Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware...


  • This topic is locked This topic is locked
16 replies to this topic

#1 herby canopy

herby canopy

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 25 March 2010 - 10:23 PM

Aloha!

First of all, I do not know what malware I have but Google insist that I do have one so I am here to try to do a better search. Sorry for all this information but I would rather give you to much instead of not enough.

Problem:
On my personal work computer (I am a music engineer) sometimes when I try to use Google I get a "Sorry Google" page. I have two other computers on the network that do not ever get this page. THis is what Google has to say about this problem...

http://www.google.com/support/websearch/bi...mp;answer=86640

Things I have tried to solved this problem:
1) I tried disabling all my addons and plugins for 2 days
2) I Scanned my computer and my networked computers with Spybot Search & Destory
3) I scanned my computer with Kaspersky Internet Securaty 2010
4) I scanned my other two computers with AVG (becasue they are to old to run KIS effectively

Ways I can stop this from happening for a few minutes:
1)Deleting all the cookies from google


Facts:
1) google does not work
2) no malware on any of the three computers
3) it is not an addon
4) it is not a plugin
5) I have never seen a CAPTCHA from google in all the years I have been using it...till today I did not even know they used them

What I need to find out:
1) how can a person find out what programs are sending out information to the internet (if I can find this out it should be easy to tell what is sending out the request)

Computer Facts:
3.0Ghz Quad-Core
3.25GB RAM
Windows XP sp3
Firefox 3.6.2
Kaspersky IS 2010 (updated)
Spybot S&D (updated)
AVG (updated)

Other:
If you need to know anything please let me know!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 15:55:30.68 on Fri 03/26/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2374 [GMT -10:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\DeltaIITray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files\imacros\imacros.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [\\MAHA\EPSON WorkForce 610 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\docume~1\owner\locals~1\temp\E_SB.tmp" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [M-Audio Taskbar Icon] c:\windows\system32\DeltaIITray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hottno~1.lnk - c:\program files\hott notes 4\hottnotes.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
mPolicies-explorer: MaxRecentDocs = 18 (0x12)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.255.255.255 serial.alcohol-soft.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\1idg8r84.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\1idg8r84.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\1idg8r84.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-3-17 315408]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-3-7 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-3-7 41680]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2010-3-6 185632]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2010-3-6 19072]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [2010-3-6 302472]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-2-12 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-2-12 110096]
S0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [2009-10-18 9096]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2009-10-18 9472]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-6 1691480]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-3-7 31824]

