Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: New Technique Recycles Exploit Chain to Keep Antivirus Silent

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Web pages redirecting

Started by ronnell , Jul 30 2009 10:18 PM

This topic is locked

2 replies to this topic

#1 ronnell

Members
4 posts
OFFLINE

Local time:11:37 PM

Posted 30 July 2009 - 10:18 PM

DDS (Ver_09-07-30.01) - NTFSx86
Run by ron at 11:11:25.20 on Thu 07/30/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.1918.936 [GMT -4:00]

SP: Spyware Terminator *enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Rising\Rav\CCENTER.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Rising\RFW\CCENTER.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\RFW\RavTask.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Rising\RFW\RsStub.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Rising\RFW\rfwsrv.exe
C:\Program Files\Rising\Rav\RavMonD.exe
C:\Windows\Explorer.EXE
C:\Program Files\Rising\Rav\rsnetsvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Rising\Rav\ScanFrm.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Rising\Rav\RsTray.exe
C:\Program Files\Rising\RFW\RsTray.exe
C:\Program Files\Icon Remover\IconRemover.exe
C:\Program Files\CalendarPal\CalendarPal.exe
C:\Program Files\MSGTAG Status\MSGTAGStatus.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRAM FILES\POP PEEPER\POPPEEPER.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Avant Browser\avant.exe
C:\Windows\system32\Symconsent.exe
C:\Users\ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCS0IPBN\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [Icon Remover] c:\program files\icon remover\IconRemover.exe /hideapp
uRun: [CalendarPal] c:\program files\calendarpal\CalendarPal.exe -min
uRun: [MSGTAG] "c:\program files\msgtag status\MSGTAGStatus.exe" /startup
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RavTray] "c:\program files\rising\rav\RsTray.exe" -system
mRun: [RFWTray] "c:\program files\rising\rfw\RsTray.exe" -system
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoSMMyDocs = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: FilterAdministratorToken = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Dogpile Lookup - c:\program files\ab extension pack\lookup\luDogpile.htm
IE: Google Lookup - c:\program files\ab extension pack\lookup\luGoogle.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: google.com\mail
Trusted Zone: google.com\mail
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\ron\appdata\roaming\mozilla\firefox\profiles\4x5exdc3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\users\ron\appdata\roaming\mozilla\firefox\profiles\4x5exdc3.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_31.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 RsNTGDI;RsNTGDI;c:\windows\system32\drivers\RsNTGdi.sys [2009-7-29 10832]
R1 hookcont;hookcont;c:\windows\system32\drivers\HookCont.sys [2009-7-29 17520]
R1 hooksys;hooksys;c:\windows\system32\drivers\HookSys.sys [2009-7-29 192112]
R1 RfwBase9;Rising RfwBase Driver;c:\windows\system32\drivers\rfwbase.sys [2009-7-29 15984]
R1 rsfwdrv;rsfwdrv;c:\program files\rising\rfw\rsfwdrv.sys [2009-7-29 42992]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-7-29 142592]
R2 RavTask;Rising RavTask Manager;c:\program files\rising\rav\RavTask.exe [2009-7-29 129648]
R2 RfwTask;Rising RfwTask Manager;c:\program files\rising\rfw\RavTask.exe [2009-7-29 129648]
R2 rfwtdi;rfwtdi;c:\program files\rising\rfw\rfwtdi.sys [2009-7-29 16496]
R2 SymAFR;SymAFR;c:\windows\system32\drivers\SymAFR.sys [2009-5-28 15408]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S2 RavCCenter;Rav Process Communication Center;c:\program files\rising\rav\CCenter.exe [2009-7-29 113264]
S2 RfwCCenter;Rfw Process Communication Center;c:\program files\rising\rfw\CCenter.exe [2009-7-29 113264]
S2 RfwService;Rising Personal Firewall Service;c:\program files\rising\rfw\RfwSrv.exe [2009-7-29 130496]
S2 RsRavMon;Rising RealTime Monitor;c:\program files\rising\rav\RavMonD.exe [2009-7-29 262336]
S2 RsScanSrv;Rising Scan Service;c:\program files\rising\rav\ScanFrm.exe [2009-7-29 51824]

