Jump to content

Trojan and possible rootkit infection please help!


Recommended Posts

My typical anti-virus software is norton 360 antivirus and software firewall. Norton located the virus trojan.zephart(sp?) and quarantined it. I believe it was only catching a part of the virus because it would frequently find new entries of the virus with random letter names for the file. My norton subscription had to be reactivated, I downloaded and installed the newest version. Norton 360 now does not run at all.

Malwarebytes software will run and scan properly but when I attempt to run the automatic update it freezes every time.

I am also receiving frequent windows explorer freezes and crashes.

When I attempt to run the gmer rootkit scanner I am receiving the error:

C:\Windows\system32\system: The process cannot access the file because it is being used by another process.

after clicking ok through this error the scan does run.

Thanks in advance for any help you can give me!

DDS (Ver_10-03-17.01) - NTFSX64

Run by Skorch at 20:26:51.74 on Mon 08/30/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.2164 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Norton 360\Norton 360\Engine\4.1.0.32\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files (x86)\Razer\Lachesis\razerhid.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe

C:\Program Files (x86)\Razer\Lachesis\OSD.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe

C:\Program Files (x86)\Razer\Lachesis\razerofa.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Users\Skorch\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Razer\Lachesis\razertra.exe

C:\Users\Skorch\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\sppsvc.exe

C:\Users\Skorch\Desktop\dds (1).scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton 360\norton 360\engine\4.1.0.32\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton 360\norton 360\engine\4.1.0.32\IPSBHO.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton 360\norton 360\engine\4.1.0.32\coIEPlg.dll

{555d4d79-4bd2-4094-a395-cfc534424a05}

mRun: [Lachesis] c:\program files (x86)\razer\lachesis\razerhid.exe

uPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files (x86)\pokerstars\PokerStarsUpdate.exe

LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\skorch\appdata\roaming\mozilla\firefox\profiles\uqnbeq5v.default\

FF - prefs.js: browser.startup.homepage - hxxp://matcmadison.edu/matc/

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files (x86)\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\users\skorch\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-9-14 53488]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360x64\0401000.020\SymDS64.sys [2010-8-27 433200]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0401000.020\SymEFA64.sys [2010-8-27 221232]

R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100211.001\BHDrvx64.sys [2010-8-27 676912]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0401000.020\cchpx64.sys [2010-8-27 615040]

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk64.sys [2010-5-12 28120]

R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20091105.001\IDSVia64.sys [2010-8-27 466992]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360x64\0401000.020\Ironx64.sys [2010-8-27 149552]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360x64\0401000.020\symtdiv.sys [2010-8-27 451120]

R2 N360;Norton 360;c:\program files (x86)\norton 360\norton 360\engine\4.1.0.32\ccSvcHst.exe [2010-8-27 126392]

R2 NIS;Norton Internet Security.;c:\program files (x86)\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-25 126392]

R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-8-17 30336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files (x86)\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 132656]

S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-7-26 50072]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-9-10 19544]

S3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-5 1255736]

S4 Norton Internet Security;Norton Internet Security;"c:\program files (x86)\norton internet security\engine\16.7.2.11\ccsvchst.exe" /s "norton internet security" /m "c:\program files (x86)\norton internet security\engine\16.7.2.11\dimaster.dll" /prefetch:1 --> c:\program files (x86)\norton internet security\engine\16.7.2.11\ccSvcHst.exe [?]

=============== Created Last 30 ================

2010-08-31 01:23:05 20 ----a-w- c:\users\skorch\defogger_reenable

2010-08-27 20:43:05 347 ----a-w- c:\users\skorch\Puter - Shortcut (3).lnk

2010-08-27 20:43:03 347 ----a-w- c:\users\skorch\Puter - Shortcut.lnk

2010-08-27 20:43:03 347 ----a-w- c:\users\skorch\Puter - Shortcut (2).lnk

2010-08-27 20:35:16 0 d-----w- c:\programdata\NVIDIA Corporation

2010-08-27 20:31:36 0 d-----w- c:\users\skorch\appdata\roaming\Tific

2010-08-27 20:25:44 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-08-27 20:25:44 126312 ----a-r- c:\windows\system32\GEARAspi64.dll