=============== Created Last 30 ================

2010-03-26 00:39:17 0 d-----w- c:\docume~1\owner\applic~1\Office Genuine Advantage
2010-03-25 02:31:17 74952 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-25 01:27:18 0 d-----w- c:\program files\BookDB2
2010-03-24 21:23:03 0 d-----w- c:\program files\JDownloader
2010-03-23 20:17:29 0 d-----w- c:\program files\File Shredder
2010-03-23 19:42:19 0 d-----w- c:\documents and settings\owner\dwhelper
2010-03-23 19:36:49 0 d-----w- c:\program files\LimeWire
2010-03-22 06:36:14 789535820 ----a-w- c:\documents and settings\owner\dwhelpe1.rar
2010-03-21 23:50:41 56696 ----a-w- c:\windows\system32\imsys.dll
2010-03-21 23:50:41 245112 ----a-w- c:\windows\system32\iimds.dll
2010-03-21 23:50:41 232824 ----a-w- c:\windows\system32\IMImage.dll
2010-03-21 23:50:40 0 d-----w- c:\program files\iMacros
2010-03-21 23:41:55 262144 ----a-w- c:\windows\system32\default_user_class.dat
2010-03-21 20:45:28 0 d-----w- c:\docume~1\owner\applic~1\Mozenda
2010-03-20 21:13:25 0 d--h--w- c:\windows\PIF
2010-03-19 22:59:04 53 --s-a-w- c:\windows\__$$key_file$$__
2010-03-19 22:58:44 32 ----a-w- c:\windows\__$tofn$__
2010-03-19 20:31:05 20 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-03-18 00:59:51 0 d-----w- c:\docume~1\alluse~1\applic~1\ALM
2010-03-18 00:39:19 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2010-03-18 00:39:19 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-03-18 00:15:01 0 d-----w- c:\program files\common files\Macrovision Shared
2010-03-17 22:38:39 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-03-17 22:38:39 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-03-17 22:36:52 0 d-----w- c:\program files\Kaspersky Lab
2010-03-17 22:36:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-03-17 22:32:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-03-17 20:45:57 0 d-----w- c:\program files\Canon
2010-03-17 09:15:35 0 d--h--w- C:\$AVG
2010-03-17 09:00:07 0 d-----w- c:\program files\AVG
2010-03-17 07:57:08 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-17 07:57:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-03-17 05:07:46 1770652364 ----a-w- c:\documents and settings\owner\dwhelper.rar
2010-03-16 07:50:50 0 d-----w- c:\program files\JitBit
2010-03-16 03:58:16 0 d-----w- c:\program files\GPLGS
2010-03-16 03:58:08 7549 ----a-w- c:\windows\system32\dopdf7.ctm
2010-03-16 03:58:08 22856 ----a-w- c:\windows\system32\dopdfmn7.dll
2010-03-16 03:58:08 19784 ----a-w- c:\windows\system32\dopdfmi7.dll
2010-03-16 03:58:08 0 d-----w- c:\docume~1\owner\applic~1\Softland
2010-03-16 03:58:05 0 d-----w- c:\program files\Softland
2010-03-16 03:57:18 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-03-16 03:57:17 0 d-----w- c:\program files\Acro Software
2010-03-16 03:38:45 0 d-----w- c:\docume~1\owner\applic~1\PrimoPDF
2010-03-16 03:37:21 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-03-16 03:37:21 0 d-----w- c:\program files\Nitro PDF
2010-03-16 03:15:44 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-03-16 03:15:43 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-03-16 02:02:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Softomotive
2010-03-16 02:01:53 0 d-----w- c:\program files\Softomotive
2010-03-15 21:21:44 0 d-----w- c:\docume~1\owner\applic~1\4Media Software Studio
2010-03-15 21:21:05 0 d-----w- c:\program files\4Media
2010-03-14 22:54:26 0 d-----w- c:\program files\Yaldex Software
2010-03-14 21:05:09 0 d-----w- c:\program files\WinDirStat
2010-03-14 18:56:11 0 d-----w- c:\program files\PixieReg
2010-03-14 18:56:09 0 d-----w- c:\program files\PixieRobot
2010-03-14 18:56:04 249856 ------w- c:\windows\Setup1.exe
2010-03-14 18:56:03 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-14 01:16:44 0 d-----w- c:\docume~1\owner\applic~1\URSoft
2010-03-13 21:16:46 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{4275E5EA-6E30-48EB-A209-F964539CBE1C}
2010-03-13 21:01:53 0 dc----w- c:\docume~1\alluse~1\applic~1\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
2010-03-12 21:42:04 3249 ----a-w- c:\windows\system32\wbem\Outlook_01cac22cdb0703a0.mof
2010-03-12 20:49:19 0 d-----w- c:\windows\pss
2010-03-12 20:45:41 0 d-----w- c:\program files\Audacity
2010-03-11 22:10:12 38 ----a-w- c:\windows\avisplitter.ini
2010-03-11 22:10:11 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-11 22:10:11 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2010-03-11 22:10:11 414 ----a-w- c:\windows\system32\lame_acm.xml
2010-03-11 22:10:11 39936 ----a-w- c:\windows\system32\huffyuv.dll
2010-03-11 22:10:11 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-11 22:10:11 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-11 22:10:10 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-03-11 22:10:09 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-11 20:37:35 0 d-----w- c:\docume~1\owner\applic~1\ACAMPREF
2010-03-11 20:37:33 0 d-----w- c:\program files\Melody Assistant
2010-03-10 21:04:50 0 dc----w- c:\docume~1\alluse~1\applic~1\{349235F3-1FB1-49C2-A9BE-9594B228EA54}
2010-03-10 07:59:47 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{A6CBE6A2-B738-440D-B19A-60D7C36810C7}
2010-03-10 07:56:52 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{261FD3E7-AC6C-4785-8405-DCF2100A3A46}
2010-03-10 07:55:25 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{3EE98DDF-8EFF-4760-88EB-D666A839217F}
2010-03-10 07:54:35 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
2010-03-10 07:38:19 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
2010-03-10 07:38:17 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{F322C569-6416-428D-A2EA-A5D1C7073DE8}
2010-03-09 17:42:55 0 d-----w- c:\program files\East West
2010-03-09 04:21:24 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2010-03-09 04:19:42 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}
2010-03-09 04:19:26 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
2010-03-09 04:18:23 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
2010-03-09 04:18:15 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2010-03-09 03:11:03 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-09 03:11:02 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-09 02:53:34 0 d-----w- c:\program files\common files\Digidesign
2010-03-09 02:06:27 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-03-09 02:05:54 0 d-----w- c:\program files\Cakewalk
2010-03-08 23:32:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-08 23:32:47 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-08 23:32:16 0 d-----w- c:\program files\iPod
2010-03-08 23:32:14 0 d-----w- c:\program files\iTunes
2010-03-08 23:32:14 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-08 23:32:05 0 d-----w- c:\program files\Bonjour
2010-03-08 23:31:27 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-03-08 23:31:27 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-03-08 22:54:32 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-08 20:29:35 303104 ----a-w- c:\windows\system32\CNC250L.dll
2010-03-08 20:29:35 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2010-03-08 20:29:35 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-03-08 20:29:35 1310720 ----a-w- c:\windows\system32\CNC250C.dll
2010-03-08 20:29:35 12288 ----a-w- c:\windows\system32\CNC173AD.TBL
2010-03-08 20:29:35 110592 ----a-w- c:\windows\system32\CNC250I.dll
2010-03-08 20:29:35 106496 ----a-w- c:\windows\system32\CNC250U.dll
2010-03-08 20:28:15 0 d-----w- c:\docume~1\alluse~1\applic~1\EPSON
2010-03-08 20:27:50 272384 ----a-w- c:\windows\system32\CNMLM9W.DLL
2010-03-08 20:27:46 90112 ----a-w- c:\windows\system32\CNC250O.dll
2010-03-08 20:27:46 178176 ----a-w- c:\windows\system32\CNMIU9W.DLL
2010-03-08 09:31:44 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
2010-03-08 08:55:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Native Instruments
2010-03-07 23:47:30 0 d-----w- c:\documents and settings\owner\.VirtualBox
2010-03-07 23:43:52 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-03-07 23:43:44 31824 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2010-03-07 23:43:42 41680 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-03-07 23:43:39 0 d-----w- c:\program files\Sun
2010-03-07 23:35:20 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-07 23:32:58 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-07 23:32:32 0 d-----w- c:\windows\SHELLNEW
2010-03-07 20:40:23 0 d-----w- c:\documents and settings\owner\TruePianos Settings
2010-03-07 20:31:52 0 d-----w- c:\program files\common files\Native Instruments
2010-03-07 20:31:32 0 d-----w- c:\program files\Native Instruments
2010-03-07 19:38:55 118784 ----a-w- c:\windows\dsdxirmv.exe
2010-03-07 19:34:41 0 d-----w- C:\Cakewalk Projects
2010-03-07 19:20:53 0 d-----w- c:\program files\Alcohol Soft