=============== Created Last 30 ================

2009-07-30 03:30 9,216 a------- c:\windows\system32\ffnd.exe
2009-07-30 03:23 57,344 a------- c:\windows\system32\drivers\mdmxsdk.dll
2009-07-30 03:10 <DIR> --d----- c:\program files\FreeFixer
2009-07-30 02:46 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-29 07:11 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-07-29 07:11 <DIR> --d----- c:\users\ron\appdata\roaming\Spyware Terminator
2009-07-29 07:11 <DIR> --d----- c:\programdata\Spyware Terminator
2009-07-29 07:11 <DIR> --d----- c:\progra~2\Spyware Terminator
2009-07-29 07:11 <DIR> --d----- c:\program files\Spyware Terminator
2009-07-29 01:55 15,984 a------- c:\windows\system32\drivers\rfwbase.sys
2009-07-29 01:38 122 a------- c:\windows\system32\BsMain.ini
2009-07-29 01:37 238,704 a------- c:\windows\system32\bsmain.exe
2009-07-29 01:37 146,032 a------- c:\windows\system32\RavExt.dll
2009-07-29 01:37 34,160 a------- c:\windows\system32\drivers\HookHelp.sys
2009-07-29 01:37 17,520 a------- c:\windows\system32\drivers\HookCont.sys
2009-07-29 01:37 10,832 a------- c:\windows\system32\drivers\RsNTGdi.sys
2009-07-29 01:37 192,112 -------- c:\windows\system32\drivers\HookSys.sys
2009-07-28 21:06 691 a------- c:\users\ron\appdata\roaming\GetValue.vbs
2009-07-28 21:06 35 a------- c:\users\ron\appdata\roaming\SetValue.bat
2009-07-28 18:53 <DIR> --d----- c:\programdata\Comodo
2009-07-28 18:53 <DIR> --d----- c:\progra~2\Comodo
2009-07-28 13:36 <DIR> --d----- c:\programdata\WEBREG
2009-07-28 13:36 <DIR> --d----- c:\progra~2\WEBREG
2009-07-28 13:12 <DIR> --d----- c:\program files\HP
2009-07-28 13:11 166,344 a------- c:\windows\hphins25.dat
2009-07-28 11:23 <DIR> --d----- c:\program files\TrojanHunter 5.0
2009-07-28 11:04 <DIR> --d----- c:\users\ron\appdata\roaming\TrojanHunter
2009-07-28 07:56 219,648 a------- c:\windows\PEV.exe
2009-07-27 21:15 <DIR> --d----- c:\windows\$regcmp$
2009-07-27 20:32 <DIR> --d----- c:\users\ron\appdata\roaming\IObit
2009-07-27 20:32 <DIR> --d----- c:\program files\IObit
2009-07-26 11:29 <DIR> --d----- c:\users\ron\appdata\roaming\MusicNet
2009-07-26 11:26 483,328 a------- c:\windows\system32\actskn45.ocx
2009-07-26 11:08 4 a------- c:\users\ron\appdata\roaming\NP.sys
2009-07-26 11:07 412,160 a------- c:\windows\fvcfd6811.exe
2009-07-26 11:07 219 a------- c:\windows\system32\winset.ini
2009-07-25 21:34 40,960 a------- c:\windows\system32\ssubtmr6.dll
2009-07-25 21:34 167,683 a------- c:\windows\system32\COMCT232.OCX
2009-07-25 07:22 <DIR> --d----- c:\windows\system32\wbem\repository
2009-07-24 21:57 <DIR> --d----- c:\programdata\Innovative Solutions
2009-07-24 21:57 <DIR> --d----- c:\progra~2\Innovative Solutions
2009-07-24 08:36 75,776 a------- c:\windows\cadkasdeinst01e.exe
2009-07-24 08:36 <DIR> --d----- c:\program files\PDF to Word 3
2009-07-21 07:20 <DIR> --d----- c:\program files\Clone Terminator
2009-07-17 21:59 <DIR> --d----- c:\users\ron\appdata\roaming\MozillaControl
2009-07-17 21:34 <DIR> --d----- c:\users\ron\appdata\roaming\Lunascape
2009-07-15 14:38 <DIR> --d----- c:\users\ron\appdata\roaming\ieSpell
2009-07-14 18:48 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 18:48 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 18:48 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 18:48 23,552 a------- c:\windows\system32\lpk.dll
2009-07-14 18:48 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-12 11:50 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-12 11:40 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-07-11 18:41 <DIR> --d----- c:\program files\Scanitto Pro
2009-07-11 14:51 <DIR> --d----- c:\programdata\SSScanAppDataDir
2009-07-11 14:51 <DIR> --d----- c:\progra~2\SSScanAppDataDir
2009-07-11 14:51 <DIR> --d----- c:\programdata\MSScanAppDataDir
2009-07-11 14:51 <DIR> --d----- c:\progra~2\MSScanAppDataDir
2009-07-11 07:35 <DIR> --d----- c:\programdata\ArcSoft
2009-07-11 07:35 <DIR> --d----- c:\progra~2\ArcSoft
2009-07-11 07:35 11,776 a------- c:\windows\system32\drivers\afc.sys
2009-07-09 16:14 108 a------- c:\windows\RFW.inf
2009-07-09 16:14 25 a------- c:\windows\RFW.ini
2009-07-08 14:45 269,312 a------- c:\windows\uninst.exe
2009-07-08 14:42 67 a------- c:\windows\OREGON.INI
2009-07-08 14:28 <DIR> --d----- c:\users\ron\appdata\roaming\BitTorrent
2009-07-07 09:18 132 ---shr-- C:\rising.ini
2009-07-07 09:18 191 a------- c:\windows\Rav.inf
2009-07-07 09:18 25 a------- c:\windows\Rav.ini
2009-07-05 10:23 45,056 a------- c:\users\ron\appdata\roaming\.v4.3.0.0.Build.1-RES-patch.exe
2009-07-05 10:23 <DIR> --d----- c:\program files\AudioLabel
2009-07-05 10:23 6,281,703 a------- c:\users\ron\appdata\roaming\AudioLabel.exe

