Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random re-directs of Google Search Results in Firefox


  • This topic is locked This topic is locked
2 replies to this topic

#1 GraemeS

GraemeS

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 17 April 2009 - 12:42 AM

Hi,

I was recently (two days ago) infected with the Prun.exe trojan. I used Malwarebytes to remove it. I noticed that after a bit it would come back, and figured it was due to System Restore, so I disabled that (deleting all save points) and now after a day an several scans using Malwarebytes, no infections found.

Problem is, I've noticed that when doing google searches I sometimes get a re-direct to a different page. Once in a while it will re-direct me to www.google.com/undefined. It doesn't happen all the time, but definitely happens often enough that it has me worried. No idea what it might be, hoping you guys can help me out.

Thanks in advance,
Graeme

Here's my log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Graeme at 1:33:22.32 on 2009-04-17
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1098 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
D:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
D:\Program Files\Nero\Nero 8\Nero Home\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
D:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
D:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\MCE Standby Tool\mst.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\CyberLink\PowerDVD9\PowerDVD9\PDVD9Serv.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Graeme\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\SqueezeCenter\SqueezeTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Graeme\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {D7BF4552-94F1-42BD-F434-3604812C856D} - No File
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - d:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Google Update] "c:\documents and settings\graeme\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "d:\program files\nero\nero 8\nero home\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [UnlockerAssistant] "d:\program files\unlocker\UnlockerAssistant.exe"
mRun: [AVG8_TRAY] d:\progra~1\avg\avg8\avgtray.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [Phase One Media Reader] d:\progra~1\phaseo~1\captur~1\DCIMImp.exe /noscan /CheckAutoStart
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [MCE Standby Tool] "c:\program files\mce standby tool\mst.exe" engine
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RemoteControl9] "d:\program files\cyberlink\powerdvd9\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "d:\program files\cyberlink\powerdvd9\powerdvd9\language\Language.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [<NO NAME>] c:\windows\temp\zp1g8rkc.exe
dRun: [Windows Resurections] c:\windows\temp\zp1g8rkc.exe
StartupFolder: c:\docume~1\graeme\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\squeez~1.lnk - d:\program files\squeezecenter\SqueezeTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {ED324F9E-715D-4BE2-B6DF-44FCB674AADF} - hxxp://shr-p-cdm1/purolator-client-services/Portal/resources/msddsc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {36EB9911-6F11-4F53-9AF9-04427C3BDFAD} = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - d:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - d:\program files\quicktax 2008\ic2008pp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: ,
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\graeme\applic~1\mozilla\firefox\profiles\vfu6pe6i.default\
FF - component: d:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: d:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\graeme\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-10 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-2-10 27656]
R2 a2free;a-squared Free Service;d:\program files\a-squared free\a2service.exe [2008-8-28 380536]
R2 avg8wd;AVG8 WatchDog;d:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-1 298264]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-12 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-2-11 47640]
R2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\drivers\p1c1394.sys [2008-8-4 23168]
R2 SqueezeMySQL;SqueezeMySQL;d:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\docume~1\alluse~1\applic~1\squeez~1\cache\my.cnf squeezemysql --> d:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\docume~1\alluse~1\applic~1\squeez~1\cache\my.cnf SqueezeMySQL [?]
R2 squeezesvc;SqueezeCenter;d:\program files\squeezecenter\server\squeezecenter.exe [2008-3-7 8998999]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\d:\program files\cyberlink\powerdvd\000.fcl --> d:\program files\cyberlink\powerdvd\000.fcl [?]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-2-12 12192]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\program files\sisoftware\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-1-6 98488]
S3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\video3d32.sys --> c:\windows\system32\drivers\Video3D32.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-2-12 189792]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-04-16 23:51 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-16 23:51 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-16 23:51 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-16 23:51 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-16 23:51 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 23:51 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-16 23:51 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-16 23:51 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 23:51 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 23:50 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 23:50 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 23:50 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-16 00:24 155 a------- c:\windows\system32\SelfDel.bat
2009-04-16 00:06 161,792 a------- c:\windows\SWREG.exe
2009-04-16 00:06 98,816 a------- c:\windows\sed.exe
2009-04-16 00:06 <DIR> --d----- C:\ComboFix
2009-04-10 12:55 <DIR> --d----- c:\program files\common files\CyberLink
2009-04-10 12:55 29,480 a------- c:\windows\system32\msxml3a.dll
2009-04-06 01:13 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-06 00:49 <DIR> a-dshr-- C:\cmdcons
2009-04-04 15:04 0 a------- c:\windows\ativpsrm.bin
2009-04-04 15:02 <DIR> --d----- c:\program files\ATI
2009-04-04 15:01 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-04-04 15:01 <DIR> --d----- c:\program files\ATI Technologies
2009-04-04 15:00 <DIR> --d----- C:\ATI
2009-04-03 23:11 <DIR> --d----- c:\windows\system32\AGEIA
2009-04-03 23:11 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-03 21:41 <DIR> --d----- c:\program files\MCE Standby Tool
2009-04-02 16:28 58,742 a------- c:\windows\system32\oodbs.lor
2009-04-01 07:51 <DIR> --d----- c:\windows\system32\oodag
2009-04-01 07:47 <DIR> --d----- c:\program files\OO Software
2009-03-29 01:57 1,970,176 a------- c:\windows\system32\xRaidSetup.exe
2009-03-29 01:57 151,552 a------- c:\windows\system32\xRaidAPI.dll
2009-03-29 01:57 <DIR> --d----- C:\RaidTool
2009-03-29 01:56 <DIR> --d----- c:\windows\RaidTool
2009-03-29 01:56 81,408 a------- c:\windows\system32\drivers\jraid.sys
2009-03-21 10:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll

==================== Find3M ====================

2009-04-10 12:55 505,128 a------- c:\windows\system32\msvcp71.dll
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-27 10:03 6,280,416 -------- c:\windows\system32\drivers\nv4_mini.sys
2009-03-27 10:03 6,186,880 -------- c:\windows\system32\nv4_disp.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-25 21:59 1,316,096 a------- c:\windows\system32\ooscrsav.scr
2009-02-25 21:59 730,368 a------- c:\windows\system32\oodsvct.exe
2009-02-25 21:59 1,352,960 a------- c:\windows\system32\oodag.exe
2009-02-25 21:58 2,553,088 a------- c:\windows\system32\oodtray.exe
2009-02-25 21:57 194,816 a------- c:\windows\system32\oodbs.exe
2009-02-25 21:53 951,552 a------- c:\windows\system32\oodtrrs.dll
2009-02-25 21:53 541,952 a------- c:\windows\system32\oodssrs.dll
2009-02-25 21:53 9,984 a------- c:\windows\system32\oodbsrs.dll
2009-02-25 21:53 8,448 a------- c:\windows\system32\OODAGRS.DLL
2009-02-25 21:52 15,616 a------- c:\windows\system32\OODAGMG.DLL
2009-02-25 18:58 3,565,568 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 17:42 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-02-25 17:41 325,120 a------- c:\windows\system32\ati2dvag.dll
2009-02-25 17:30 11,841,536 a------- c:\windows\system32\atioglxx.dll
2009-02-25 17:30 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-02-25 17:29 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-02-25 17:29 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-02-25 17:29 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-02-25 17:29 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-02-25 17:27 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-02-25 17:26 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-02-25 17:16 3,817,984 a------- c:\windows\system32\ati3duag.dll
2009-02-25 17:09 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-02-25 16:59 2,670,080 a------- c:\windows\system32\ativvaxx.dll
2009-02-25 16:58 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-02-25 16:58 887,724 a------- c:\windows\system32\ativva6x.dat
2009-02-25 16:44 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-02-25 16:40 475,136 a------- c:\windows\system32\atikvmag.dll
2009-02-25 16:38 126,976 a------- c:\windows\system32\atiadlxx.dll
2009-02-25 16:38 17,408 a------- c:\windows\system32\atitvo32.dll
2009-02-25 16:37 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-02-25 16:35 290,816 a------- c:\windows\system32\atiok3x2.dll
2009-02-25 16:32 45,056 a------- c:\windows\system32\aticalrt.dll
2009-02-25 16:32 45,056 a------- c:\windows\system32\aticalcl.dll
2009-02-25 16:32 626,688 a------- c:\windows\system32\ati2cqag.dll
2009-02-25 16:30 3,227,648 a------- c:\windows\system32\aticaldd.dll
2009-02-23 20:05 37,896 a------- c:\windows\system32\drivers\oobctm.sys
2009-02-23 20:03 15,104 a------- c:\windows\system32\ootmapi.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-01 04:20 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-26 13:55 182,995 a------- c:\windows\system32\atiicdxx.dat
2008-02-14 20:13 22,328 a------- c:\docume~1\graeme\applic~1\PnkBstrK.sys
2006-06-23 02:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe
2008-09-06 16:11 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907\index.dat

============= FINISH: 1:33:31.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:44 PM

Posted 02 May 2009 - 12:32 PM

Hello GraemeS,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:44 PM

Posted 13 May 2009 - 12:26 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users