2010-03-07 19:18:22 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-07 10:09:46 0 d--h--w- c:\windows\$hf_mig$
2010-03-07 10:06:18 0 d-----w- c:\docume~1\owner\applic~1\Broad Intelligence
2010-03-07 09:57:33 0 d-----w- c:\program files\MediaCoder
2010-03-07 09:41:13 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-03-07 09:41:12 0 d-----w- c:\windows\system32\QuickTime
2010-03-07 09:41:04 0 d-----w- c:\program files\common files\TechSmith Shared
2010-03-07 09:39:43 0 d-----r- C:\Sandbox
2010-03-07 09:39:21 1564 ----a-w- c:\windows\Sandboxie.ini
2010-03-07 04:43:26 0 d-----w- c:\program files\Fanfiction Downloader
2010-03-07 04:36:55 0 d-----w- c:\docume~1\owner\applic~1\hott notes 4
2010-03-07 04:36:50 0 d-----w- c:\program files\hott notes 4
2010-03-07 03:20:17 0 d-----w- c:\docume~1\owner\applic~1\Cakewalk
2010-03-07 03:20:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Cakewalk
2010-03-07 00:22:30 0 d-----w- c:\docume~1\owner\applic~1\uTorrent
2010-03-07 00:21:58 0 d-----w- c:\program files\uTorrent
2010-03-07 00:14:59 73728 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-03-07 00:13:14 0 d-----w- c:\windows\system32\AGEIA
2010-03-07 00:13:10 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-07 00:13:04 0 d-----w- c:\program files\NVIDIA Corporation
2010-03-07 00:12:13 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-07 00:12:12 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2010-03-07 00:12:12 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-07 00:12:12 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-07 00:12:12 1597690 ----a-w- c:\windows\system32\nvdata.bin
2010-03-07 00:12:10 868352 ----a-w- c:\windows\system32\nvapi.dll
2010-03-07 00:12:10 7753888 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-03-07 00:12:10 5845632 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-07 00:12:10 155648 ----a-w- c:\windows\system32\nvcodins.dll
2010-03-07 00:12:10 155648 ----a-w- c:\windows\system32\nvcod.dll
2010-03-07 00:04:34 0 d-----w- c:\windows\system32\appmgmt
2010-03-06 23:59:59 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2010-03-06 23:59:58 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2010-03-06 23:59:47 0 d-----w- c:\windows\system32\Lang
2010-03-06 23:56:25 27744 ----a-w- c:\windows\system32\drivers\point32.sys
2010-03-06 23:56:04 0 d-----w- c:\program files\Microsoft IntelliPoint
2010-03-06 23:54:17 0 d-----w- c:\program files\ATI
2010-03-06 23:54:02 0 d-----w- c:\program files\ATI Technologies
2010-03-06 23:53:27 0 d-----w- C:\ATI
2010-03-06 23:51:53 9047 ----a-w- c:\windows\system32\nvinfo.pb
2010-03-06 23:30:43 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-03-06 23:30:43 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-03-06 23:30:42 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-03-06 23:30:42 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-03-06 23:30:26 0 d-----w- c:\windows\system32\directx
2010-03-06 23:30:24 0 d-----w- c:\windows\Logs
2010-03-06 23:28:38 757852 ----a-w- c:\windows\system32\Scutum.dll
2010-03-06 23:28:38 480 ----a-w- c:\windows\system32\DiagFunc.ini
2010-03-06 23:28:38 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-03-06 23:28:38 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2010-03-06 23:28:38 180224 ----a-w- c:\windows\system32\W32N55.dll
2010-03-06 23:28:38 147456 ----a-w- c:\windows\system32\DiagFunc.dll
2010-03-06 23:28:38 143459 ----a-w- c:\windows\system32\RalinkGina.dll
2010-03-06 23:28:38 1191 ----a-w- c:\windows\system32\W32N55.INI
2010-03-06 23:28:38 1085440 ----a-w- c:\windows\system32\libeay32.dll
2010-03-06 23:28:36 0 d-----w- c:\program files\Ralink
2010-03-06 23:28:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Ralink Driver
2010-03-06 23:27:04 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-06 23:26:49 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-03-06 23:26:49 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-03-06 23:26:49 539160 ----a-w- c:\windows\system32\LVUI2.dll
2010-03-06 23:26:49 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2010-03-06 23:26:49 266828 ----a-w- c:\windows\system32\drivers\LVAFT.cfg
2010-03-06 23:26:29 82289 ----a-w- c:\windows\system32\lvcoinst.ini
2010-03-06 23:26:29 34068 ----a-w- c:\windows\system32\Repository.reg
2010-03-06 23:26:29 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-03-06 23:26:29 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2010-03-06 23:26:20 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-06 23:26:13 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2010-03-06 22:35:26 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-03-06 22:35:22 726528 ------w- c:\windows\system32\dllcache\jscript.dll
2010-03-06 22:34:13 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-03-06 22:34:13 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb
2010-03-06 22:33:30 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-03-06 22:33:30 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-03-06 22:33:26 456832 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-06 22:33:05 1447424 ------w- c:\windows\system32\dllcache\msxml6.dll
2010-03-06 22:33:05 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-03-06 22:32:34 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-03-06 22:32:04 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-06 22:32:04 19495 ----a-w- c:\windows\system32\nvdisp.nvu
2010-03-06 22:31:50 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-06 18:31:04 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-03-06 18:31:04 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-03-06 18:31:03 8192 ----a-w- c:\windows\system32\rt2661.bin
2010-03-06 18:31:03 8192 ----a-w- c:\windows\system32\rt2561s.bin
2010-03-06 18:31:02 8192 ----a-w- c:\windows\system32\rt2561.bin
2010-03-06 18:31:02 0 d-----w- c:\program files\EDIMAX
2010-03-06 18:30:25 302472 ----a-w- c:\windows\system32\drivers\MAudioDelta.sys
2010-03-06 18:30:25 0 d-----w- c:\program files\M-Audio
2010-03-06 18:30:05 0 d-----w- c:\program files\Realtek
2010-03-06 18:29:31 0 d-----w- c:\windows\system32\ReinstallBackups
2010-03-06 18:29:23 9096 ----a-w- c:\windows\system32\drivers\amdide.sys
2010-03-06 18:29:12 0 d-----w- C:\RaidTool
2010-03-06 18:29:10 0 d-----w- c:\windows\RaidTool
2010-03-06 18:03:11 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2010-03-06 18:03:05 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2010-03-06 17:57:50 0 d-----w- c:\program files\QuickTime Alternative
2010-03-06 17:57:37 0 d-----w- c:\program files\K-Lite Codec Pack
2010-03-06 17:57:33 0 d-----w- c:\program files\Foxit Software
2010-03-06 17:57:33 0 d-----w- c:\docume~1\owner\applic~1\Foxit
2010-03-06 17:57:13 0 d-----w- c:\program files\UPHClean
2010-03-06 17:50:22 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-06 17:49:35 0 d-sh--w- c:\documents and settings\all users\DRM
2010-03-06 17:49:24 0 d--h--w- c:\program files\WindowsUpdate
2010-03-06 17:49:12 0 d-----w- c:\program files\Windows Media Connect 2
2010-03-06 17:48:50 0 d-----w- c:\program files\common files\MSSoap
2010-03-06 17:47:04 0 d-----w- c:\program files\MSXML 4.0
2010-03-06 17:45:26 0 d-----w- c:\program files\Windows NT
2010-03-06 11:40:10 0 d-----w- c:\program files\common files\ODBC
2010-03-06 11:40:07 0 d-----w- c:\program files\common files\SpeechEngines
2010-03-06 11:38:01 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-03-07 00:13:57 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-03-07 00:13:57 176768 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2010-03-06 17:48:05 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-23 03:57:04 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-02-23 03:57:04 358944 ----a-w- c:\windows\vncutil.exe
2010-02-23 03:57:00 1833504 ----a-w- c:\windows\SkyTel.exe
2010-02-23 03:57:00 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-02-23 03:56:58 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-02-23 03:56:52 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-02-23 03:56:52 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-02-23 03:56:46 18791456 ----a-w- c:\windows\RTHDCPL.EXE
2010-02-23 03:56:40 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-02-23 03:56:40 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-02-23 03:56:40 2177568 ----a-w- c:\windows\MicCal.exe
2010-02-23 03:28:52 5862432 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-02-13 06:34:58 99152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-02-13 06:34:58 110096 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-02-13 06:34:56 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-02-13 05:02:16 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-02-10 17:13:48 165376 ----a-w- c:\windows\system32\unrar.dll

