Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Overclick.cn hijacked search engines


  • Please log in to reply
1 reply to this topic

#1 supernaturalfan

supernaturalfan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 25 July 2009 - 08:45 PM

Hi there,

Today my internet browsers (I use IE and Firefox) were hijacked by overclick.cn. I couldn't open any links from search engines (e.g. google) but it would redirect me to random unsafe sites.

I also had sdr64.exe and was being driven mad by Winpatrol continually asking me if I would allow it to install on restart. I just couldn't find the blasted file to stop the message. This little b....er was also deactivating my firewall!

Anyway, I ran scans with Malwarebytes, Spyware Doctor, Superantispyware, Lavasoft and AVG 8.5. Several hours and reboots later I seemed to have gotten rid of sdr64.exe, well at least the scans were not finding it anymore and Winpatrol stopped with the messages.

No amount of scans though would fix the overclick.cn problem. So I used Combofix. I followed bleepingcomputer instructions to the letter and can post the log file if wanted (it says not to in the forum guidelines unless asked). Combofix did it's thing and now my search engines appears to be working. Don't understand Combofix but it appeared to find some things in my system32 folder with odd names like vsfoceuwojdben.dll.

Did another spyware doctor intelliscan and it picked up a few problems related to Combofix (I think?). They were fixed ok with no reboot required and now spyware doctor and malwarebytes coming up clean whereas before they were find loads of stuff and didn't seem able to remove.

However, despite it appearing OK now, it says on guide to get the opinion of an expert on whether or not the problem is really fixed. I'm no expert, I'm just okay at googling and following instructions :thumbup2: Please see my DDS log below. I also have HJT installed but haven't done anything with it and as I say I can post the Combofix logfile if needed.

Thanks in advance!


DDS (Ver_09-06-26.01) - NTFSx86
Run by supernaturalfan at 2:26:03.73 on 2009-07-26
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.859 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Nokia\Nokia PC Suite 7\CommunicationCentre.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\supernaturalfan\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.com/en/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Switcher.exe] "c:\program files\sony\wireless switch setting utility\Switcher.exe"
mRun: [AppMon Utility] "c:\program files\sony\appmonutil\AppMonUtility.exe" @@@Start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [WinPatrol] "c:\program files\billp studios\winpatrol\winpatrol.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
IE: Add RSS Support Site to VAIO Information FLOW - c:\program files\sony\vaio information flow\aiesc.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
Trusted Zone: ewido.net\www
Trusted Zone: halfpriceperfumes.co.uk\www
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: macromedia.com\www
Trusted Zone: open.ac.uk
Trusted Zone: orange.co.uk
Trusted Zone: quidco.com
Trusted Zone: quidco.com\www
Trusted Zone: shockwave.com\sdc
Trusted Zone: sony.co.uk\support.vaio
Trusted Zone: wanadoo.co.uk
DPF: Microsoft XML Parser for Java
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236619081750
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236619070500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
TCP: {631979AA-3057-4CE4-B077-8B588FFD6088} = 194.72.9.38,194.74.65.68
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\supernaturalfanz~1\applic~1\mozilla\firefox\profiles\vrczb8z1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php#/profile.php?id=1066148316&ref=profile
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-7-25 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-31 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-31 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-31 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-31 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-13 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-13 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-31 298776]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2006-9-20 5376]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-31 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-5-31 1095560]
R3 5U870CAP_VID_1262&PID_25FD;Sony Visual Communication Camera VGP-VCC2 ;c:\windows\system32\drivers\5U870CAP.sys [2006-8-18 75264]
R3 AVerM115S;AVerM115S service;c:\windows\system32\drivers\AVerM115S.sys [2006-8-18 754688]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-9-3 38160]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-13 7408]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-8-18 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-8-18 812544]
S2 iape;iape; [x]
S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [2008-4-4 99248]
S2 SPSS Persistence Monitor;SPSS Persistence Monitor; [x]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-7-30 768256]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [2008-7-17 1830912]
S3 PortDRv;PST Port I/O Driver;c:\windows\system32\drivers\PortDRv.sys [2008-2-1 7168]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 SRBoxDRv;PST Serial Response Box Driver;c:\windows\system32\drivers\SRBoxDRv.sys [2008-2-1 14848]
S4 ccEvtMgr;Symantec Event Manager; [x]
S4 ccProxy;Symantec Network Proxy; [x]
S4 ccSetMgr;Symantec Settings Manager; [x]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-1-22 79360]
S4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
S4 Symantec Core LC;Symantec Core LC; [x]

=============== Created Last 30 ================

2009-07-26 01:46 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-26 01:27 219,648 a------- c:\windows\PEV.exe
2009-07-25 17:45 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-07-25 17:17 <DIR> --d----- c:\docume~1\supernaturalfanz~1\applic~1\Avant Profiles
2009-07-25 17:17 <DIR> --d----- c:\program files\Avant Browser
2009-07-20 06:13 <DIR> --d----- c:\docume~1\supernaturalfanz~1\applic~1\Nokia Ovi Suite
2009-07-20 06:01 <DIR> --d----- c:\program files\common files\PCSuite
2009-07-20 05:57 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-20 05:57 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-07-20 05:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OviInstallerCache
2009-07-18 19:59 21 a------- c:\windows\system32\fesuib
2009-07-18 19:58 <DIR> --d----- c:\program files\MB Free Feng Shui Bagua
2009-07-17 19:59 7,808 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-07-17 19:59 7,808 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-07-17 19:59 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys
2009-07-17 19:59 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-07-17 19:59 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2009-07-17 19:59 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
2009-07-17 05:19 <DIR> --d----- c:\program files\FengShui
2009-07-17 05:19 249,856 -------- c:\windows\Setup1.exe
2009-07-17 05:19 73,216 a------- c:\windows\ST6UNST.EXE
2009-07-16 02:10 687,104 a------- c:\windows\is-O73LI.exe
2009-07-16 02:10 10,498 a------- c:\windows\is-O73LI.msg
2009-07-16 02:10 460 a------- c:\windows\is-O73LI.lst
2009-07-14 19:08 <DIR> --d----- C:\SWSetup
2009-07-06 21:17 <DIR> --d----- c:\program files\MagicISO
2009-07-06 06:11 <DIR> --d----- C:\01 poster
2009-07-06 06:11 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner
2009-07-04 22:04 <DIR> --d----- c:\program files\XVid;-)
2009-07-04 21:39 <DIR> --d----- c:\program files\Xvid
2009-07-04 10:00 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2009-06-28 01:15 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-06-28 01:04 <DIR> --d----- c:\program files\common files\Nokia
2009-06-26 18:03 389,180 a------- c:\windows\system32\UCS32P.DLL
2009-06-26 18:03 339,968 a------- c:\windows\system32\N067UFW.DLL
2009-06-26 18:03 36,864 a------- c:\windows\system32\CNQU70.DLL
2009-06-26 18:00 <DIR> --d----- c:\program files\Canon

==================== Find3M ====================

2009-07-19 09:55 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-27 16:29 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-07 16:24 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-06-07 16:16 819,200 a------- c:\windows\system32\xvidcore.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 13:30 30,056 a------- c:\windows\system32\unins000.dat
2009-06-03 13:28 684,636 a------- c:\windows\system32\unins000.exe
2009-05-31 18:10 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-11 12:47 1,302,600 a------- c:\windows\system32\WUDFUpdate_01007.dll
2009-05-09 01:14 1,418,120 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:55 78,336 a------- c:\windows\system32\ieencode.dll
2007-01-01 14:10 0 a------- c:\docume~1\supernaturalfanz~1\applic~1\wklnhst.dat
2001-09-28 17:00 243,200 a------- c:\program files\UNWISE.EXE
2008-09-03 15:29 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 2:28:17.39 ===============

Attached Files


Edited by supernaturalfan, 25 July 2009 - 08:45 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:14 AM

Posted 04 August 2009 - 08:53 PM

Hello supernaturalfan

Welcome to Welcome to BleepingComputer :thumbup2:
=====================
Your logs look clean to me are you having any issues?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users