Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacked


  • This topic is locked This topic is locked
3 replies to this topic

#1 l33x

l33x

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 17 December 2009 - 02:34 PM

Hi.
Few days back both my browsers ( FF and ie8) got hijacked.
What happens is that if I use any search engine and do a search , then if I click on a link it will take me to websites other than where the links point.
Some times after a reboot all links will work just fine for a while and then the eratic behavior will start again.
Other times if I click on links the browser will give me a 404 eror and prompt me to diagnose the internet connection and when I say yes and before hit the start on the pop up wizard the browser will display the webpage.
I used all major antispyware/malware out there but they cannot detect anything wron besides tracking cookies.
I also scaned my system with avg free and scan was clean.
I finally installed safari and it seems that it has no problems so far.
I will appreciate any help.
Thanks.




DDS (Ver_09-06-26.01) - NTFSx86
Run by alex at 10:51:05.41 on Thu 12/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2366 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hotkey Management\FuncKey.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\alex\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [FuncKey] "c:\program files\hotkey management\FuncKey.exe"
mRun: [PowerManager] c:\program files\power manager\PM.exe
mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NeroFilterCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Alcmtr] "ALCMTR.EXE"
mRun: [SpySweeper] c:\program files\webroot\webrootsecurity\SpySweeperUI.exe /startintray
StartupFolder: c:\docume~1\alex\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alex\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\8smgit17.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-15 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-20 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-20 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-20 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-20 285392]
S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2009-11-29 10688]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-15 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-15 1141712]