============= FINISH: 15:56:28.04 ===============

Attached Files


Edited by PropagandaPanda, 29 March 2010 - 03:23 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 PM

Posted 29 March 2010 - 03:39 PM

Hello Herby.

Sorry for the delay in response.

I don't see any evidence of malware. Let's run MBAM to make sure, then we can do some further investigation.

Download and run MalwareBytes Anti-Malware
If you already have MBAM installed, simply update and run a quick scan.

Please download Malwarebytes Anti-Malware setup and to your desktop.
alternate download link 1
alternate download link 2

Refer to the steps given here on installing MalwareBytes, running the scan, and saving the log file (not on using File Assasin).
  • If you have trouble updating, try the other mirror download site.
  • Should the computer in question not be able update using the normal method download the update file from here, using another machine if needed. Simply double click the file to install the updates.
  • If MalwareBytes asks to reboot to remove certain items, do so right away.
Please include the scan logfile in your next reply.

Also include a new DDS log. The attach.txt is not needed.

With Regards,
The Panda

#3 herby canopy

herby canopy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 29 March 2010 - 08:59 PM

Just so you know I am 2 hours into the scan. Though it will be a long scan because Malwarebytes is a really slow scanner and I have around 600k files on the computer. Once I have that log I will Edit this post here.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 21:39:45.20 on Mon 03/29/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2383 [GMT -10:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\DeltaIITray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files\imacros\imacros.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [\\MAHA\EPSON WorkForce 610 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\docume~1\owner\locals~1\temp\E_SB.tmp" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [M-Audio Taskbar Icon] c:\windows\system32\DeltaIITray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hottno~1.lnk - c:\program files\hott notes 4\hottnotes.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
mPolicies-explorer: MaxRecentDocs = 18 (0x12)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.255.255.255 serial.alcohol-soft.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\1idg8r84.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\1idg8r84.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\1idg8r84.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-3-17 315408]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-3-7 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-3-7 41680]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2010-3-6 185632]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2010-3-6 19072]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [2010-3-6 302472]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-29 38224]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-2-12 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-2-12 110096]
S0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [2009-10-18 9096]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2009-10-18 9472]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-6 1691480]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-3-7 31824]

