Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloader and tracking cookies intrusions


  • This topic is locked This topic is locked
2 replies to this topic

#1 cn_habs

cn_habs

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 26 October 2009 - 11:43 PM

Hello everyone,

Although I use ABlock Plus and Non-Script with Firefox, NIS 2009 still had to block some downloader a couple of days ago and some malicious tracking cookies were also found. IObit Security 360 found 2 other tracking cookies that NIS 2009 had omitted. After MBT, SuperAntispyware and a couple of others rootkit detectors, my system appeared to be clean again.

I use online banking very often and Ebay once in a while. So please take a look at the following log. RootRepeal apparently doesn't support 64bit Vista OS sorry I couldn't run it. Sorry about that.


-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_09-10-26.01) - NTFSX64
Run by HW at 0:29:47.86 on 27/10/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.4021.2323 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~2\Stardock\OBJECT~1\OBJECT~1.EXE
C:\PROGRA~2\Stardock\OBJECT~1\Dock64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\SysWOW64\conime.exe
C:\Users\HW\Desktop\dds(2).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.theweathernetwork.com/weather/caon0696
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\16.7.2.11\coIEPlg.dll
mRun: [IObit Security 360] "c:\program files (x86)\iobit\iobit security 360\IS360tray.exe"
StartupFolder: c:\users\hw\appdata\roaming\micros~1\windows\startm~1\programs\startup\rmclock.lnk - c:\program files (x86)\rmclock\RMClockLauncher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files (x86)\norton internet security\engine\16.7.2.11\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd c:\program files\thinkvantage fingerprint software\psqlpwd.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun-x64: [TpShocks] TpShocks.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\hw\appdata\roaming\mozilla\firefox\profiles\6t22csxd.default\
FF - prefs.js: browser.startup.homepage - wsj.com
FF - prefs.js: network.proxy.ftp - 168.10.168.61
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 168.10.168.61
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 168.10.168.61
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\hw\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections-per-server - 8

