . 2009-10-21 06:00 75776 c:\windows\system32\strmfilt.dll

- 2004-08-04 07:56 . 2004-08-04 07:56 75776 c:\windows\system32\strmfilt.dll

- 2006-04-26 00:43 . 2010-07-27 17:52 52968 c:\windows\system32\perfc009.dat

+ 2006-04-26 00:43 . 2010-07-28 09:03 52968 c:\windows\system32\perfc009.dat

+ 2004-08-04 07:56 . 2009-10-21 06:00 25088 c:\windows\system32\httpapi.dll

+ 2009-10-21 06:00 . 2009-10-21 06:00 75776 c:\windows\system32\dllcache\strmfilt.dll

+ 2009-10-21 06:00 . 2009-10-21 06:00 25088 c:\windows\system32\dllcache\httpapi.dll

+ 2004-08-04 07:56 . 2009-08-25 09:47 352256 c:\windows\system32\winhttp.dll

+ 2004-08-04 07:56 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll

- 2004-08-04 07:56 . 2009-03-08 09:33 420352 c:\windows\system32\vbscript.dll

+ 2006-04-26 00:43 . 2010-07-28 09:03 380680 c:\windows\system32\perfh009.dat

- 2006-04-26 00:43 . 2010-07-27 17:52 380680 c:\windows\system32\perfh009.dat

+ 2004-08-04 07:56 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll

- 2004-08-04 07:56 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll

+ 2004-08-04 06:00 . 2009-10-20 14:58 263552 c:\windows\system32\drivers\http.sys

+ 2008-12-16 12:47 . 2009-08-25 09:47 352256 c:\windows\system32\dllcache\winhttp.dll

+ 2009-03-08 09:33 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll

- 2009-03-08 09:33 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll

- 2009-03-08 09:33 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll

+ 2009-03-08 09:33 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll

+ 2009-10-20 14:58 . 2009-10-20 14:58 263552 c:\windows\system32\dllcache\http.sys

+ 2010-07-28 08:00 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll

+ 2010-07-28 08:00 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll

+ 2010-07-28 08:00 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe

+ 2010-07-28 08:00 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll

+ 2010-07-28 08:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe

+ 2010-07-28 08:00 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll

+ 2010-07-28 08:00 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll

+ 2010-07-28 08:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe

+ 2010-07-28 08:00 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll

+ 2009-10-20 14:58 . 2009-10-20 14:58 263552 c:\windows\Driver Cache\i386\http.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-06-25 331288]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\symds.sys [7/26/2010 8:55 PM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\symefa.sys [7/26/2010 8:55 PM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [7/9/2010 9:44 PM 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\cchpx86.sys [7/26/2010 8:55 PM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\ironx86.sys [7/26/2010 8:55 PM 116784]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [7/26/2010 8:55 PM 126392]

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [4/30/2010 6:52 AM 3795560]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [7/26/2010 8:13 PM 540184]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/26/2010 8:02 PM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100726.001\IDSXpx86.sys [7/27/2010 11:39 PM 331640]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/27/2010 12:35 AM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 05:35]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 05:35]

2010-07-28 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o2o9ixg6.default\

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-28 04:22

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(920)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2010-07-28 04:23:16

ComboFix-quarantined-files.txt 2010-07-28 09:23

ComboFix2.txt 2010-07-27 20:35

ComboFix3.txt 2010-07-27 19:33

Pre-Run: 227,001,962,496 bytes free

Post-Run: 227,027,501,056 bytes free

- - End Of File - - 2004BDB69F7BDB64ED64B1260797B1E7

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.