Jump to content

Virus disabling taskbar on startup


Recommended Posts

Hi Everyone,

I spent most of yesterday trying to clean a friends laptop. They had been on a website called watchfreedocumentarys or something. Anyway they had avast installed and it said it was blocking attacks. I scanned with malwarebytes and it found various trojans in the registry and memory which I removed. Since then when I reboot the laptop the taskbar freezes for about half an hour as well as the laptop running really sluggish. I have disabled a suspicious looking startup entry and scanned with various other antivirus programmes and still no joy. It runs fine in safe mode. It is XP by the way.

Has anyone any other suggestions?! I am thinking of backing up the data and reinstalling to be honest!!

Thanks in advance.....

Link to post
Share on other sites

Hi,

Here is result of DDS scan........

I have attached the attach.txt log as well...

GMER to follow shortly.

Thanks again,

DDS (Ver_10-03-17.01) - NTFSx86

Run by Administrator at 21:38:11.20 on 31/08/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.894.359 [GMT 1:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Network Associates\Common Framework\UdaterUI.exe

C:\Program Files\Network Associates\Common Framework\McTray.exe

C:\Program Files\TeamViewer\Version5\TeamViewer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\A4RSRSVM\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [TPSMain] TPSMain.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283207765109

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\x7oqs3wf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {6B8C5132-4B1A-4B9F-A588-D7579757AC82} - c:\documents and settings\administrator\local settings\application data\{6B8C5132-4B1A-4B9F-A588-D7579757AC82}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-9-14 104000]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-2-15 225792]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

=============== Created Last 30 ================

2010-08-31 19:56:09 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-08-31 19:56:09 215920 ----a-w- c:\windows\system32\muweb.dll

2010-08-31 19:56:09 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2010-08-30 21:27:53 12872 ----a-w- c:\windows\system32\bootdelete.exe

2010-08-30 21:25:08 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-08-30 21:24:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2010-08-30 21:24:34 0 d-----w- c:\program files\Hitman Pro 3.5

2010-08-30 19:37:29 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-08-30 19:35:14 0 d-----w- c:\program files\Microsoft Security Essentials

2010-08-30 18:11:30 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-08-30 18:11:24 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-08-30 18:11:22 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-08-30 18:11:16 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-08-30 18:11:10 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-08-30 18:10:35 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2010-08-30 18:10:28 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-08-30 18:10:25 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-08-30 18:10:19 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys

2010-08-30 18:10:17 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-08-30 18:10:14 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2010-08-30 18:09:46 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2010-08-30 18:09:42 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2010-08-30 18:09:35 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2010-08-30 18:09:21 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2010-08-30 18:09:13 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2010-08-30 18:09:06 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2010-08-30 18:09:05 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys

2010-08-30 18:09:04 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll

2010-08-30 18:07:57 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys

2010-08-30 18:07:50 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2010-08-30 18:07:44 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2010-08-30 18:07:43 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys

2010-08-30 18:07:40 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2010-08-30 18:07:34 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2010-08-30 18:07:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2010-08-30 18:07:22 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2010-08-30 18:07:16 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2010-08-30 18:07:10 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2010-08-30 18:07:05 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2010-08-30 18:07:00 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2010-08-30 18:05:57 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2010-08-30 18:05:51 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll

2010-08-30 18:05:45 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2010-08-30 18:05:39 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys

2010-08-30 18:05:33 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2010-08-30 18:05:32 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe

2010-08-30 18:05:25 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2010-08-30 18:05:19 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2010-08-30 18:05:14 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys

2010-08-30 18:05:08 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll

2010-08-30 18:05:03 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys

2010-08-30 18:04:57 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll

2010-08-30 18:04:52 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys

2010-08-30 18:04:46 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll

2010-08-30 18:04:45 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe

2010-08-30 18:04:39 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll

2010-08-30 18:04:33 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys

2010-08-30 18:04:28 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys

2010-08-30 18:04:22 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys

2010-08-30 18:04:16 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys

2010-08-30 18:04:10 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys

2010-08-30 18:04:03 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2010-08-30 18:02:59 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys

2010-08-30 18:02:54 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys

2010-08-30 18:02:49 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2010-08-30 18:02:44 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2010-08-30 18:02:39 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2010-08-30 18:02:34 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll

2010-08-30 18:02:28 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2010-08-30 18:02:23 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll

2010-08-30 18:02:18 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll

2010-08-30 18:02:15 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys

2010-08-30 18:02:09 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2010-08-30 18:02:04 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2010-08-30 18:01:59 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2010-08-30 18:01:53 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2010-08-30 18:01:52 16896 -c--a-w- c:\windows\system32\dllcache\status.dll

2010-08-30 18:01:45 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2010-08-30 18:01:39 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2010-08-30 18:01:39 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll

2010-08-30 18:01:31 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2010-08-30 18:01:24 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys

2010-08-30 18:01:19 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

2010-08-30 18:01:14 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys

2010-08-30 18:01:09 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys

2010-08-30 18:01:04 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys

2010-08-30 17:59:54 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll

2010-08-30 17:58:59 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys

2010-08-30 17:58:54 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll

2010-08-30 17:58:49 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys

2010-08-30 17:58:44 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2010-08-30 17:58:40 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys

2010-08-30 17:58:39 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll

2010-08-30 17:58:28 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2010-08-30 17:58:23 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2010-08-30 17:58:18 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2010-08-30 17:58:13 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2010-08-30 17:58:08 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2010-08-30 17:58:01 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2010-08-30 17:56:55 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll

2010-08-30 17:55:57 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys

2010-08-30 17:55:52 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys

2010-08-30 17:55:46 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll

2010-08-30 17:55:41 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys

2010-08-30 17:55:37 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys

2010-08-30 17:55:32 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys

2010-08-30 17:55:26 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll

2010-08-30 17:55:25 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe

2010-08-30 17:55:24 14848 -c--a-w- c:\windows\system32\dllcache\register.exe

2010-08-30 17:55:15 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys

2010-08-30 17:55:09 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2010-08-30 17:55:04 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys

2010-08-30 17:53:57 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll

2010-08-30 17:52:57 20992 -c--a-w- c:\windows\system32\dllcache\permchk.dll

2010-08-30 17:51:59 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll

2010-08-30 17:51:54 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll

2010-08-30 00:08:57 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys

2010-08-30 00:08:52 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe

2010-08-30 00:08:48 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll

2010-08-30 00:08:43 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys

2010-08-30 00:08:38 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll

2010-08-30 00:08:34 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys

2010-08-30 00:08:29 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys

2010-08-30 00:08:25 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys

2010-08-30 00:08:20 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys

2010-08-30 00:08:15 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys

2010-08-30 00:08:10 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys

2010-08-29 17:49:27 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-08-29 17:49:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-08-29 14:50:52 0 d-----w- c:\program files\Trend Micro

2010-08-29 14:36:29 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2010-08-28 23:31:13 120 ----a-w- c:\windows\Nmegoquqof.dat

2010-08-28 23:31:13 0 ----a-w- c:\windows\Xpekadanap.bin

2010-08-28 23:30:46 80128 -c--a-w- c:\windows\system32\dllcache\parport.sys

2010-08-28 23:30:46 80128 ----a-w- c:\windows\system32\drivers\parport.sys

2010-08-28 23:30:22 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-08-28 23:30:22 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-08-28 23:30:17 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2010-08-28 23:30:17 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2010-08-28 23:29:49 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys

2010-08-28 23:29:49 8192 ----a-w- c:\windows\system32\drivers\changer.sys

2010-08-15 19:32:05 0 d-----w- c:\program files\Defraggler

2010-08-11 15:18:13 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 18:47:27 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2009-10-10 23:09:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009101120091012\index.dat

============= FINISH: 21:38:52.17 ===============

Attach.txt

Link to post
Share on other sites

If GMER is giving you trouble, run this instead:

icon11.gif Please download Rootkit Unhooker and save it on your desktop.

  • Disable your security programs
  • Double click RKUnhookerLE.exe to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

If GMER is giving you trouble, run this instead:

icon11.gif Please download Rootkit Unhooker and save it on your desktop.

  • Disable your security programs
  • Double click RKUnhookerLE.exe to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.