Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious results list in Google Search - possible malware infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 mobits

mobits

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 19 October 2009 - 05:28 PM

Two days ago, my pc was severely infected with malware. I ran Malwarebytes, CCleaner, and Ad-Aware multiple times, and these tools removed quite a bit of malware. However, my Google search results still seem to be affected by something. If I go to Google.com and attempt a search, my search result list is filled with what looks like advertisement links. If I perform the exact same search via the Google toolbar, I get an accurate search result list. So, apparently this is only happening when I perform a search on the Google site.

Any help you can provide in getting this corrected would be appreciated. Thanks in advance!

DDS log below:, and Attach.txt and Ark.txt logs also attached. Also attaching Hijackthis.log.

DDS (Ver_09-10-13.01) - NTFSx86
Run by dzavala at 16:59:24.01 on Mon 10/19/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.222 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\quovadx\qdx5.7\integrator\clgui\bin\hcihostserver.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dzavala\Local Settings\Temporary Internet Files\Content.IE5\3S3QY2VG\dds[1].scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Healthvision Inc.
uInternet Connection Wizard,ShellNext = iexplore
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - No File
TB: {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [ControlCenter] "c:\program files\ibm fingerprint software\ctlcntr.exe" /startup
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [IBMPRC] c:\ibmtools\utils\ibmprc.exe
mRun: [QCTRAY] c:\program files\thinkpad\connectutilities\QCTRAY.EXE
mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [PDFCreatorClient] c:\program files\jawssystems\jaws pdf creator\PDFClient.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "z:\itunes\iTunesHelper.exe"
mRun: [Egejibewereco] rundll32.exe "c:\windows\eninurifucip.dll",Startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{8a3a2363-2129-43fb-8dfc-f237da58038c}\Icon3E5562ED7.ico
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: {65166E85-5EF1-48B2-A78F-854C77277E7F} - c:\program files\freshdevices\freshdownload\fd.exe
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\lsp.dll
Trusted Zone: healthvision.com
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {571CB303-4267-4D92-B45C-9B79ACC18632} - hxxp://potplayer.daum.net/PotPlayer/v2/PotWeb.cab
DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} - file:///D:/vwr_data/WebVwr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8C8F8116-DB12-426A-BDDB-45CF8E662140} - hxxps://pacs.uhs.org/hrs/download/Setup.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://irvmisapp29/qcbin/Spider91.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://healthvision.webex.com/client/upgradeserver/client/ptool/T26L10NSP49EP17-3538/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {BAC2335F-E082-4D02-BAAA-B5276A15442D} = 10.20.30.70,10.20.30.68
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: psfus - c:\program files\ibm fingerprint software\psfus.dll
Notify: QConGina - QConGina.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: dubahoreh - {32ac93ac-c67b-4a38-b189-010f8ccdadd8} - No File
STS: {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - No File
STS: {32ac93ac-c67b-4a38-b189-010f8ccdadd8} - No File
LSA: Notification Packages = scecli pwdmon tihunedo.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: XULRunner: {BF13AFBC-3B77-4690-805D-B9C45A5E04F3} - c:\documents and settings\dzavala\local settings\application data\{BF13AFBC-3B77-4690-805D-B9C45A5E04F3}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-19 64288]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2009-1-3 59776]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2009-1-3 14208]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2009-1-3 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2009-1-3 2432]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2009-1-3 4608]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2009-1-3 4442]
R2 CLOVERLEAF® Integration Services 57;CLOVERLEAF® Integration Services 57;c:\quovadx\qdx5.7\integrator\bin\hciservice57.exe [2009-7-24 36864]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2005-4-27 63616]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1170768]
R2 SmiHlp;SMI helper driver;c:\program files\ibm fingerprint software\smihlp.sys [2005-4-12 3328]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2009-1-3 6016]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1980-1-1 14336]
S2 MPINETBOOTCAMP;Initiate Master Data Engine 8.5.0 Bootcamp;c:\mpi\project\bootcamp\inst\mpinet_bootcamp\conf\mpinet_bootcamp.exe -s c:\mpi\project\bootcamp\inst\mpinet_bootcamp\conf\wrapper.conf --> c:\mpi\project\bootcamp\inst\mpinet_bootcamp\conf\mpinet_bootcamp.exe -s c:\mpi\project\bootcamp\inst\mpinet_bootcamp\conf\wrapper.conf [?]
S2 ouqdbura;Digital CD Audio Playback Filter Monitor;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
S2 wunlusqv;wunlusqv;\??\c:\windows\system32\drivers\qzhgunmp.sys --> c:\windows\system32\drivers\qzhgunmp.sys [?]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2009-1-3 12288]
S3 Tomcat6;Apache Tomcat;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2008-7-21 57344]

