PDA

View Full Version : Followup to Fraud AntiMalwareDoctor: Returns After Removal & Immunization; MSW Explor



MJWolter
2010-11-28, 02:17
1. Link to my earlier thread: http://forums.spybot.info/showthread.php?t=60083&page=2

2. Current situation: As I planned to when last I post, I now have taken the infected PC to Staples, which recovered whatever data they could (My last backup, unfortunately, had been in August 2010.), wiped the hard drive, and reinstalled operating system and drivers. They gave me the DVD containing the data, which might contain all or most of the data that had been on my hard drive. The problem is, it might contain ALL of the data, including the viruses, etc., that AntiMalware Doctor was kind enough to provide. Should I forget about my August-November data or can I safely scan the DVD before exploring it to find essential data?

3. Attach.txt zipped and attached.

4. DDS log:


DDS (Ver_10-11-27.01) - NTFSx86
Run by Wolter at 18:53:36.86 on Sat 11/27/2010
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.839 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Wolter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQI1XVSW\dds[1].scr

============== Pseudo HJT Report ===============

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\users\wolter\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-11-21 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-11-21 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-11-21 144704]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-11-21 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-21 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-21 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-11-21 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-11-21 40552]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-11-27 1153368]

=============== Created Last 30 ================

2010-11-27 22:00:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-27 22:00:06 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-11-22 07:09:00 -------- d-----w- c:\windows\system32\x64
2010-11-22 07:07:39 -------- d-----w- c:\users\wolter\Roaming
2010-11-22 07:07:38 -------- d-----w- c:\progra~2\Roaming
2010-11-22 07:05:59 -------- d-----w- c:\program files\Cisco
2010-11-22 07:05:45 -------- d-----w- c:\program files\common files\Intel
2010-11-22 07:05:12 229888 ----a-w- c:\windows\system32\msshsq.dll
2010-11-22 07:00:04 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-11-22 07:00:04 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-11-22 07:00:04 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-11-22 07:00:04 11264 ----a-w- c:\windows\system32\icardres.dll
2010-11-22 06:59:59 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-11-22 06:59:58 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-11-22 06:59:58 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-22 06:59:58 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-22 04:47:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-11-22 04:47:56 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-11-22 04:47:56 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-11-22 04:47:55 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-11-22 04:47:55 24064 ----a-w- c:\windows\system32\lpk.dll
2010-11-22 04:47:55 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-11-22 04:42:45 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-11-22 04:42:45 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-11-22 04:42:45 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-11-22 04:42:45 272896 ----a-w- c:\windows\system32\polstore.dll
2010-11-22 04:39:42 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-11-22 04:39:42 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-11-22 04:38:15 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-11-22 04:38:15 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-11-22 04:38:14 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-11-22 04:36:48 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-11-22 04:36:48 707072 ----a-w- c:\program files\common files\system\wab32.dll
2010-11-22 04:36:48 41984 ----a-w- c:\program files\windows mail\wabimp.dll
2010-11-22 04:36:48 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-11-22 04:36:48 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-11-22 04:36:48 1098752 ----a-w- c:\program files\common files\system\wab32res.dll
2010-11-22 04:36:47 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll
2010-11-22 04:36:47 1614848 ----a-w- c:\program files\windows mail\msoe.dll
2010-11-22 04:36:43 397312 ----a-w- c:\program files\windows mail\WinMail.exe
2010-11-22 04:36:42 81408 ----a-w- c:\program files\windows mail\oeimport.dll
2010-11-22 04:36:42 24064 ----a-w- c:\program files\common files\system\DirectDB.dll
2010-11-22 04:35:02 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-11-22 04:35:02 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-11-22 04:35:02 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-11-22 04:35:02 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-11-22 04:35:02 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-11-22 04:35:02 15360 ----a-w- c:\windows\system32\netevent.dll
2010-11-22 04:35:02 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-11-22 04:35:02 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-11-22 04:35:02 10240 ----a-w- c:\windows\system32\finger.exe
2010-11-22 04:33:04 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-11-22 04:33:03 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2010-11-22 04:33:02 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2010-11-22 04:33:01 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2010-11-22 04:33:01 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2010-11-22 04:33:01 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-11-22 04:33:01 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2010-11-22 04:33:01 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2010-11-22 04:32:59 542720 ----a-w- c:\windows\system32\sysmain.dll
2010-11-22 04:31:34 194560 ----a-w- c:\windows\system32\WebClnt.dll
