**TILLY'S LAPPY**

[**Tilly**]

You couldn't be further from the truth Tillymint.

 

 

IT WAS ME YESTERDAY

 

 

 

 

Well ive heard of practice makes perfect....... but that is just taking the pish

 

 

 

 

Edited June 20, 2010 by **Tilly**

[**Tilly**]

Me again

 

Anyone know what logger dll is :-?

it flashes up everytime i start up

logger dll is missing if you reinstall it may load :-|

[Tezcatlipoca]

Me again

 

Anyone know what logger dll is :-?

it flashes up everytime i start up

logger dll is missing if you reinstall it may load :-|

 

Depends entirely on the process trying to run the DLL. Essentially, this might be a genuine process trying tos tart with Windows, but there's an equal chance it belongs to a piece of spyware you've picked up.

 

Please download and install Malwarebytes' Anti-Malware on your PC and run it. When the program pops up, select Perform full scan then click the Scan button. Let it run its course.

 

The reason for this is twofold; firstly if logger.dll belongs to a piece of spyware, this program will almost certainly identify and fix it for you, and, secondly, if logger.dll is part of a genuine program it doesn't hurt to scan your computer anyway, just to clear out any nasties.

 

Once the scan has run, please advise if you still get the logger.dll popup when you start Windows. If so, there's plenty more we can do to investigate/solve it.

[**Tilly**]

Thanks Tez i'm running it now has found 3 infected objects so far and a

malicious thingy

[**Tilly**]

Oki doki scan completed and just those found in last post.... the logger pop up is still popping up

[Tezcatlipoca]

Right-Ho. Next step is to give us Tech Gurus an idea of what is running in, and booting with, Windows. There are a nuber of ways to do this, but we're going to use a program called Hijack This.

 

Please click THIS LINK to download the program. No installation is needed, so once you've downloaded it, just run the program.

 

Select Do a system scan only from the options and let it do its thing.

 

Once it's finished, click Save Log in the bottom left.

 

Save it somewhere on your computer (Desktop will do). Once you save, the log will open in Notepad.

 

Please copy everything from that log and paste it into your next reply here. Either myself or someone else will then be able to take a look and provide further advice.

 

IMPORTANT: Hijack This gives you the option to select various things and fix them. Because the program routinely lists genuine Windows processes as well as possible or actual problems, it is very easy to muck up your system. You are completely safe doing a scan only, but please do not try to fix anything until myself or somebody else here advises you to.

[**Tilly**]

Done as you said...got this message

 

For some reason your system denied write access to the host file.If any Hijacked domains are in this file Hijack may NOT be able to fix this.

 

It ran the scan and listed everything clicked on save log but a blank page on note pad

[Tezcatlipoca]

Hmmm...interesting and potentially telling, but let's try one thing first. Please do the following:

 

1) Find the original log file you saved (probably on your desktop) and open it in Notepad. If it's populated, copy/paste the details here.

2) Ensure you are logged in with an administrator's account, or right click the HiJackThis program and select Run as Administrator or Run as.. and then choose an adminsitrator's account. Can you get a log from it this way?

[**Tilly**]

Have looked everywhere Tez it's not there

[**Tilly**]

This is what comes up

 

CalendarSettings>

-

'*ROOT*'

 

-

'pc user's Calendar'

 

0x00EEFFCC

 

True

 

False

 

 

 

 

 

[Tezcatlipoca]

No problem. We're just going to use an alternative method. Please do the following:

 

1) Download THIS PROGRAM and put it somewhere convenient. Your desktop will do.

2) You can leave CAG open to follow these instructions, but disconnect from the internet, either by pulling the cable out or turning off your wireless connection.

3) Please disable your anti-virus. This can normally be done by right clicking its icon in the system tray in the bottom right, but yours may be different depending on the program you use. Only do this once you have disconnected from the internet. Disabling instructions for most of the major AVs can be found HERE. If you can't disable it, still proceed to the next step.

4) Run the program you downloaded from step 1 and allow it to finish.

5) Once it has finished, it will generate one or two reports in Notepad. Please make sure you save all reports somewhere by going to File, then Save As in the report window(s). I'd stick them on your Desktop so they're easy to find.