=============== Created Last 30 ================

2009-10-19 16:38 <DIR> --d----- c:\program files\Trend Micro
2009-10-19 16:37 812,344 a------- C:\HijackThisInstaller.exe
2009-10-19 16:10 15,688 a------- c:\windows\system32\lsdelete.exe
2009-10-19 15:05 64,288 a------- c:\windows\system32\drivers\Lbd.sys
2009-10-19 14:56 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-19 14:56 <DIR> --d----- c:\program files\Lavasoft
2009-10-19 14:47 77,086,488 a------- C:\Ad-AwareInstallation.exe
2009-10-19 09:05 <DIR> --dsh--- c:\documents and settings\dzavala\IECompatCache
2009-10-19 09:05 2,348,928 a------- C:\D.exe
2009-10-19 09:00 100,352 -------- c:\windows\system32\dllcache\iecompat.dll
2009-10-19 03:08 <DIR> --d----- c:\windows\ie8updates
2009-10-19 01:45 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-10-19 01:45 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-10-19 01:05 <DIR> -cd-h--- c:\windows\ie8
2009-10-19 01:02 16,883,056 a------- C:\IE8-WindowsXP-x86-ENU.exe
2009-10-18 23:59 4,076,049 a------- C:\FileZilla_3.2.8.1_win32-setup.exe
2009-10-18 21:09 <DIR> --d----- c:\program files\xjquov
2009-10-18 00:11 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 00:11 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-18 00:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-17 18:45 0 a------- c:\windows\Kmutilaweti.bin
2009-10-17 18:45 120 a------- c:\windows\Jqamuvasa.dat
2009-10-16 08:52 178,432 a------- c:\windows\system32\lsp.dll
2009-10-16 08:47 <DIR> --d----- c:\program files\oplewi
2009-10-15 15:07 1,435,648 -------- c:\windows\system32\dllcache\query.dll
2009-10-15 15:07 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-10-06 21:28 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-25 01:05 17,771 a------- c:\docume~1\dzavala\applic~1\akonoxago.sys
2009-09-25 01:05 14,295 a------- c:\docume~1\alluse~1\applic~1\fovewalu.vbs
2009-09-25 01:05 13,462 a------- c:\docume~1\dzavala\applic~1\miniloxivy.vbs
2009-09-25 01:05 13,424 a------- c:\windows\ryhova.reg
2009-09-25 01:05 11,023 a------- c:\windows\vewixy.reg
2009-09-24 15:36 <DIR> --d----- c:\program files\iPod
2009-09-24 15:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-24 15:18 <DIR> --d----- c:\program files\iPhone Configuration Utility
2009-09-24 00:08 <DIR> --d----- c:\documents and settings\dzavala\logitech
2009-09-24 00:07 <DIR> --d----- c:\program files\common files\Remote Control Software Common
2009-09-24 00:07 <DIR> --d----- c:\program files\common files\Remote Control USB Driver
2009-09-24 00:07 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe

==================== Find3M ====================

2009-10-17 19:30 4,045,528 a------- C:\mbam-setup.exe
2009-09-10 11:21 8,520 a------- c:\windows\system32\ractrlkeyhook.dll
2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-02 15:30 4,076,719 a------- C:\FileZilla_3.2.7.1_win32-setup.exe
2009-08-29 23:08 94,208 a------- c:\windows\system32\ScrUnZip.dll
2009-08-29 03:08 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-08-29 03:08 916,480 a------- c:\windows\system32\wininet.dll
2009-08-29 03:08 916,480 a------- c:\windows\system32\dllcache\wininet.dll
2009-08-29 03:08 5,940,224 a------- c:\windows\system32\dllcache\mshtml.dll
2009-08-29 03:08 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-08-29 03:08 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-08-29 03:08 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-08-29 03:08 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-29 03:08 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-08-29 03:08 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-08-29 03:08 11,069,440 a------- c:\windows\system32\dllcache\ieframe.dll
2009-08-29 03:08 387,584 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-08-29 02:36 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 05:35 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 05:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 03:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-13 14:07 4,077,360 a------- C:\FileZilla_3.2.7_win32-setup.exe
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 10:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 09:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 09:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 09:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-23 10:05 0 a------- C:\FileZilla_3.2.6.1_win32-setup.exe
2009-05-19 13:28 60,744 a------- c:\documents and settings\dzavala\g2mdlhlpx.exe
2009-01-03 10:18 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010320090104\index.dat

============= FINISH: 17:00:31.29 ===============

Attached Files


Edited by mobits, 19 October 2009 - 06:31 PM.


BC AdBot (Login to Remove)

 


#2 mobits

mobits
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 20 October 2009 - 02:29 PM

I just updated my Malwarebytes and ran a Full Scan, and it found the Browser Hijacker trojan and successfully removed it.

I restarted my computer and it looks like things are all cleared up.

Thanks!

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 20 October 2009 - 05:18 PM

Thanks for letting us know mobits. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users