2010-11-22 04:31:34 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2010-11-22 04:30:14 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-11-22 04:30:13 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-11-22 04:30:13 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-11-22 04:30:13 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-11-22 04:30:12 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-11-22 04:30:12 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-11-22 04:28:37 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-11-22 04:28:37 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-11-22 04:28:36 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-11-22 04:28:36 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-11-22 04:27:01 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-22 04:25:33 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-22 04:25:33 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-22 04:25:32 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-22 04:24:07 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-22 04:24:07 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-11-22 04:22:48 98816 ----a-w- c:\windows\system32\mfps.dll
2010-11-22 04:22:48 2855424 ----a-w- c:\windows\system32\mf.dll
2010-11-22 04:22:47 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-11-22 04:22:47 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-11-22 04:22:47 2048 ----a-w- c:\windows\system32\mferror.dll
2010-11-22 04:21:15 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-22 04:21:15 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-22 04:17:04 376832 ----a-w- c:\windows\system32\winhttp.dll
2010-11-22 04:15:41 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-11-22 04:14:16 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-22 04:11:39 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-11-22 04:10:21 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2010-11-22 04:10:21 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2010-11-22 04:07:24 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2010-11-22 04:06:10 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-11-22 04:06:10 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-11-22 04:04:50 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-22 04:03:26 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-22 04:03:26 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-11-22 04:03:26 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-11-22 04:02:01 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-11-22 03:59:20 414208 ----a-w- c:\windows\system32\msscp.dll
2010-11-22 03:58:05 713728 ----a-w- c:\windows\system32\timedate.cpl
2010-11-22 03:56:42 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2010-11-22 03:55:24 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2010-11-22 03:55:24 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2010-11-22 03:55:23 86016 ----a-w- c:\windows\system32\icfupgd.dll
2010-11-22 03:55:23 61952 ----a-w- c:\windows\system32\cmifw.dll
2010-11-22 03:55:23 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2010-11-22 03:55:23 16896 ----a-w- c:\windows\system32\wfapigp.dll
2010-11-22 03:52:52 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2010-11-22 03:52:52 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2010-11-22 03:52:51 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2010-11-22 03:52:51 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2010-11-22 03:50:03 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-11-22 03:50:03 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2010-11-22 03:50:03 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-11-22 03:50:02 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-11-22 03:50:02 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-11-22 03:50:02 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-11-22 03:50:02 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-11-22 03:50:02 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-11-22 03:46:21 2048 ----a-w- c:\windows\system32\tzres.dll
2010-11-22 03:44:57 696832 ----a-w- c:\windows\system32\localspl.dll
2010-11-22 03:42:31 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-11-22 03:42:31 25656 ----a-w- c:\windows\system32\drivers\msahci.sys
2010-11-22 03:42:31 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-11-22 03:42:31 17464 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-11-22 03:42:31 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-11-22 03:42:30 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-11-22 03:42:30 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-11-22 03:41:29 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2010-11-22 03:39:23 2923520 ----a-w- c:\windows\explorer.exe
2010-11-22 03:38:15 8704 ----a-w- c:\windows\system32\hcrstco.dll
2010-11-22 03:38:15 8704 ----a-w- c:\windows\system32\hccoin.dll
2010-11-22 03:38:15 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-11-22 03:38:15 23040 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-11-22 03:38:15 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-11-22 03:38:14 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-22 03:38:14 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-11-22 03:38:14 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-11-22 03:35:59 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-11-22 03:34:48 7680 ----a-w- c:\windows\system32\lsass.exe
2010-11-22 03:34:48 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-22 03:34:48 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-11-22 03:34:48 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-11-22 03:34:48 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-22 03:34:48 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-22 03:34:47 272384 ----a-w- c:\windows\system32\schannel.dll
2010-11-22 03:33:40 24064 ----a-w- c:\windows\system32\netcfg.exe
2010-11-22 03:31:59 3102720 ----a-w- c:\windows\system32\NlsData004e.dll
2010-11-22 03:27:45 1585664 ----a-w- c:\windows\system32\setupapi.dll
2010-11-22 03:25:17 549888 ----a-w- c:\windows\system32\rpcss.dll