=============== Created Last 30 ================

2009-12-16 12:18 <DIR> --d----- c:\program files\MSXML 4.0
2009-12-16 12:07 12,568 a------- c:\windows\system32\drivers\PROCEXP111.SYS
2009-12-16 09:34 <DIR> a-dshr-- C:\cmdcons
2009-12-16 09:33 261,632 a------- c:\windows\PEV.exe
2009-12-16 09:33 161,792 a------- c:\windows\SWREG.exe
2009-12-16 09:33 98,816 a------- c:\windows\sed.exe
2009-12-16 09:33 77,312 a------- c:\windows\MBR.exe
2009-12-16 09:33 <DIR> --d----- C:\KittyFix
2009-12-16 09:25 <DIR> --d----- C:\32788R22FWJFW.0.tmp
2009-12-15 17:47 56,532 a---h--- c:\windows\system32\mlfcache.dat
2009-12-15 14:59 <DIR> --d----- c:\program files\Trend Micro
2009-12-15 14:25 <DIR> --d----- c:\program files\MSSOAP
2009-12-15 14:25 <DIR> --d----- c:\program files\Webroot
2009-12-15 14:24 164 a------- c:\windows\install.dat
2009-12-15 13:44 233,136 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-12-15 13:44 7,387 a------- c:\windows\system32\drivers\pctgntdi.cat
2009-12-15 13:43 207,792 a------- c:\windows\system32\drivers\PCTCore.sys
2009-12-15 13:43 87,784 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-15 13:43 7,412 a------- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-15 13:43 7,383 a------- c:\windows\system32\drivers\pctcore.cat
2009-12-15 13:43 70,408 a------- c:\windows\system32\drivers\pctplsg.sys
2009-12-15 13:43 7,383 a------- c:\windows\system32\drivers\pctplsg.cat
2009-12-15 13:43 <DIR> --d----- c:\program files\common files\PC Tools
2009-12-15 13:43 <DIR> --d----- c:\program files\Spyware Doctor
2009-12-15 13:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-12-15 13:43 <DIR> --d----- c:\docume~1\alex\applic~1\PC Tools
2009-12-14 10:52 <DIR> --d----- c:\documents and settings\alex\Packet Tracer 5.2
2009-12-12 13:02 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-12-12 13:02 21,504 a------- c:\windows\system32\hidserv.dll
2009-12-12 13:02 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-12-12 13:02 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-12-12 13:02 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-12-12 13:02 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-12-12 13:02 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-12-12 13:02 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-12-12 11:47 <DIR> --d----- c:\docume~1\alex\applic~1\Malwarebytes
2009-12-12 11:47 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-12 11:47 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-12-12 11:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-12-12 11:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-12 11:38 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-12-12 11:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-12 10:27 <DIR> --d----- c:\program files\Visual CertExam Suite
2009-12-12 10:06 132,096 a--shr-- c:\windows\system32\nvwrsptby.dll
2009-12-12 08:42 1,415,680 a------- c:\windows\system32\WMV9VCM.DLL
2009-12-12 08:42 49,152 a------- c:\windows\system32\TSCCVID.DLL
2009-12-12 08:41 <DIR> --d----- c:\program files\TESTOUT
2009-12-09 11:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Boson Software
2009-12-07 19:46 <DIR> --d----- c:\program files\gs
2009-12-07 19:45 <DIR> --d----- c:\program files\PlotSoft
2009-12-07 19:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PlotSoft
2009-12-07 09:51 <DIR> --d----- c:\docume~1\alex\applic~1\Foxit Software
2009-11-30 10:42 <DIR> --d----- c:\docume~1\alex\applic~1\TeamViewer
2009-11-30 10:42 <DIR> --d----- c:\program files\TeamViewer
2009-11-30 10:41 <DIR> --d----- c:\documents and settings\alex\temp
2009-11-29 13:36 <DIR> --d----- c:\docume~1\alex\applic~1\UltraVNC
2009-11-29 13:33 20,672 a------- c:\windows\system32\mv2.dll
2009-11-29 13:33 10,688 a------- c:\windows\system32\drivers\mv2.sys
2009-11-29 13:33 <DIR> --d----- c:\program files\UltraVNC
2009-11-28 11:22 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-11-28 11:22 <DIR> --d----- c:\documents and settings\alex\Tracing
2009-11-28 11:21 <DIR> --d----- c:\program files\Microsoft
2009-11-28 11:19 <DIR> --d----- c:\program files\common files\Windows Live
2009-11-25 08:59 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-11-24 11:15 <DIR> --d----- c:\program files\Packet Tracer 5.2
2009-11-24 11:04 <DIR> --d----- c:\windows\system32\XPSViewer
2009-11-24 11:03 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-24 11:03 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-24 11:03 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-24 11:03 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-11-24 11:03 117,760 -------- c:\windows\system32\prntvpt.dll
2009-11-24 11:03 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-11-24 11:03 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-11-24 10:51 <DIR> --d----- c:\program files\Boson Software
2009-11-24 10:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Boson
2009-11-24 10:46 <DIR> --d----- c:\windows\system32\URTTemp
2009-11-23 21:03 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-11-23 21:03 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-11-23 21:03 5,632 a------- c:\windows\system32\ptpusb.dll
2009-11-23 21:03 159,232 a------- c:\windows\system32\ptpusd.dll
2009-11-23 20:55 28 a------- c:\windows\ODBC.INI
2009-11-23 20:23 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-11-23 20:23 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-11-23 20:23 <DIR> --d----- c:\program files\iPod
2009-11-23 20:23 <DIR> --d----- c:\program files\iTunes