=============== Created Last 30 ================

2010-03-29 23:04:09 699904 ----a-w- c:\windows\isRS-000.tmp
2010-03-29 21:07:12 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-03-29 21:06:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 21:06:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-29 21:06:39 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 21:06:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 18:40:19 0 d-----w- c:\program files\Toontrack
2010-03-28 23:54:00 0 d-----w- c:\documents and settings\owner\dwhelper
2010-03-27 02:18:13 456411772 ----a-w- c:\documents and settings\owner\dwhelpe3r.rar
2010-03-26 00:39:17 0 d-----w- c:\docume~1\owner\applic~1\Office Genuine Advantage
2010-03-25 02:31:17 74952 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-25 01:27:18 0 d-----w- c:\program files\BookDB2
2010-03-23 19:36:49 0 d-----w- c:\program files\LimeWire
2010-03-22 06:36:14 789535820 ----a-w- c:\documents and settings\owner\dwhelpe1.rar
2010-03-21 23:50:41 56696 ----a-w- c:\windows\system32\imsys.dll
2010-03-21 23:50:41 245112 ----a-w- c:\windows\system32\iimds.dll
2010-03-21 23:50:41 232824 ----a-w- c:\windows\system32\IMImage.dll
2010-03-21 23:50:40 0 d-----w- c:\program files\iMacros
2010-03-21 23:41:55 262144 ----a-w- c:\windows\system32\default_user_class.dat
2010-03-21 20:45:28 0 d-----w- c:\docume~1\owner\applic~1\Mozenda
2010-03-20 21:13:25 0 d--h--w- c:\windows\PIF
2010-03-19 22:59:04 53 --s-a-w- c:\windows\__$$key_file$$__
2010-03-19 22:58:44 32 ----a-w- c:\windows\__$tofn$__
2010-03-19 20:31:05 20 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-03-18 00:59:51 0 d-----w- c:\docume~1\alluse~1\applic~1\ALM
2010-03-18 00:39:19 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2010-03-18 00:39:19 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-03-18 00:15:01 0 d-----w- c:\program files\common files\Macrovision Shared
2010-03-17 22:38:39 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-03-17 22:38:39 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-03-17 22:36:52 0 d-----w- c:\program files\Kaspersky Lab
2010-03-17 22:36:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-03-17 22:32:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-03-17 20:45:57 0 d-----w- c:\program files\Canon
2010-03-17 09:15:35 0 d--h--w- C:\$AVG
2010-03-17 09:00:07 0 d-----w- c:\program files\AVG
2010-03-17 07:57:08 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-17 07:57:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-03-17 05:07:46 1770652364 ----a-w- c:\documents and settings\owner\dwhelper.rar
2010-03-16 07:50:50 0 d-----w- c:\program files\JitBit
2010-03-16 03:58:08 7549 ----a-w- c:\windows\system32\dopdf7.ctm
2010-03-16 03:58:08 22856 ----a-w- c:\windows\system32\dopdfmn7.dll
2010-03-16 03:58:08 19784 ----a-w- c:\windows\system32\dopdfmi7.dll
2010-03-16 03:58:08 0 d-----w- c:\docume~1\owner\applic~1\Softland
2010-03-16 03:58:05 0 d-----w- c:\program files\Softland
2010-03-16 03:57:17 0 d-----w- c:\program files\Acro Software
2010-03-16 03:38:45 0 d-----w- c:\docume~1\owner\applic~1\PrimoPDF
2010-03-16 03:37:21 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-03-16 03:37:21 0 d-----w- c:\program files\Nitro PDF
2010-03-16 03:15:44 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-03-16 03:15:43 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-03-16 02:02:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Softomotive
2010-03-16 02:01:53 0 d-----w- c:\program files\Softomotive
2010-03-15 21:21:44 0 d-----w- c:\docume~1\owner\applic~1\4Media Software Studio
2010-03-15 21:21:05 0 d-----w- c:\program files\4Media
2010-03-14 22:54:26 0 d-----w- c:\program files\Yaldex Software
2010-03-14 18:56:09 0 d-----w- c:\program files\PixieRobot
2010-03-14 18:56:04 249856 ------w- c:\windows\Setup1.exe
2010-03-14 18:56:03 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-14 01:16:44 0 d-----w- c:\docume~1\owner\applic~1\URSoft
2010-03-13 21:16:46 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{4275E5EA-6E30-48EB-A209-F964539CBE1C}
2010-03-13 21:01:53 0 dc----w- c:\docume~1\alluse~1\applic~1\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
2010-03-12 21:42:04 3249 ----a-w- c:\windows\system32\wbem\Outlook_01cac22cdb0703a0.mof
2010-03-12 20:49:19 0 d-----w- c:\windows\pss
2010-03-12 20:45:41 0 d-----w- c:\program files\Audacity
2010-03-11 22:10:12 38 ----a-w- c:\windows\avisplitter.ini
2010-03-11 22:10:11 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-11 22:10:11 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2010-03-11 22:10:11 414 ----a-w- c:\windows\system32\lame_acm.xml
2010-03-11 22:10:11 39936 ----a-w- c:\windows\system32\huffyuv.dll
2010-03-11 22:10:11 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-11 22:10:11 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-11 22:10:10 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-03-11 22:10:09 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-11 20:37:35 0 d-----w- c:\docume~1\owner\applic~1\ACAMPREF
2010-03-11 20:37:33 0 d-----w- c:\program files\Melody Assistant
2010-03-10 21:04:50 0 dc----w- c:\docume~1\alluse~1\applic~1\{349235F3-1FB1-49C2-A9BE-9594B228EA54}
2010-03-10 07:59:47 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{A6CBE6A2-B738-440D-B19A-60D7C36810C7}
2010-03-10 07:56:52 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{261FD3E7-AC6C-4785-8405-DCF2100A3A46}
2010-03-10 07:55:25 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{3EE98DDF-8EFF-4760-88EB-D666A839217F}
2010-03-10 07:54:35 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
2010-03-10 07:38:19 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
2010-03-10 07:38:17 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{F322C569-6416-428D-A2EA-A5D1C7073DE8}
2010-03-09 17:42:55 0 d-----w- c:\program files\East West
2010-03-09 04:21:24 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2010-03-09 04:19:42 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}
2010-03-09 04:19:26 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
2010-03-09 04:18:23 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
2010-03-09 04:18:15 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2010-03-09 03:11:03 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-09 03:11:02 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-09 02:53:34 0 d-----w- c:\program files\common files\Digidesign
2010-03-09 02:06:27 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-03-09 02:05:54 0 d-----w- c:\program files\Cakewalk
2010-03-08 23:32:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-08 23:32:47 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-08 23:32:16 0 d-----w- c:\program files\iPod
2010-03-08 23:32:14 0 d-----w- c:\program files\iTunes
2010-03-08 23:32:14 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-08 23:32:05 0 d-----w- c:\program files\Bonjour
2010-03-08 23:31:27 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-03-08 23:31:27 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-03-08 22:54:32 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-08 20:29:35 303104 ----a-w- c:\windows\system32\CNC250L.dll
2010-03-08 20:29:35 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2010-03-08 20:29:35 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-03-08 20:29:35 1310720 ----a-w- c:\windows\system32\CNC250C.dll
2010-03-08 20:29:35 12288 ----a-w- c:\windows\system32\CNC173AD.TBL
2010-03-08 20:29:35 110592 ----a-w- c:\windows\system32\CNC250I.dll
2010-03-08 20:29:35 106496 ----a-w- c:\windows\system32\CNC250U.dll
2010-03-08 20:28:15 0 d-----w- c:\docume~1\alluse~1\applic~1\EPSON
2010-03-08 20:27:50 272384 ----a-w- c:\windows\system32\CNMLM9W.DLL
2010-03-08 20:27:46 90112 ----a-w- c:\windows\system32\CNC250O.dll
2010-03-08 20:27:46 178176 ----a-w- c:\windows\system32\CNMIU9W.DLL
2010-03-08 09:31:44 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
2010-03-08 08:55:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Native Instruments
2010-03-07 23:47:30 0 d-----w- c:\documents and settings\owner\.VirtualBox
2010-03-07 23:43:52 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-03-07 23:43:44 31824 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2010-03-07 23:43:42 41680 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-03-07 23:43:39 0 d-----w- c:\program files\Sun
2010-03-07 23:35:20 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-07 23:32:58 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-07 23:32:32 0 d-----w- c:\windows\SHELLNEW
2010-03-07 20:40:23 0 d-----w- c:\documents and settings\owner\TruePianos Settings
2010-03-07 20:31:52 0 d-----w- c:\program files\common files\Native Instruments
2010-03-07 20:31:32 0 d-----w- c:\program files\Native Instruments
2010-03-07 19:38:55 118784 ----a-w- c:\windows\dsdxirmv.exe
2010-03-07 19:34:41 0 d-----w- C:\Cakewalk Projects