2010-11-22 03:25:16 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-11-22 03:25:15 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-11-22 03:25:15 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-11-22 03:25:15 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-11-22 03:25:15 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-11-22 03:25:15 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-11-22 03:25:14 53248 ----a-w- c:\windows\system32\iasads.dll
2010-11-22 03:25:13 97280 ----a-w- c:\windows\system32\iasrecst.dll
2010-11-22 03:25:13 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2010-11-22 03:25:13 158720 ----a-w- c:\windows\system32\sdohlp.dll
2010-11-22 03:24:03 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-11-22 03:24:03 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-11-22 03:21:53 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-11-22 03:21:53 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-11-22 03:21:53 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2010-11-22 03:21:53 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-11-22 03:21:53 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-11-22 03:21:53 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-11-22 03:21:52 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-22 03:20:47 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-11-22 03:19:52 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2010-11-22 03:18:50 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2010-11-22 03:18:50 223232 ----a-w- c:\windows\system32\WMASF.DLL
2010-11-22 03:18:50 2048 ----a-w- c:\windows\system32\asferror.dll
2010-11-22 03:17:53 25600 ----a-w- c:\windows\system32\amxread.dll
2010-11-22 03:17:52 14848 ----a-w- c:\windows\system32\apilogen.dll
2010-11-22 03:16:47 33280 ----a-w- c:\windows\system32\slwmi.dll
2010-11-22 03:16:47 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2010-11-22 03:16:47 223232 ----a-w- c:\windows\system32\SLC.dll
2010-11-22 03:16:46 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2010-11-22 03:16:46 351232 ----a-w- c:\windows\system32\SLUI.exe
2010-11-22 03:16:46 186368 ----a-w- c:\windows\system32\SLLUA.exe
2010-11-22 03:16:45 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2010-11-22 03:16:45 39936 ----a-w- c:\windows\system32\slcinst.dll
2010-11-22 03:16:45 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2010-11-22 03:15:34 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-11-22 03:15:33 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-11-22 03:15:33 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-11-22 03:14:24 97792 ----a-w- c:\windows\system32\cabview.dll
2010-11-22 03:12:42 61440 ----a-w- c:\windows\system32\ntprint.exe
2010-11-22 03:12:42 220160 ----a-w- c:\windows\system32\ntprint.dll
2010-11-22 03:12:41 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2010-11-22 03:12:40 1984512 ----a-w- c:\windows\system32\authui.dll
2010-11-22 03:12:40 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2010-11-22 03:12:38 69632 ----a-w- c:\windows\system32\sendmail.dll
2010-11-22 03:12:37 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2010-11-22 03:11:40 441856 ----a-w- c:\windows\system32\win32spl.dll
2010-11-22 03:11:40 37376 ----a-w- c:\windows\system32\printcom.dll
2010-11-22 03:10:49 2031104 ----a-w- c:\windows\system32\win32k.sys
2010-11-22 03:09:05 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-11-22 03:09:05 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-11-22 03:08:10 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-11-22 03:08:10 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-11-22 03:08:10 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-11-22 03:07:02 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-11-22 03:07:02 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-11-22 03:07:02 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-11-22 03:07:02 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-11-22 03:07:02 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-11-22 03:07:01 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-11-22 03:07:01 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-11-22 03:07:01 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-11-22 03:07:01 472576 ----a-w- c:\windows\system32\secproc.dll
2010-11-22 03:06:07 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll
2010-11-22 03:06:07 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe
2010-11-22 03:06:07 11776 ----a-w- c:\windows\system32\sbunattend.exe
2010-11-22 03:04:39 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-11-22 03:04:39 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-11-22 03:04:02 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2010-11-22 02:51:44 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-11-22 02:51:43 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-22 02:51:41 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-11-22 02:51:41 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-11-22 02:51:40 83968 ----a-w- c:\windows\system32\mscories.dll
2010-11-22 02:37:04 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-11-22 02:37:02 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-11-22 02:37:02 1686528 ----a-w- c:\windows\system32\gameux.dll
2010-11-22 02:36:23 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-11-22 02:36:23 94720 ----a-w- c:\windows\system32\logagent.exe
2010-11-22 02:35:47 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2010-11-22 02:35:34 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-11-22 02:35:34 737792 ----a-w- c:\windows\system32\inetcomm.dll
2010-11-22 02:35:12 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-11-22 02:34:49 1645568 ----a-w- c:\windows\system32\connect.dll
2010-11-22 02:34:28 5120 ----a-w- c:\windows\system32\wmi.dll
2010-11-22 02:34:28 152576 ----a-w- c:\windows\system32\imagehlp.dll
2010-11-22 02:34:28 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2010-11-22 02:34:12 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2010-11-22 02:33:34 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-11-22 02:33:34 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-11-22 02:33:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-11-22 02:32:07 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-11-22 02:31:52 974336 ----a-w- c:\windows\system32\crypt32.dll