2009-11-23 20:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-11-23 20:23 <DIR> --d----- c:\program files\Bonjour
2009-11-23 20:22 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-11-23 20:22 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-11-23 20:17 <DIR> --d----- C:\iPhone 3.0
2009-11-23 13:40 225 a------- c:\windows\hpbafd.ini
2009-11-21 15:08 116 a------- c:\windows\NeroDigital.ini
2009-11-21 14:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-11-21 10:29 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-11-21 10:29 47,360 a------- c:\docume~1\alex\applic~1\pcouffin.sys
2009-11-21 10:29 <DIR> --d----- c:\program files\DVDFab 6
2009-11-21 09:57 125,184 -------- c:\windows\system32\drivers\imagesrv.sys
2009-11-21 09:57 5,504 -------- c:\windows\system32\drivers\imagedrv.sys
2009-11-21 09:57 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-11-21 09:57 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-11-21 09:57 1,568,768 -------- c:\windows\system32\ImagX7.dll
2009-11-21 09:57 476,320 -------- c:\windows\system32\ImagXpr7.dll
2009-11-21 09:57 471,040 -------- c:\windows\system32\ImagXRA7.dll
2009-11-21 09:57 262,144 -------- c:\windows\system32\ImagXR7.dll
2009-11-21 09:43 274,288 a------- c:\windows\system32\mucltui.dll
2009-11-21 09:43 215,920 a------- c:\windows\system32\muweb.dll
2009-11-21 09:43 16,736 a------- c:\windows\system32\mucltui.dll.mui
2009-11-20 18:35 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-11-20 18:22 <DIR> --d----- c:\program files\CDisplay
2009-11-20 13:53 <DIR> --d----- c:\program files\VideoLAN
2009-11-20 13:52 69 a------- c:\documents and settings\alex\jagex_runescape_preferences2.dat
2009-11-20 13:51 39 a------- c:\documents and settings\alex\jagex_runescape_preferences.dat
2009-11-20 13:51 <DIR> --d----- c:\windows\.jagex_cache_32
2009-11-20 13:30 <DIR> --d----- c:\program files\Bitcricket
2009-11-20 13:07 <DIR> --d----- C:\$AVG
2009-11-20 13:07 12,464 a------- c:\windows\system32\avgrsstx.dll
2009-11-20 13:07 360,584 a------- c:\windows\system32\drivers\avgtdix.sys
2009-11-20 13:07 333,192 a------- c:\windows\system32\drivers\avgldx86.sys
2009-11-20 13:07 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-11-20 13:07 <DIR> --d----- c:\program files\AVG
2009-11-20 13:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9
2009-11-20 12:39 3,255 a------- c:\windows\system32\wbem\Outlook_01ca6a217d54d1fa.mof
2009-11-20 12:24 <DIR> --d----- c:\program files\TTERMPRO
2009-11-20 12:24 42,496 a------- c:\windows\ttuninst.exe
2009-11-20 12:14 <DIR> --d----- c:\program files\MSECache
2009-11-20 12:13 32,656 a------- c:\windows\system32\msonpmon.dll
2009-11-20 12:10 <DIR> --d----- c:\program files\age
2009-11-20 12:02 <DIR> --d----- c:\windows\SHELLNEW
2009-11-20 11:51 <DIR> --d----- c:\windows\WinRAR
2009-11-20 11:50 <DIR> --d----- c:\windows\system32\appmgmt
2009-11-20 11:48 <DIR> --d----- c:\program files\uTorrent
2009-11-20 11:48 <DIR> --d----- c:\docume~1\alex\applic~1\uTorrent
2009-11-20 11:46 411,368 a------- c:\windows\system32\deploytk.dll
2009-11-20 11:46 73,728 a------- c:\windows\system32\javacpl.cpl
2009-11-20 11:41 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-11-20 11:39 <DIR> --d--r-- c:\program files\Skype
2009-11-20 11:36 <DIR> --d----- c:\program files\PowerISO
2009-11-20 11:29 <DIR> --dsh--- c:\documents and settings\alex\IECompatCache
2009-11-20 11:27 <DIR> --dsh--- c:\documents and settings\alex\PrivacIE
2009-11-20 11:27 <DIR> --dsh--- c:\documents and settings\alex\IETldCache
2009-11-20 11:25 92,160 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-11-20 11:25 <DIR> --d----- c:\windows\ie8updates
2009-11-20 11:25 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-11-20 11:25 11,069,952 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-11-20 11:25 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-11-20 11:25 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-11-20 11:25 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-11-20 11:25 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-20 11:24 <DIR> -cd-h--- c:\windows\ie8
2009-11-20 11:07 <DIR> --d----- c:\windows\system32\scripting
2009-11-20 11:07 <DIR> --d----- c:\windows\system32\en
2009-11-20 11:07 <DIR> --d----- c:\windows\system32\bits
2009-11-20 11:07 <DIR> --d----- c:\windows\l2schemas
2009-11-20 11:03 <DIR> --d----- c:\windows\network diagnostic
2009-11-20 10:56 <DIR> --dsh--- c:\documents and settings\alex\UserData
2009-11-20 10:38 354,468 -c------ c:\windows\system32\dllcache\wmpaud1.wav
2009-11-20 10:32 <DIR> --d----- c:\windows\pss
2009-11-20 10:23 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-11-20 10:23 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-11-20 10:23 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-11-20 10:23 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-11-20 10:22 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-11-20 10:22 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-11-20 10:22 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-11-20 10:20 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-11-20 10:18 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-11-20 10:18 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-11-20 10:14 <DIR> --d----- c:\windows\system32\PreInstall
2009-11-20 10:14 <DIR> --d-h--- c:\windows\$hf_mig$
2009-11-20 10:07 13,646 a------- c:\windows\system32\wpa.bak