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX64.sys [2009-3-4 133672]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1007020.00b\SymEFA64.sys [2009-9-22 402992]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM64.sys [2009-3-4 23592]
R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\nisx64\1007020.00b\BHDrvx64.sys [2009-9-22 334384]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1007020.00b\cchpx64.sys [2009-9-22 583296]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091021.001\IDSviA64.sys [2009-10-22 466480]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiifx64.sys [2008-5-12 15400]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWR64V.SYS [2009-9-21 13104]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-9-22 117640]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\thinkpad\utilities\PWMDBSVC.exe [2009-9-21 75040]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 13840]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-10-24 62320]
R2 TVicPort64;TVicPort64;c:\windows\system32\drivers\TVicPort64.sys [2009-10-3 16080]
R2 UpekSrvc;Upek Service;c:\program files\thinkvantage fingerprint software\upeksrvc.exe [2009-5-21 54536]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2007-11-1 293376]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nisx64\1007020.00b\symndisv.sys [2009-9-22 56880]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-10-12 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
S2 IS360service;IS360service;c:\program files (x86)\iobit\iobit security 360\is360srv.exe [2009-10-26 309008]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-7-3 45424]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-21 89920]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-10-29 19968]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-10-12 7408]
S3 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-9-21 842056]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-10-27 02:53:48 0 d-----w- c:\program files (x86)\Trend Micro
2009-10-26 07:37:52 15 ----a-w- c:\windows\ASSE.dat
2009-10-26 05:54:47 0 dc-h--w- c:\programdata\~0
2009-10-26 05:54:09 0 d-----w- c:\programdata\Lavasoft
2009-10-26 05:49:36 0 d-----w- c:\programdata\IObit
2009-10-26 05:45:33 0 d-----w- c:\users\hw\Pavark
2009-10-25 15:35:48 0 d-----w- C:\237
2009-10-25 08:58:06 0 d-----w- c:\program files (x86)\Songbird
2009-10-23 06:23:39 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-10-23 06:23:39 149280 ----a-w- c:\windows\syswow64\javaws.exe
2009-10-23 06:23:38 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-10-23 06:23:38 145184 ----a-w- c:\windows\syswow64\java.exe
2009-10-23 06:14:44 0 d---a-w- c:\programdata\TEMP
2009-10-23 06:14:34 0 d-----w- c:\program files (x86)\SpywareBlaster
2009-10-23 03:43:58 0 d-----w- c:\users\hw\DoctorWeb
2009-10-23 03:26:48 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-23 03:25:36 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2009-10-22 21:31:50 0 d-sh--w- C:\Diskeeper
2009-10-22 20:55:13 0 d-----w- c:\programdata\Diskeeper Corporation
2009-10-22 20:55:12 0 d-----w- c:\program files\Diskeeper Corporation
2009-10-22 20:37:51 0 d-----w- c:\users\hw\appdata\roaming\GlarySoft
2009-10-22 20:31:46 0 d-----w- c:\program files (x86)\Glary Utilities
2009-10-22 20:06:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-10-22 19:58:41 0 d-----w- C:\SWTOOLS
2009-10-22 18:40:32 0 d-----w- c:\users\hw\appdata\roaming\IObit
2009-10-22 18:40:31 0 d-----w- c:\program files (x86)\IObit
2009-10-18 21:54:14 0 d-----w- c:\users\hw\appdata\roaming\AutoHideIP
2009-10-18 21:54:14 0 d-----w- c:\programdata\AutoHideIP
2009-10-18 14:00:05 0 d-----w- c:\users\hw\appdata\roaming\Foxit Software
2009-10-17 04:34:01 0 d-----w- c:\users\hw\appdata\roaming\PrimoPDF
2009-10-17 04:30:30 90624 ----a-w- c:\windows\system32\Primomonnt.dll
2009-10-16 01:43:51 4698168 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 01:39:13 269312 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 01:39:13 218624 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-10-16 01:39:09 174592 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 01:39:02 82944 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 01:39:02 60928 ----a-w- c:\windows\syswow64\msasn1.dll
2009-10-13 23:59:22 2146304 ----a-w- c:\windows\syswow64\GPhotos.scr
2009-10-13 04:12:41 0 d-----w- c:\users\hw\appdata\roaming\Hide IP NG
2009-10-13 01:40:10 0 d-----w- c:\users\hw\appdata\roaming\AVS4YOU
2009-10-13 01:39:17 0 d-----w- c:\program files (x86)\common files\AVSMedia
2009-10-13 01:39:14 24576 ----a-w- c:\windows\syswow64\msxml3a.dll
2009-10-13 01:39:14 1700352 ----a-w- c:\windows\syswow64\GdiPlus.dll
2009-10-13 01:29:22 0 d-----w- c:\users\hw\appdata\roaming\Any Video Converter
2009-10-06 16:03:04 2621440 ----a-w- c:\windows\system32\wucltux.dll
2009-10-06 16:02:23 98816 ----a-w- c:\windows\system32\wudriver.dll
2009-10-06 16:02:23 87552 ----a-w- c:\windows\syswow64\wudriver.dll
2009-10-06 16:02:23 575704 ----a-w- c:\windows\syswow64\wuapi.dll
2009-10-06 16:02:23 35552 ----a-w- c:\windows\syswow64\wups.dll
2009-10-06 16:02:10 36864 ----a-w- c:\windows\system32\wuapp.exe
2009-10-06 16:02:10 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2009-10-06 16:02:10 185416 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-06 16:02:10 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2009-10-06 03:36:21 0 d-----w- c:\users\hw\appdata\roaming\AeroSnapApp
2009-10-03 04:07:31 0 d-----w- c:\windows\pss
2009-10-03 04:04:17 0 d-----w- c:\program files\TPFanControl
2009-10-03 04:00:31 53248 ----a-w- c:\windows\system\TVicPort.dll
2009-10-03 04:00:31 16080 ----a-w- c:\windows\system32\drivers\TVicPort64.sys
2009-10-01 02:46:30 0 d-----w- c:\users\hw\appdata\roaming\PPStream
2009-09-30 19:21:41 0 d-----w- c:\users\hw\appdata\roaming\SUPERAntiSpyware.com
2009-09-30 19:21:41 0 d-----w- c:\program files (x86)\SUPERAntiSpyware
2009-09-30 19:16:34 0 d-----w- c:\users\hw\appdata\roaming\Malwarebytes
2009-09-30 19:16:22 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-30 19:16:22 0 d-----w- c:\programdata\Malwarebytes
2009-09-30 19:16:22 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2009-09-30 16:33:39 0 d-----w- c:\users\hw\appdata\roaming\CCTV
2009-09-28 01:17:40 0 d-----w- c:\programdata\Macrium