6) If you disabled your anti-virus, make sure you restart it again before the next step.

7) Reconnect to the internet, then either attach both reports to your next post (by using the Manage Attachments button below where you Reply to a post) or copy/paste their contents into your next post. You might prefer to attach them, since they will be quite long.

 

Myself or other knowledgeable folks will then be able to advise you further.

Edited June 22, 2010 by Tezcatlipoca

[**Tilly**]

Okay..you may want to go and get a brew

[**Tilly**]

Tez im going to copy and paste it

[**Tilly**]

oops

Edited June 22, 2010 by **Tilly**
being a blonde

[Tezcatlipoca]

Is this all the reports? It should have spat out two; attach.txt which shows the system and installed programs, which this appears to be, and dds.txt which shows the running processes and a pseudo-HJT report.

 

Your post has the installed programs list repeated, so can you please check you have both reports? If not, feel free to run the program again. You've given me the attach.txt report; I just need the dds.txt report as well.

[**Tilly**]

DDS (Ver_10-03-17.01) - NTFSx86

Run by pc user at 12:11:58.77 on 22/06/2010

Internet Explorer: 8.0.6001.18928

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1021.163 [GMT 1:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Windows\vsnp2uvc.exe

C:\Program Files\Comodo\COMODO Internet Security\cfp.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\taskeng.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\pc user\Downloads\HiJackThis.exe

C:\Windows\system32\taskeng.exe

C:\Users\pc user\Downloads\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*Yahoo! Search - Web Search

uStart Page = hxxp://home.sweetim.com

uWindow Title = Windows Internet Explorer provided by Yahoo!

uDefault_Page_URL = hxxp://bt.yahoo.com

mDefault_Page_URL = hxxp://uk.yahoo.com

mDefault_Search_URL = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo! Search - Web Search

mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*Yahoo! Search - Web Search

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo! Search - Web Search

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

mRun: [snp2uvc] c:\windows\vsnp2uvc.exe

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [DelayShred] "c:\program files\mcafee\mshr\shrcl.exe" /p7 /q c:\users\pcuser~1\appdata\local\micros~1\windows\tempor~1\content.ie5\vya14nn4\activi~1.sh! c:\users\pcuser~1\appdata\local\micros~1\windows\tempor~1\content.ie5\0imd163l\TAGGER~1.SH!

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\update~1.lnk - c:\program files\3\3connect\AutoUpdateSrv.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll

Trusted Zone: motive.com\pbttbc.bt

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\windows\system32\guard32.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\pcuser~1\appdata\roaming\mozilla\firefox\profiles\hwypplkc.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-25 64160]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-3-3 16744]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-3-3 218560]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-3-3 30112]

R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-12 148744]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

S2 BecHelperService;BecHelperService;c:\program files\3\3connect\bechelperservice.exe --> c:\program files\3\3connect\BecHelperService.exe [?]

S2 RelevantKnowledge;RelevantKnowledge;c:\windows\system32\rlservice.exe /service --> c:\windows\system32\rlservice.exe [?]

S3 athrusb;TP-LINK Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-4-3 891392]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-20 21504]

 

=============== Created Last 30 ================

 

2010-06-21 16:50:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-21 16:50:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-21 16:50:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-11 23:02:28 67072 ----a-w- c:\windows\system32\asycfilt.dll

2010-06-11 23:02:23 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-06-11 23:02:20 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 08:09:38 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-23 16:04:21 0 d-----w- c:\users\pcuser~1\appdata\roaming\LimeWire

2010-05-23 15:14:44 0 d-----w- c:\programdata\NokiaMusic

2010-05-23 15:11:51 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2010-05-23 14:59:13 91136 ----a-w- c:\windows\system32\nmwcdcls.dll

2010-05-23 14:59:12 0 d-----w- c:\program files\Nokia

 

==================== Find3M ====================

 

2010-06-22 11:04:37 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2010-06-22 08:55:49 11716 ----a-w- c:\windows\bthservsdp.dat