2009-11-20 10:06 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-11-20 10:05 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-11-20 10:05 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-11-20 10:05 <DIR> --d----- c:\windows\system32\Lang
2009-11-20 10:03 488,992 a------- c:\windows\system32\drivers\ar5211.sys
2009-11-20 10:03 488,992 a------- c:\windows\system32\ar5211.sys
2009-11-20 10:03 43,481 a------- c:\windows\system32\net5211.inf
2009-11-20 10:03 15,366 a------- c:\windows\system32\net5211.cat
2009-11-20 10:03 <DIR> --d----- c:\windows\Options
2009-11-20 10:03 <DIR> --d----- c:\program files\Wireless LAN
2009-11-20 10:03 <DIR> --d----- C:\temp
2009-11-20 10:02 113,152 a------- c:\windows\system32\drivers\Apfiltr.sys
2009-11-20 10:02 99,630 a------- c:\windows\system32\Vxdif.dll
2009-11-20 10:02 <DIR> --d----- c:\program files\Apoint2K
2009-11-20 10:02 <DIR> --d----- c:\program files\Power Manager
2009-11-20 10:01 36,864 a------- c:\windows\system32\drivers\AmdK8.sys
2009-11-20 10:01 <DIR> --d----- c:\program files\CONEXANT
2009-11-20 10:00 176,128 a------- c:\windows\system32\nvunrm.exe
2009-11-20 10:00 101,888 a------- c:\windows\system32\drivers\nvtcp.sys
2009-11-20 10:00 3,903 a------- c:\windows\system32\nvnrm.nvu
2009-11-20 10:00 18 a------- c:\windows\system32\drivers\nvphy.bin
2009-11-20 10:00 6,144 a------- c:\windows\system32\WinIo.sys
2009-11-20 10:00 <DIR> --d----- c:\program files\Hotkey Management
2009-11-20 09:59 176,128 a------- c:\windows\system32\nvusmb.exe
2009-11-20 09:59 1,864 a------- c:\windows\system32\nvsmb.nvu
2009-11-20 09:59 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-11-20 09:58 <DIR> --d----- c:\windows\Downloaded Installations
2009-11-20 09:56 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-11-20 09:56 <DIR> --d----- c:\program files\Realtek
2009-11-20 09:53 208,896 a------- c:\windows\system32\nvudisp.exe
2009-11-20 09:53 51,048 a------- c:\windows\system32\nvapps.xml
2009-11-20 09:53 17,056 a------- c:\windows\system32\nvdisp.nvu
2009-11-20 09:53 <DIR> --d----- c:\windows\nview
2009-11-20 09:53 208,896 a------- c:\windows\system32\NVUNINST.EXE
2009-11-20 09:52 <DIR> --d----- C:\everex
2009-11-20 09:50 <DIR> --d----- c:\documents and settings\alex
2009-11-20 09:49 <DIR> --ds---- c:\windows\system32\Microsoft
2009-11-20 09:49 8,192 a------- c:\windows\REGLOCS.OLD
2009-11-20 09:46 83,748 ac------ c:\windows\system32\dllcache\prcp.nls
2009-11-20 09:45 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-11-20 09:44 6,144 ac------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-11-20 09:44 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-11-20 09:44 <DIR> --d----- c:\windows\system32\xircom
2009-11-20 09:44 <DIR> --d----- c:\windows\system32\wbem\snmp
2009-11-20 09:44 2,577 a------- c:\windows\system32\CONFIG.NT
2009-11-20 09:44 0 a------- c:\windows\control.ini
2009-11-20 09:44 23,392 a------- c:\windows\system32\nscompat.tlb
2009-11-20 09:44 16,832 a------- c:\windows\system32\amcompat.tlb
2009-11-20 09:44 316,640 a------- c:\windows\WMSysPr9.prx
2009-11-20 09:42 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-11-20 09:42 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-11-20 09:42 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-11-20 09:42 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-11-20 09:42 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-11-20 09:42 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-11-20 09:42 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-11-20 09:42 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-11-20 09:42 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-11-20 09:42 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-11-20 09:42 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-11-20 09:42 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-11-20 09:41 <DIR> --d----- c:\program files\common files\MSSoap
2009-11-20 09:39 <DIR> --d----- c:\program files\Online Services
2009-11-20 09:39 <DIR> --d----- c:\program files\Messenger
2009-11-20 09:38 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-11-20 09:38 <DIR> --d----- c:\program files\Windows NT
2009-11-20 01:27 <DIR> --d----- c:\program files\common files\ODBC
2009-11-20 01:27 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-11-20 01:26 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-11-20 11:10 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-11-20 09:39 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-11-08 19:21 59,388 a------- c:\windows\system32\drivers\scdemu.sys
2009-10-28 23:45 916,480 -------- c:\windows\system32\wininet.dll
2009-10-20 21:38 75,776 a------- c:\windows\system32\strmfilt.dll
2009-10-20 21:38 25,088 a------- c:\windows\system32\httpapi.dll
2009-10-20 08:20 265,728 a------- c:\windows\system32\drivers\http.sys
2009-10-13 02:30 270,336 a------- c:\windows\system32\oakley.dll
2009-10-12 05:38 149,504 a------- c:\windows\system32\rastls.dll
2009-10-12 05:38 79,872 a------- c:\windows\system32\raschap.dll

============= FINISH: 10:51:40.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 l33x

l33x
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 19 December 2009 - 11:53 AM

Dont bother. :(

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:53 PM

Posted 29 December 2009 - 09:21 PM

Do you still need help or have you fixed the issue?
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:53 PM

Posted 04 January 2010 - 02:23 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users