2010-03-07 19:20:53 0 d-----w- c:\program files\Alcohol Soft
2010-03-07 19:18:22 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-07 10:09:46 0 d--h--w- c:\windows\$hf_mig$
2010-03-07 10:06:18 0 d-----w- c:\docume~1\owner\applic~1\Broad Intelligence
2010-03-07 09:57:33 0 d-----w- c:\program files\MediaCoder
2010-03-07 09:41:13 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-03-07 09:41:12 0 d-----w- c:\windows\system32\QuickTime
2010-03-07 09:41:04 0 d-----w- c:\program files\common files\TechSmith Shared
2010-03-07 09:39:43 0 d-----r- C:\Sandbox
2010-03-07 09:39:21 1564 ----a-w- c:\windows\Sandboxie.ini
2010-03-07 04:43:26 0 d-----w- c:\program files\Fanfiction Downloader
2010-03-07 04:36:55 0 d-----w- c:\docume~1\owner\applic~1\hott notes 4
2010-03-07 04:36:50 0 d-----w- c:\program files\hott notes 4
2010-03-07 03:20:17 0 d-----w- c:\docume~1\owner\applic~1\Cakewalk
2010-03-07 03:20:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Cakewalk
2010-03-07 00:22:30 0 d-----w- c:\docume~1\owner\applic~1\uTorrent
2010-03-07 00:21:58 0 d-----w- c:\program files\uTorrent
2010-03-07 00:14:59 73728 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-03-07 00:13:14 0 d-----w- c:\windows\system32\AGEIA
2010-03-07 00:13:10 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-07 00:13:04 0 d-----w- c:\program files\NVIDIA Corporation
2010-03-07 00:12:13 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-07 00:12:12 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2010-03-07 00:12:12 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-07 00:12:12 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-07 00:12:12 1597690 ----a-w- c:\windows\system32\nvdata.bin
2010-03-07 00:12:10 868352 ----a-w- c:\windows\system32\nvapi.dll
2010-03-07 00:12:10 7753888 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-03-07 00:12:10 5845632 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-07 00:12:10 155648 ----a-w- c:\windows\system32\nvcodins.dll
2010-03-07 00:12:10 155648 ----a-w- c:\windows\system32\nvcod.dll
2010-03-07 00:04:34 0 d-----w- c:\windows\system32\appmgmt
2010-03-06 23:59:59 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2010-03-06 23:59:58 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2010-03-06 23:59:47 0 d-----w- c:\windows\system32\Lang
2010-03-06 23:56:25 27744 ----a-w- c:\windows\system32\drivers\point32.sys
2010-03-06 23:56:04 0 d-----w- c:\program files\Microsoft IntelliPoint
2010-03-06 23:54:17 0 d-----w- c:\program files\ATI
2010-03-06 23:54:02 0 d-----w- c:\program files\ATI Technologies
2010-03-06 23:53:27 0 d-----w- C:\ATI
2010-03-06 23:51:53 9047 ----a-w- c:\windows\system32\nvinfo.pb
2010-03-06 23:30:43 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-03-06 23:30:43 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-03-06 23:30:42 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-03-06 23:30:42 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-03-06 23:30:26 0 d-----w- c:\windows\system32\directx
2010-03-06 23:30:24 0 d-----w- c:\windows\Logs
2010-03-06 23:28:38 757852 ----a-w- c:\windows\system32\Scutum.dll
2010-03-06 23:28:38 480 ----a-w- c:\windows\system32\DiagFunc.ini
2010-03-06 23:28:38 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-03-06 23:28:38 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2010-03-06 23:28:38 180224 ----a-w- c:\windows\system32\W32N55.dll
2010-03-06 23:28:38 147456 ----a-w- c:\windows\system32\DiagFunc.dll
2010-03-06 23:28:38 143459 ----a-w- c:\windows\system32\RalinkGina.dll
2010-03-06 23:28:38 1191 ----a-w- c:\windows\system32\W32N55.INI
2010-03-06 23:28:38 1085440 ----a-w- c:\windows\system32\libeay32.dll
2010-03-06 23:28:36 0 d-----w- c:\program files\Ralink
2010-03-06 23:28:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Ralink Driver
2010-03-06 23:27:04 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-06 23:26:49 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-03-06 23:26:49 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-03-06 23:26:49 539160 ----a-w- c:\windows\system32\LVUI2.dll
2010-03-06 23:26:49 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2010-03-06 23:26:49 266828 ----a-w- c:\windows\system32\drivers\LVAFT.cfg
2010-03-06 23:26:29 82289 ----a-w- c:\windows\system32\lvcoinst.ini
2010-03-06 23:26:29 34068 ----a-w- c:\windows\system32\Repository.reg
2010-03-06 23:26:29 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-03-06 23:26:29 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2010-03-06 23:26:20 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-06 23:26:13 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2010-03-06 22:35:26 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-03-06 22:35:22 726528 ------w- c:\windows\system32\dllcache\jscript.dll
2010-03-06 22:34:13 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-03-06 22:34:13 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb
2010-03-06 22:33:30 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-03-06 22:33:30 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-03-06 22:33:26 456832 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-06 22:33:05 1447424 ------w- c:\windows\system32\dllcache\msxml6.dll
2010-03-06 22:33:05 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-03-06 22:32:34 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-03-06 22:32:04 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-06 22:32:04 19495 ----a-w- c:\windows\system32\nvdisp.nvu
2010-03-06 22:31:50 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-06 18:31:04 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-03-06 18:31:04 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-03-06 18:31:03 8192 ----a-w- c:\windows\system32\rt2661.bin
2010-03-06 18:31:03 8192 ----a-w- c:\windows\system32\rt2561s.bin
2010-03-06 18:31:02 8192 ----a-w- c:\windows\system32\rt2561.bin
2010-03-06 18:31:02 0 d-----w- c:\program files\EDIMAX
2010-03-06 18:30:25 302472 ----a-w- c:\windows\system32\drivers\MAudioDelta.sys
2010-03-06 18:30:25 0 d-----w- c:\program files\M-Audio
2010-03-06 18:30:05 0 d-----w- c:\program files\Realtek
2010-03-06 18:29:31 0 d-----w- c:\windows\system32\ReinstallBackups
2010-03-06 18:29:23 9096 ----a-w- c:\windows\system32\drivers\amdide.sys
2010-03-06 18:29:12 0 d-----w- C:\RaidTool
2010-03-06 18:29:10 0 d-----w- c:\windows\RaidTool
2010-03-06 18:03:11 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2010-03-06 18:03:05 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2010-03-06 17:57:50 0 d-----w- c:\program files\QuickTime Alternative
2010-03-06 17:57:37 0 d-----w- c:\program files\K-Lite Codec Pack
2010-03-06 17:57:33 0 d-----w- c:\program files\Foxit Software
2010-03-06 17:57:33 0 d-----w- c:\docume~1\owner\applic~1\Foxit
2010-03-06 17:57:13 0 d-----w- c:\program files\UPHClean
2010-03-06 17:50:22 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-06 17:49:35 0 d-sh--w- c:\documents and settings\all users\DRM
2010-03-06 17:49:24 0 d--h--w- c:\program files\WindowsUpdate
2010-03-06 17:49:12 0 d-----w- c:\program files\Windows Media Connect 2
2010-03-06 17:48:50 0 d-----w- c:\program files\common files\MSSoap
2010-03-06 17:47:04 0 d-----w- c:\program files\MSXML 4.0
2010-03-06 17:45:26 0 d-----w- c:\program files\Windows NT
2010-03-06 11:40:10 0 d-----w- c:\program files\common files\ODBC
2010-03-06 11:40:07 0 d-----w- c:\program files\common files\SpeechEngines
2010-03-06 11:38:01 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-03-07 00:13:57 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-03-07 00:13:57 176768 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2010-03-06 17:48:05 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-23 03:57:04 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-02-23 03:57:04 358944 ----a-w- c:\windows\vncutil.exe
2010-02-23 03:57:00 1833504 ----a-w- c:\windows\SkyTel.exe
2010-02-23 03:57:00 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-02-23 03:56:58 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-02-23 03:56:52 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-02-23 03:56:52 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-02-23 03:56:46 18791456 ----a-w- c:\windows\RTHDCPL.EXE
2010-02-23 03:56:40 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-02-23 03:56:40 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-02-23 03:56:40 2177568 ----a-w- c:\windows\MicCal.exe
2010-02-23 03:28:52 5862432 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-02-13 06:34:58 99152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-02-13 06:34:58 110096 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-02-13 06:34:56 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-02-13 05:02:16 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-02-10 17:13:48 165376 ----a-w- c:\windows\system32\unrar.dll