2010-11-22 02:31:40 274432 ----a-w- c:\windows\system32\raschap.dll
2010-11-22 02:31:39 232960 ----a-w- c:\windows\system32\rastls.dll
2010-11-22 02:31:19 321536 ----a-w- c:\windows\system32\WSDApi.dll
2010-11-22 02:31:04 99840 ----a-w- c:\windows\system32\poqexec.exe
2010-11-22 02:30:57 633856 ----a-w- c:\windows\system32\user32.dll
2010-11-22 02:29:53 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-11-22 02:29:53 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-11-22 02:29:53 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-11-22 02:29:52 88576 ----a-w- c:\windows\system32\avifil32.dll
2010-11-22 02:29:52 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-11-22 02:29:52 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-11-22 02:29:52 31232 ----a-w- c:\windows\system32\msvidc32.dll
2010-11-22 02:29:52 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-11-22 02:29:52 1327616 ----a-w- c:\windows\system32\quartz.dll
2010-11-22 02:29:52 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-11-22 02:28:56 750080 ----a-w- c:\windows\system32\qmgr.dll
2010-11-22 02:28:41 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-11-22 02:28:14 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-22 02:28:12 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-11-22 02:28:11 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-11-22 02:28:11 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-11-22 02:28:11 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2010-11-22 02:28:10 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-11-22 02:28:10 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2010-11-22 02:28:07 311296 ----a-w- c:\windows\system32\unregmp2.exe
2010-11-22 02:28:07 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe
2010-11-22 01:16:49 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-11-22 01:16:49 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-11-22 01:16:49 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-11-22 01:16:41 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-11-22 01:15:48 -------- d-----w- c:\program files\common files\McAfee
2010-11-22 01:15:47 -------- d-----w- c:\program files\McAfee.com
2010-11-22 01:15:34 -------- d-----w- c:\program files\McAfee
2010-11-22 01:10:11 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-11-22 01:01:08 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-11-22 01:00:39 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-11-22 01:00:16 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-11-22 01:00:16 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-11-15 14:31:07 368640 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2010-11-15 14:31:07 327680 ----a-w- c:\windows\system32\Remove_eRecovery.exe
2010-11-15 14:31:07 16384 ----a-w- c:\windows\system32\LauncheRyAgentUser.exe
2010-11-15 14:31:07 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2010-11-15 14:31:03 -------- d-----w- C:\Acer
2010-11-15 14:30:57 -------- d-----w- c:\program files\Acer Inc
2010-11-15 14:29:42 -------- d-sh--w- c:\windows\Installer
2010-11-15 14:24:11 -------- d-----w- c:\program files\Synaptics
2010-11-15 14:24:01 90112 ----a-w- c:\windows\system32\snymsico.dll
2010-11-15 14:24:01 45568 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2010-11-15 14:24:01 43008 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2010-11-15 14:24:01 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2010-11-15 14:24:01 172032 ----a-w- c:\windows\system32\rixdicon.dll
2010-11-15 14:23:43 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2010-11-15 14:23:42 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2010-11-15 14:23:42 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2010-11-15 14:23:42 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2010-11-15 14:23:42 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2010-11-15 14:23:42 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2010-11-15 14:23:41 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2010-11-15 14:23:41 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2010-11-15 14:22:38 -------- d-----w- c:\windows\system32\ENU
2010-11-15 14:22:36 936472 ----a-r- c:\windows\system32\imsmudlg.exe
2010-11-15 14:20:28 920088 ----a-r- c:\windows\system32\igxpun.exe
2010-11-15 14:20:28 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-11-15 14:20:28 -------- d-----w- c:\windows\system32\Lang
2010-11-15 14:20:21 -------- d-----w- C:\Intel
2010-11-15 14:17:04 -------- d-----w- c:\progra~2\Atheros
2010-11-14 22:38:53 -------- d-----w- c:\windows\Panther
2010-11-14 22:38:36 -------- d-sh--w- C:\Boot

==================== Find3M ====================

2010-11-22 04:45:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-11-22 04:45:31 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2010-11-22 04:45:30 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-22 04:45:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-22 04:45:25 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-11-22 04:45:25 389120 ----a-w- c:\windows\system32\html.iec
2010-11-22 04:45:24 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-22 04:45:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-22 04:45:19 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-22 04:45:17 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-11-22 03:32:23 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-11-22 03:31:59 3102720 ----a-w- c:\windows\system32\NlsData004c.dll
2010-11-22 03:27:15 40960 ----a-w- c:\windows\system32\srclient.dll
2010-11-22 03:17:52 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2010-11-22 02:37:04 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2010-11-22 02:37:03 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-11-22 02:37:02 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-11-22 02:37:02 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-11-22 02:37:02 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

============= FINISH: 18:54:54.85 ===============

Blade81
2010-12-02, 08:14
Hi,

Scan the DVD with your antivirus program to see if anything bad is found.

Blade81
2010-12-08, 10:54
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.