Jump to content

leefoo

Members
  • Content Count

    7
  • Joined

  • Last visited

Everything posted by leefoo

  1. I will check at home tonight, but probably not, since the Virus/Malware continues to haunt my machine. Btw, I have a separate thread out on the problem I am having.
  2. I got an SAS msg saying that I had two threats, Security Protection and Smitfraud-C. This seemed like good news since SAS hadn't detected these threats when I scanned before (only SPYBOT did). It suggested I run a scan, so I did. It found 6 tracking cookies, but NOT Sec Pro and Smit malware. What the heck???? Lee
  3. This is from the SPYBOT.dds file. They also had me attach a file (which I've attached here). I hope this helps. . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22 Run by lee at 16:36:10 on 2011-08-30 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6791 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch -netsvcs C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: H - No File uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [screenpresso] "C:\Users\lee\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup uRun: [Google Update] "C:\Users\lee\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [security Protection] C:\ProgramData\defender.exe mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [bCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [<NO NAME>] mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" StartupFolder: C:\Users\lee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MOUSET~1.LNK - C:\Program Files (x86)\MouseTool\MouseTool.exe StartupFolder: C:\Users\lee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\Users\lee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SHELLF~1.LNK - C:\Program Files (x86)\ShellFolderFix\ShellFolderFixUI.exe uPolicies-explorer: NoThemesTab = 0 (0x0) uPolicies-system: NoDispAppearancePage = 0 (0x0) uPolicies-system: NoColorChoice = 0 (0x0) uPolicies-system: NoSizeChoice = 0 (0x0) uPolicies-system: NoVisualStyleChoice = 0 (0x0) uPolicies-system: NoDispSettingsPage = 0 (0x0) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: FilterAdministratorToken = 1 (0x1) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - C:\Users\lee\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\V4.Windowsupdate Trusted Zone: microsoft.com\Windowsupdate Trusted Zone: microsoft.com https\V5.Windowsupdate Trusted Zone: windowsupdate.com\download DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{87359B4B-0BAB-4D2F-B144-6BD8261B2D8E} : DhcpNameServer = 192.168.1.1 BHO-X64: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll TB-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [bCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun-x64: [(Default)] mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\crnjfo95.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.post-gazette.com/sports/ FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - component: C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\crnjfo95.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\crnjfo95.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\crnjfo95.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\components\RadioWMPCoreGecko19.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\lee\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 fsh;fsh;C:\Windows\system32\drivers\fsh.sys --> C:\Windows\system32\drivers\fsh.sys [?] R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-3-9 92160] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S2 BCWipeSvc;BCWipe service;C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe [2010-5-31 95544] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010-10-13 118784] S2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-3-22 517632] S3 Pcouffin64;Low level access layer for CD devices;C:\Windows\system32\Drivers\pcouffin64a.sys --> C:\Windows\system32\Drivers\pcouffin64a.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 BCSWAP;BCSWAP;C:\Windows\system32\drivers\BCSWAP.sys --> C:\Windows\system32\drivers\BCSWAP.sys [?] . =============== Created Last 30 ================ . 2011-08-29 01:22:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2011-08-29 00:38:01 -------- d-----w- C:\Windows\Content.IE5 2011-08-28 16:18:36 -------- d-----w- C:\Users\lee\AppData\Roaming\SUPERAntiSpyware.com 2011-08-28 16:18:11 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2011-08-28 03:18:22 3558 ----a-w- C:\Windows\SysWow64\tmp.reg 2011-08-28 00:16:10 -------- d-----w- C:\sh4ldr 2011-08-28 00:16:10 -------- d-----w- C:\Program Files\Enigma Software Group 2011-08-28 00:15:37 -------- d-----w- C:\Windows\8AE3EC14EAF84064958AC340C66EDD44.TMP 2011-08-27 23:24:31 20480 ----a-w- C:\Windows\svchost.exe 2011-08-27 13:54:28 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8EDB30A5-2734-444C-8B10-1D06E2C76E25}\mpengine.dll 2011-08-24 12:07:33 -------- d-----w- C:\Users\lee\AppData\Local\mdnslib 2011-08-24 12:07:25 -------- d-----w- C:\Windows\Applian Director 2011-08-24 12:07:25 -------- d-----w- C:\Program Files (x86)\Applian Director 2011-08-24 12:07:06 -------- d-----w- C:\Windows\Replay Music 2011-08-24 12:07:06 -------- d-----w- C:\Program Files (x86)\Replay Music 4 2011-08-24 00:03:23 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll 2011-08-24 00:03:23 335872 ----a-w- C:\Windows\SysWow64\NCTAudioVisualization2.dll 2011-08-24 00:03:23 311296 ----a-w- C:\Windows\SysWow64\NCTAudioRecord2.dll 2011-08-24 00:03:23 1843200 ----a-w- C:\Windows\SysWow64\NCTAudioFile2.dll 2011-08-23 21:38:15 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-08-23 21:38:15 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-08-06 17:30:56 -------- d-----w- C:\ProgramData\EA Logs 2011-08-06 17:19:00 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll 2011-08-06 17:19:00 520544 ----a-w- C:\Windows\System32\d3dx10_41.dll 2011-08-06 17:19:00 453456 ----a-w- C:\Windows\SysWow64\d3dx10_41.dll 2011-08-06 17:19:00 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll 2011-08-06 17:19:00 2430312 ----a-w- C:\Windows\System32\D3DCompiler_41.dll 2011-08-06 17:19:00 1846632 ----a-w- C:\Windows\SysWow64\D3DCompiler_41.dll 2011-08-06 17:17:46 -------- d-----w- C:\Windows\SysWow64\AGEIA . ==================== Find3M ==================== . 2011-08-13 18:20:54 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-28 23:56:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-06-26 17:09:53 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-06-26 17:09:53 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe 2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-06-21 06:20:53 1188864 ----a-w- C:\Windows\System32\wininet.dll 2011-06-21 05:28:33 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-06-21 04:09:00 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys 2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll 2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll 2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll 2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll 2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll 2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll 2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll 2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll 2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll 2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys Attach.txt
  4. I have the DDS log from SPYBOT. Do you want that? I'll post it in the next frame Btw, it says that my SVCHOST.exe is infected. I got an updated to the SAS Threat app. I ran SAS again and all it gave me were some Ad trackers again.
  5. I'm running Threat Check now, but I am curious.......... SMITFRAUD and Security Protection have been around for years. Is there not a 'blanket' solution? Or is each system different? Thx
  6. Thanks for your quick reply. I will download the THREAT software tonight (I am at work right now) and give you a response.
  7. I am very disappointed in SAS. Background: Somehow I got infected with the subject malware and have tried some 'auto' removals and manual removals, but these things keep coming back! SAS' ads said they'd remove EVERYTHING (I found them while searching on Google for a SMITFRAUD C-gp solution)! Well, guess what....it didn't. I thought it had, after I went a whole session without these malware pain in the butts coming back. So, I paid $39.95 for a lifetime subscription. But I turn on my computer tonight, and within 5 min, I got hijacked again. I even set up SAS (I thought) to supposedly stop this stuff before it 'kicks' in again. I just ran a scan and it doesn't even know I have malware on my system now. SPYBOT found it (but couldn't fix it....I was hoping SAS could, but no............) I am about ready to reformat my C drive unless I can get rid of this by the weekend. Reformatting is a last resort! Pls help me with this. If you can't, I would like my money back. Thx Lee
×
×
  • Create New...