============= FINISH: 21:40:05.12 ===============

Attached Files


Edited by PropagandaPanda, 30 March 2010 - 06:15 PM.


#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 PM

Posted 30 March 2010 - 06:18 PM

Hello.

EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files\imacros\imacros.dll

This looks like a program that could be used to query Google automatically and cause the message you are recieving. Did you install this knowingly? Have you created any scripts with this program?

With Regards,
The Panda

#5 herby canopy

herby canopy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 30 March 2010 - 08:38 PM

Yes I installed that program for helping me do repetitive jobs. I tried uninstalling the program and the Firefox addon but I still have the problem with google. It should be noted here that I only have this problem in Firefox, when I use IE or IE tabs for Firefox I can use google. Both Google and Firefox tell me that they can not help me because it is something that is on my computer that is sending searches to Google.

I was wondering if we could watch my out bound traffic some how to find out what on my computer is sending information. I would think that that would be a small list and from that we could find out what my problem was. Any thoughts?

Also what was up with the things in my Log file? The 4 exe and the one reg entry,

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 PM

Posted 31 March 2010 - 04:22 PM

Hello.

QUOTE
Also what was up with the things in my Log file? The 4 exe and the one reg entry,
The reg entry is a policy (class control panel) that could possibly be used as a hijack. The .exe's are inactive in the System Restore. They may be leftovers.

QUOTE
I was wondering if we could watch my out bound traffic some how to find out what on my computer is sending information. I would think that that would be a small list and from that we could find out what my problem was. Any thoughts?
I will ask around for anyone with experience doing this if we can't solve the problem in another way.

QUOTE
It should be noted here that I only have this problem in Firefox, when I use IE or IE tabs for Firefox I can use google.
Then I am inclined to think it's a problem with FireFox.

I would suggest reinstalling FF, perhaps an older version such as 3.6 (you have 3.6.2 now).

Tell me if the problem is still occuring after.

With Regards,
The Panda

#7 herby canopy

herby canopy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 31 March 2010 - 05:48 PM

Even after I uninstalled and reinstalled 3.6 I still have the same problem. Foxfire people said it was not FF but a malware.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 PM

Posted 31 March 2010 - 06:15 PM

Hello.

Let's do some further malware searching.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.


  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

With Regards,
The Panda

#9 herby canopy

herby canopy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 31 March 2010 - 07:26 PM

Here you are. Thanks for all you work on this problem.

ComboFix 10-03-29.04 - Owner 03/31/2010 13:55:47.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2708 [GMT -10:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))))
.