==================== Find3M ====================

2009-10-24 18:12:55 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-24 18:12:55 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-24 18:12:49 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-22 21:56:00 855 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2009-09-22 21:56:00 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2009-09-22 21:56:00 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2009-09-21 20:18:32 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-21 20:11:04 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-21 04:27:59 842056 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-21 04:27:50 506696 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-21 02:23:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-09-21 01:29:57 174 --sha-w- c:\program files\desktop.ini
2009-09-21 01:29:57 174 --sha-w- c:\program files (x86)\desktop.ini
2009-09-21 01:27:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-09 07:05:00 13104 ----a-w- c:\windows\system32\drivers\TPPWR64V.SYS
2009-09-09 07:05:00 120096 ------w- c:\windows\PWMBTHLV.EXE
2009-08-29 02:42:33 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-29 00:50:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2009-08-27 05:52:18 1147904 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:47:24 132096 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:47:23 77312 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\syswow64\wininet.dll
2009-08-27 05:22:15 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2009-08-27 05:20:52 206848 ----a-w- c:\windows\syswow64\occache.dll
2009-08-27 05:18:40 5940224 ----a-w- c:\windows\syswow64\mshtml.dll
2009-08-27 05:18:37 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-08-27 05:18:37 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-08-27 05:18:00 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2009-08-27 05:17:43 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2009-08-27 05:17:43 164352 ----a-w- c:\windows\syswow64\ieui.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2009-08-27 05:17:42 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2009-08-27 05:17:42 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2009-08-27 05:17:41 11069440 ----a-w- c:\windows\syswow64\ieframe.dll
2009-08-27 05:17:35 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-08-27 04:10:33 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 03:42:29 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-08-27 03:42:23 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2009-08-27 03:41:45 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-08-24 17:43:54 45856 ----a-w- c:\windows\system32\ibmpmsvc.exe
2009-08-24 17:43:54 38688 ----a-w- c:\windows\system32\tpinspm.dll
2009-08-18 03:33:52 1193832 ----a-w- c:\windows\syswow64\FM20.DLL
2009-08-14 16:04:45 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:04:45 143360 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 15:53:34 17920 ----a-w- c:\windows\syswow64\netevent.dll
2009-08-14 14:10:25 10752 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:10:22 12800 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:10:21 32256 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:10:21 21504 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:10:20 23040 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:10:19 11264 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:10:19 10240 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:20 9728 ----a-w- c:\windows\syswow64\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\syswow64\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\syswow64\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\syswow64\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\syswow64\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\syswow64\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\syswow64\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\syswow64\netiohlp.dll
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-10-30 00:01:41 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 0:30:32.75 ===============


Thank you in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 cn_habs

cn_habs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 02 November 2009 - 02:19 AM

I performed a clean install recently and I don't believe this thread is no longer necessary as there are many others who could use some help more than I do. Thank you to all for this wonderful forum.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,083 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:15 PM

Posted 03 November 2009 - 03:55 AM

Since this issue seems resolved, this topic will now be closed.

If you are the original topic starter, and you need this topic to be re-opened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users