2010-06-12 16:12:50 86016 ----a-w- c:\windows\inf\infpub.dat

2010-06-12 16:12:50 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-06-12 16:12:50 143360 ----a-w- c:\windows\inf\infstor.dat

2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-07 12:47:02 1014 ----a-w- c:\users\pcuser~1\appdata\roaming\wklnhst.dat

2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-05-02 00:46:19 277240 ----a-w- c:\windows\system32\guard32.dll

2010-05-02 00:46:18 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2010-05-02 00:46:17 218560 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2010-05-02 00:46:17 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys

2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys

2010-04-30 10:03:59 10576012 ----a-w- c:\windows\fonts\simfang.ttf

2010-02-09 16:46:20 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-10-04 16:08:45 174 --sha-w- c:\program files\desktop.ini

2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-10-20 21:52:31 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

 

============= FINISH: 12:16:53.51 ===============

this one ?

[Tezcatlipoca]

That's the one, thanks. I have to head into a meeting in 20 minutes to maintain the illusion that I do actually do something vaguely useful at the company, but I'll get back to you in an hour or two when I've finished and had a chance to zip through these logs.

 

Essentially, one of two things is going to happen. These logs will either highlight possible issues, in which case I'll guide you through resolving them, or they'll confirm you are clean and the logger problem is a genuine process that's just running into problems, in which case will sort it.

[**Tilly**]

Okay Tez..and thanks for helping and having the patience

[Tezcatlipoca]

Hurruh. One of the directors is unavailable so the meeting has been postponed until tomorrow.

 

Right then. Firstly, the good news is that your system, at least superficially, appears clean. That is to say there is nothing in your logs that leaps out as being an infection. This is a good thing. There are some minor considerations (such as redundant programs that don't need to be installed), but we'll get to these later.

 

Now, the fact you are superficially clean doesn't necessarilly mean that there aren't things lurking dormant in the system.

The logs you have pasted show nothing obvious starting up with your system, so we're going to dig a little deeper. Malwarebytes' software already found a few problems and, presumably, fixed them, so we're just going to get a clean bill of health using the Panda Online Scanner.

 

Please follow these steps:

 

1) Visit THIS LINK and ensure the Full Scan selection is on, then click the green Scan Now button.

2) You will be asked to install a small piece of software to interact with the cloud servers. This is completely safe to do, and you can do it even whilst all your other protection systems are active.

3) Let the scan finish. Please note that this may take a while, depending on the amount of data to scan.

4) Once done, you'll get an online report. In the upper-right will be a button to Export to: and an image of a page. click the page then save the report somewhere. Finally, please copy/paste that report to a reply here.

Edited June 22, 2010 by Tezcatlipoca

[**Tilly**]

Sorry Tez got called into work...on the case now

[**Tilly**]

Right we are of and running...had to use IE wouldn't let do it on foxy it's on 15% at the mo saying an hour or more as soon as it is done i will post it up

[**Tilly**]

Still scanning and only at 32% and 2 infected files found so far

[Tezcatlipoca]

Good, good. I know it takes a while, but please be patient.

 

And when it's done, remember to click the Export to grab the report. you definitely don't want to accidentally close the browser and have to repeat the scan!

[**Tilly**]

Good, good. I know it takes a while, but please be patient.

 

Will do..will let it do it's thing

 

And when it's done, remember to click the Export to grab the report. you definitely don't want to accidentally close the browser and have to repeat the scan!

 

Written it down lol

[**Tilly**]

ANALYSIS: 2010-06-22 18:58:42

PROTECTIONS: 1

MALWARE: 2

SUSPECTS: 0

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

COMODO Antivirus Yes Yes

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\pc user\appdata\roaming\microsoft\windows\cookies\pc_user@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\pc user\appdata\roaming\microsoft\windows\cookies\pc_user@atdmt[1].txt

;===================================================================================================================================================================================

SUSPECTS

Sent Location

;===================================================================================================================================================================================

;===================================================================================================================================================================================

VULNERABILITIES

Id Severity Description

;===================================================================================================================================================================================

;===================================================================================================================================================================================

 

 

scan has finished..is this what you want ?