2010-08-27 20:25:44 107368 ----a-r- c:\windows\syswow64\GEARAspi.dll

2010-08-27 20:20:46 861184 ----a-w- c:\windows\system32\oleaut32.dll

2010-08-27 20:20:46 571904 ----a-w- c:\windows\syswow64\oleaut32.dll

2010-08-27 20:16:02 65536 --sha-w- c:\users\skorch\ntuser.dat{2f633dcd-b146-11df-ad57-005056c00008}.TM.blf

2010-08-27 20:16:02 524288 --sha-w- c:\users\skorch\ntuser.dat{2f633dcd-b146-11df-ad57-005056c00008}.TMContainer00000000000000000002.regtrans-ms

2010-08-27 20:16:02 524288 --sha-w- c:\users\skorch\ntuser.dat{2f633dcd-b146-11df-ad57-005056c00008}.TMContainer00000000000000000001.regtrans-ms

2010-08-27 01:04:28 0 d-----w- c:\programdata\Sun

2010-08-25 19:58:23 0 d-----w- c:\programdata\Update

2010-08-25 19:19:38 0 d-----w- c:\program files\Symantec

2010-08-25 19:18:23 0 d-----w- c:\windows\system32\drivers\N360x64

2010-08-25 19:18:20 0 d-----w- c:\program files (x86)\Norton 360

2010-08-21 23:59:54 0 d-----w- c:\programdata\AIM

2010-08-21 23:59:49 0 d-----w- c:\program files (x86)\AIM

2010-08-20 02:19:33 0 d-----w- c:\users\skorch\appdata\roaming\PokerCreations

2010-08-19 23:18:14 0 d-----w- c:\users\skorch\appdata\roaming\UFC Poker

2010-08-19 23:18:12 0 d-----w- c:\program files (x86)\UFC Poker

2010-08-11 21:08:42 0 d-----w- c:\programdata\TmForever

2010-08-11 21:08:42 0 ----a-w- c:\windows\syswow64\Nadeo.ini

2010-08-09 19:56:17 0 d-----w- c:\users\skorch\.hedgewars

2010-08-06 01:01:00 0 d-----w- c:\programdata\WEBREG

2010-08-06 00:54:34 0 d-----w- c:\program files (x86)\common files\Hewlett-Packard

2010-08-06 00:02:35 796 ------w- c:\windows\hpomdl28.dat.temp

2010-08-06 00:02:35 165349 ------w- c:\windows\hpoins28.dat.temp

2010-08-05 23:53:04 359256 ----a-w- c:\windows\system32\hpzids40.dll

2010-08-05 23:52:59 235008 ----a-w- c:\windows\system32\hpzc35mu.dll

2010-08-05 23:52:59 130560 ----a-w- c:\windows\system32\hpz3l5mu.dll

2010-08-05 23:52:56 671816 ----a-w- c:\windows\system32\hpcdmc32.dll

2010-08-05 23:52:47 938496 ----a-w- c:\windows\system32\hpowiax7.dll

2010-08-05 23:52:47 740864 ----a-w- c:\windows\system32\hpotscl6.dll

2010-08-05 23:52:47 551424 ----a-w- c:\windows\system32\hppldcoi.dll

2010-08-05 23:52:47 505344 ----a-w- c:\windows\system32\hpovst15.dll

2010-08-05 23:51:59 0 d-----w- c:\program files (x86)\HP

2010-08-05 23:47:11 0 d-----w- c:\programdata\HP

2010-08-05 23:40:00 0 d-----w- c:\programdata\Hewlett-Packard

2010-08-02 18:41:39 12867584 ----a-w- c:\windows\syswow64\shell32.dll

==================== Find3M ====================

2010-08-27 20:25:37 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF

2010-08-27 20:25:37 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT

2010-08-27 20:25:37 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll

2010-07-09 21:27:02 159336 ----a-w- c:\windows\system32\nvvsvc.exe

2010-07-09 21:27:02 1585256 ----a-w- c:\windows\system32\nvsvc64.dll

2010-07-09 21:27:02 15314024 ----a-w- c:\windows\system32\nvcpl.dll

2010-07-09 21:27:02 116328 ----a-w- c:\windows\system32\nvmctray.dll

2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll

2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll

2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll

2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll

2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll

2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll

2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe

2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll

2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe

2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe

2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll

2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys

2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll

2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll

2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll

2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-09-14 01:13:57 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2009-09-14 01:13:57 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2009-09-14 01:13:57 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

2009-09-10 05:29:10 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:28:04.51 ===============

attach.zip

Link to post
Share on other sites

Hi,

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.