==================== Find3M ====================

2009-07-29 01:55 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-29 01:55 51,200 a------- c:\windows\inf\infpub.dat
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-09 16:15 86,016 a------- c:\windows\inf\infstor.dat
2009-06-23 10:59 1,371,632 a------- c:\users\ron\appdata\roaming\file1.exe
2009-06-22 13:18 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-06-22 10:26 692,224 a------- c:\windows\system32\bsrmgcv.dll
2009-06-22 10:26 192,512 a------- c:\windows\system32\bsrmgps.dll
2009-06-22 10:25 585,728 a------- c:\windows\system32\bsratswf.dll
2009-06-22 10:25 147,456 a------- c:\windows\system32\bsratwmv.dll
2009-06-14 07:49 1,474,832 a------- c:\windows\system32\drivers\sfi.dat
2009-06-12 20:56 0 a------- c:\users\ron\appdata\roaming\wklnhst.dat
2009-06-03 10:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-30 18:20 72,748 a------- c:\windows\unins000.exe
2009-05-29 10:19 218,048 a------- c:\windows\system32\sfi.dat
2009-05-29 09:47 68,640 a------- c:\windows\system32\inspect.sys
2009-05-29 06:56 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-29 00:00 174 a--sh--- c:\program files\desktop.ini
2009-05-28 23:38 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-05-28 23:37 82,432 a------- c:\windows\system32\axaltocm.dll
2009-05-28 22:03 272,896 a------- c:\windows\system32\polstore.dll
2009-05-28 22:03 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-28 21:32 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-05-28 21:29 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-28 20:56 1,965,056 a------- c:\windows\system32\NlsData001b.dll
2009-05-28 20:46 9,728 a------- c:\windows\system32\lsass.exe
2009-05-28 20:39 37,888 a------- c:\windows\system32\printcom.dll
2009-05-28 20:38 14,848 a------- c:\windows\system32\wshrm.dll
2009-05-28 20:37 786,944 a------- c:\windows\system32\Symconsent.exe
2009-05-28 20:37 15,408 a------- c:\windows\system32\SymAFR.sys
2009-05-28 17:09 41,984 a------- c:\windows\system32\netfxperf.dll
2009-05-28 16:51 84,480 a------- c:\windows\system32\INETRES.dll
2009-05-28 16:39 2,048 a------- c:\windows\system32\msxml6r.dll
2009-05-28 15:54 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-05-28 15:53 83,456 a------- c:\windows\system32\wudriver.dll
2009-05-28 15:51 162,064 a------- c:\windows\system32\wuwebv.dll
2009-05-28 15:51 31,232 a------- c:\windows\system32\wuapp.exe
2009-05-26 13:20 40,160 a------- c:\windows\system32\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\mbam.sys
2009-05-14 17:55 245,408 a------- c:\windows\system32\unicows.dll
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-07-30 20:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-30 20:49 81,920 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-30 20:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-30 20:49 245,760 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 11:13:50.32 ===============

Attached Files

Attach.txt 17.26KB 0 downloads

Windows Vista Ultimate Sp2, Avant Browser, IE 7, 2 GB Ram, DSL,
500g HD, Rising Antivirus, Windows Firewall with Advanced Security,Spywareblaster, WinPatrol Plus, SuperAntiSpyware Pro, Malwarebytes' Anti-Malware

"Worry about nothing, Pray about anything and Thank God for everything"

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 thcbytes

Malware Response Team
14,790 posts
OFFLINE

Gender:Male
Local time:10:37 PM

Posted 09 August 2009 - 08:33 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

Back to top

#3 Orange Blossom

OBleepin Investigator

Moderator
37,009 posts
ONLINE

Gender:Not Telling
Location:Bloomington, IN
Local time:11:37 PM

Posted 17 August 2009 - 03:20 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :thumbup2: