Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus hijacking google search engine results - "wareout"?


  • This topic is locked This topic is locked
2 replies to this topic

#1 elisethestranger

elisethestranger

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 16 July 2009 - 07:59 PM

Hello, this is my first time posting. I've picked up a rather nasty virus on my computer that redirects google search results to random pages. I can usually click on one or two results and get the expected page, but after that it redirects. In addition:

- I can install Malwarebits, but the program will not run once installed. No error message, simply does not open.
- I can install Hijackthis only in safe mode, but it will not run in either safe mode or normal. No error message, simply does not open.
- I could not install a free trial of AVG (I'm sorry, I didn't write down the error message).
- I was able to install Avira.

Thank you in advance for your help!


DDS.txt log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Julia at 20:52:29.99 on Thu 07/16/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3034.1854 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\explorer.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Julia\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\julia\appdata\roaming\mozilla\firefox\profiles\wgre7sm7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/weather/local/48864?lswe=48864&lwsa=WeatherLocalUndeclared&from=searchbox_localwx
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\julia\appdata\roaming\mozilla\firefox\profiles\wgre7sm7.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-

msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-5-29 81920]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-16 108289]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2008-12-4 226640]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-5-29 144672]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-5-29 269216]
S2 SftService;SoftThinks Agent Service;"c:\windows\sminst\sftservice.exe" --> c:\windows\sminst\sftservice.EXE [?]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms

[2008-11-4 22904]

=============== Created Last 30 ================

2009-07-16 20:50 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-16 20:50 <DIR> --d----- c:\programdata\Avira
2009-07-16 20:50 <DIR> --d----- c:\program files\Avira
2009-07-16 20:50 <DIR> --d----- c:\progra~2\Avira
2009-07-16 20:41 <DIR> --d----- c:\program files\Trend Micro
2009-07-16 20:40 270,371,227 a------- c:\windows\MEMORY.DMP
2009-07-16 20:07 <DIR> --d----- c:\users\julia\appdata\roaming\AVG8
2009-07-16 19:51 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 19:51 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-16 19:51 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-16 19:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 19:51 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-15 18:18 <DIR> --d----- c:\program files\DivX
2009-07-15 18:18 <DIR> --d----- c:\program files\common files\DivX Shared
2009-07-14 20:14 146 a------- c:\windows\WININIT.INI
2009-07-14 19:34 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-07-14 17:14 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-14 16:22 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 16:22 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 16:22 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 16:22 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-14 16:17 <DIR> --d----- c:\programdata\Roxio
2009-07-10 22:28 <DIR> --d----- c:\program files\Western Digital
2009-07-09 21:38 <DIR> --d----- c:\users\julia\appdata\roaming\.ABC
2009-07-09 21:38 <DIR> --d----- c:\program files\ABC
2009-07-09 21:35 <DIR> --d----- c:\program files\BitTorrent
2009-07-09 21:14 <DIR> --d----- c:\programdata\FLEXnet
2009-07-09 15:32 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-07-09 15:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-09 15:32 <DIR> --d----- c:\program files\iPod
2009-07-09 15:32 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-09 15:32 <DIR> --d----- c:\program files\iTunes
2009-07-09 15:32 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-09 15:32 <DIR> --d----- c:\program files\Bonjour
2009-07-09 15:31 <DIR> --d----- c:\programdata\Apple Computer
2009-07-09 15:30 <DIR> --d----- c:\programdata\Apple
2009-07-08 14:28 <DIR> --d----- c:\program files\Downloaded Programs
2009-07-08 12:15 <DIR> --d----- c:\users\julia\My Backup Files
2009-07-07 23:38 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-07 23:38 97,800 a------- c:\windows\system32\infocardapi.dll
2009-07-07 23:38 622,080 a------- c:\windows\system32\icardagt.exe
2009-07-07 23:38 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-07-07 23:38 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-07-07 23:38 11,264 a------- c:\windows\system32\icardres.dll
2009-07-07 23:37 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-07-07 23:37 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-07-07 23:33 96,760 a------- c:\windows\system32\dfshim.dll
2009-07-07 23:33 282,112 a------- c:\windows\system32\mscoree.dll
2009-07-07 23:33 41,984 a------- c:\windows\system32\netfxperf.dll
2009-07-07 23:32 158,720 a------- c:\windows\system32\mscorier.dll
2009-07-07 23:32 83,968 a------- c:\windows\system32\mscories.dll
2009-07-07 23:30 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-07-07 23:30 38,912 a------- c:\windows\system32\xolehlp.dll
2009-07-07 23:30 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-07-07 23:29 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-07-07 23:29 827,904 a------- c:\windows\system32\wininet.dll
2009-07-07 23:28 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-07-07 23:28 389,632 a------- c:\windows\system32\html.iec
2009-07-07 23:28 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-07 23:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-07 23:23 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-07-07 23:22 83,456 a------- c:\windows\system32\wudriver.dll
2009-07-07 23:22 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-07 23:22 31,232 a------- c:\windows\system32\wuapp.exe
2009-07-07 23:18 <DIR> --d----- c:\users\julia\appdata\roaming\Dell
2009-07-07 23:18 <DIR> --d----- c:\users\Julia
2009-07-07 23:14 <DIR> --dsh--- c:\programdata\Documents
2009-07-07 23:14 <DIR> --dsh--- C:\Documents and Settings

==================== Find3M ====================

2009-07-09 15:31 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-09 15:31 86,016 a------- c:\windows\inf\infstor.dat
2009-07-09 15:31 51,200 a------- c:\windows\inf\infpub.dat
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 04:59 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-29 04:57 26,112 a------- c:\windows\system32\hidserv.dll
2009-05-29 04:57 22,016 a------- c:\windows\system32\hid.dll
2009-05-29 04:56 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-05-29 04:56 468,992 a------- c:\windows\system32\newdev.dll
2009-05-29 04:56 74,752 a------- c:\windows\system32\newdev.exe
2009-05-29 04:54 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-05-29 04:54 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-05-29 04:54 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-05-29 04:54 45,056 a------- c:\windows\system32\dataclen.dll
2009-05-29 04:54 36,864 a------- c:\windows\system32\cdd.dll
2009-05-29 04:54 1,645,568 a------- c:\windows\system32\connect.dll
2009-05-29 04:53 296,960 a------- c:\windows\system32\gdi32.dll
2009-05-29 04:53 2,927,104 a------- c:\windows\explorer.exe
2009-05-29 04:52 738,304 a------- c:\windows\system32\inetcomm.dll
2009-05-29 04:52 269,312 a------- c:\windows\system32\es.dll
2009-05-29 04:51 2,048 a------- c:\windows\system32\tzres.dll
2009-05-29 04:50 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-29 04:49 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-05-29 04:48 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-29 04:46 885,248 a------- c:\windows\system32\RacEngn.dll
2009-05-29 04:46 1,314,816 a------- c:\windows\system32\quartz.dll
2009-05-29 04:46 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-05-29 04:46 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-05-29 04:46 347,648 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-05-29 04:45 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-05-29 04:45 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-05-29 04:45 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-05-29 04:43 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-29 04:43 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-05-29 04:43 2,868,736 a------- c:\windows\system32\mf.dll
2009-05-29 04:43 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-05-29 04:43 94,720 a------- c:\windows\system32\logagent.exe
2009-05-29 04:41 223,288 a------- c:\windows\system32\drivers\netio.sys
2009-05-29 04:41 28,728 -------- c:\windows\system32\drivers\msahci.sys
2009-05-29 04:41 21,560 -------- c:\windows\system32\drivers\atapi.sys
2009-05-29 04:41 320,512 a------- c:\windows\system32\imapi2.dll
2009-05-29 04:41 1,312,256 a------- c:\windows\system32\WMALFXGFXDSP.dll
2009-05-29 04:41 338,944 a------- c:\windows\system32\SysFxUI.dll
2009-05-29 04:41 167,424 a------- c:\windows\system32\drivers\portcls.sys
2009-05-29 04:41 130,048 a------- c:\windows\system32\drivers\drmk.sys
2009-05-29 04:41 5,632 a------- c:\windows\system32\drivers\drmkaud.sys
2009-05-29 04:41 177,208 a------- c:\windows\system32\halmacpi.dll
2009-05-29 04:41 141,880 a------- c:\windows\system32\halacpi.dll
2009-05-29 04:38 3,698 a------- c:\windows\system32\drivers\1028_Dell_INS_1545.mrk
2009-05-28 21:05 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-05-28 21:04 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-01 17:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 17:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 17:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 17:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 17:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-30 08:19 293,376 a------- c:\windows\system32\psisdecd.dll
2009-04-30 08:19 428,544 a------- c:\windows\system32\EncDec.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:53:03.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:45 PM

Posted 23 July 2009 - 04:43 PM

Hello elisethestranger,

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

****************


If MBAM (Malwarebytes) will not install, please rename the installer mbam-setup.exe. Example: newtoolA.exe
Proceed installing the renamed installer of MBAM.

If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtoolA.exe, double click newtoolA.exe to proceed in running a Full scan.


Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply.

Occasionally malware hides itself from HijackThis.
Navigate to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe using My Computer or Windows Explorer and right-click on the HijackThis.exe file.
Select the Rename option from the right-click menu and rename HijackThis.exe to fluffybunny.exe and press Enter
Scan with HijackThis (fluffybunny.exe) again and post a new HijackThis log.

Edited by SifuMike, 23 July 2009 - 04:48 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:45 PM

Posted 31 July 2009 - 09:04 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users