2010-03-31 23:32 . 2010-03-31 23:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Intuit
2010-03-31 23:32 . 2010-03-31 23:32 -------- d-----w- c:\windows\system32\wbem\snmp
2010-03-31 23:32 . 2010-03-31 23:32 -------- d-----w- c:\windows\system32\xircom
2010-03-31 23:32 . 2010-03-31 23:32 -------- d-----w- c:\windows\system32\oobe
2010-03-31 23:32 . 2010-03-31 23:32 -------- d-----w- c:\program files\microsoft frontpage
2010-03-31 21:02 . 2009-06-22 19:14 4194304 ----a-w- c:\windows\system32\cdintf400.dll
2010-03-31 20:58 . 2010-03-31 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2010-03-31 20:58 . 2010-03-31 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-03-31 20:58 . 2010-03-31 20:59 -------- d-----w- c:\program files\Common Files\Intuit
2010-03-31 20:58 . 2010-03-31 20:58 -------- d-----w- c:\program files\Intuit
2010-03-31 20:57 . 2010-03-31 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 11
2010-03-31 20:57 . 2010-03-31 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES
2010-03-31 20:42 . 2010-03-31 20:42 -------- d-----w- c:\windows\Intuit
2010-03-30 21:51 . 2010-03-30 21:51 -------- d-----w- c:\documents and settings\Caitlin\Local Settings\Application Data\Mozilla
2010-03-30 20:53 . 2010-03-30 20:53 -------- d-----w- c:\documents and settings\Caitlin\Local Settings\Application Data\Adobe
2010-03-30 20:40 . 2010-03-30 20:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2010-03-30 19:26 . 2010-03-30 19:26 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 17:52 . 2010-02-25 06:19 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-03-29 21:07 . 2010-03-29 21:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-03-29 21:06 . 2010-03-30 01:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 21:06 . 2010-03-29 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-29 21:06 . 2010-03-30 01:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 21:06 . 2010-03-29 23:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 18:40 . 2010-03-29 18:40 -------- d-----w- c:\program files\Toontrack
2010-03-28 23:54 . 2010-03-29 23:14 -------- d-----w- c:\documents and settings\Owner\dwhelper
2010-03-26 00:39 . 2010-03-26 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-03-26 00:39 . 2010-03-26 00:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Office Genuine Advantage
2010-03-25 02:31 . 2010-03-25 02:31 74952 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-23 22:29 . 2010-03-23 22:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\CutePDF Writer
2010-03-22 02:45 . 2010-03-22 02:45 -------- d-----w- c:\documents and settings\Lucas\Application Data\Media Player Classic
2010-03-22 02:36 . 2010-03-22 02:37 -------- d-----w- c:\documents and settings\Lucas\Local Settings\Application Data\Adobe
2010-03-21 23:41 . 2010-03-21 23:41 262144 ----a-w- c:\windows\system32\default_user_class.dat
2010-03-21 20:45 . 2010-03-27 21:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Mozenda
2010-03-20 21:13 . 2010-03-20 21:13 -------- d--h--w- c:\windows\PIF
2010-03-18 01:11 . 2010-03-18 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-18 00:59 . 2010-03-18 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-03-18 00:39 . 2009-08-20 09:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-03-18 00:39 . 2009-08-20 09:50 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2010-03-18 00:26 . 2010-03-18 00:26 -------- d-----w- c:\program files\Adobe Media Player
2010-03-18 00:24 . 2010-03-18 00:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-18 00:15 . 2010-03-30 02:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2010-03-18 00:15 . 2010-03-18 00:15 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-17 23:38 . 2010-03-22 20:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-17 22:38 . 2010-03-17 22:38 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-03-17 22:38 . 2010-03-17 22:38 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-03-17 22:36 . 2010-03-31 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-03-17 22:36 . 2010-03-17 22:36 -------- d-----w- c:\program files\Kaspersky Lab
2010-03-17 22:32 . 2010-03-17 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-03-17 20:45 . 2010-03-17 20:45 -------- d-----w- c:\program files\Canon
2010-03-17 09:15 . 2010-03-17 09:15 -------- d-----w- C:\$AVG
2010-03-17 09:00 . 2010-03-17 09:00 -------- d-----w- c:\program files\AVG
2010-03-17 07:57 . 2010-03-17 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-17 07:57 . 2010-03-17 08:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-16 07:50 . 2010-03-16 07:50 -------- d-----w- c:\program files\JitBit
2010-03-16 04:07 . 2010-03-16 04:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Softomotive
2010-03-16 03:58 . 2010-03-16 03:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Softland
2010-03-16 03:58 . 2010-03-16 03:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland
2010-03-16 03:58 . 2010-03-02 01:49 22856 ----a-w- c:\windows\system32\dopdfmn7.dll
2010-03-16 03:58 . 2010-03-02 01:49 19784 ----a-w- c:\windows\system32\dopdfmi7.dll
2010-03-16 03:58 . 2010-03-16 03:58 -------- d-----w- c:\program files\Softland
2010-03-16 03:57 . 2010-03-27 21:39 -------- d-----w- c:\program files\Acro Software
2010-03-16 03:38 . 2010-03-16 03:47 -------- d-----w- c:\documents and settings\Owner\Application Data\PrimoPDF
2010-03-16 03:37 . 2010-03-22 21:01 -------- d-----w- c:\program files\Nitro PDF
2010-03-16 03:37 . 2009-07-31 01:44 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-03-16 03:20 . 2010-03-16 03:20 -------- d-----w- c:\windows\Sun
2010-03-16 03:15 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-03-16 03:15 . 2008-04-14 13:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-03-16 02:02 . 2010-03-16 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Softomotive
2010-03-16 02:02 . 2010-03-16 02:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Softomotive
2010-03-15 21:21 . 2010-03-15 21:21 -------- d-----w- c:\documents and settings\Owner\Application Data\4Media Software Studio
2010-03-15 21:21 . 2010-03-22 20:58 -------- d-----w- c:\program files\4Media
2010-03-15 21:04 . 2010-03-15 21:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-03-14 22:54 . 2010-03-14 22:54 -------- d-----w- c:\program files\Yaldex Software
2010-03-14 18:56 . 2010-03-14 18:56 249856 ------w- c:\windows\Setup1.exe
2010-03-14 18:56 . 2010-03-14 18:56 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-14 01:16 . 2010-03-14 01:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-14 01:16 . 2010-03-14 01:16 -------- d-----w- c:\documents and settings\Owner\Application Data\URSoft
2010-03-13 21:16 . 2010-03-14 01:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{4275E5EA-6E30-48EB-A209-F964539CBE1C}
2010-03-13 21:01 . 2010-03-13 21:01 -------- dc----w- c:\documents and settings\All Users\Application Data\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
2010-03-12 20:45 . 2010-03-12 20:45 -------- d-----w- c:\program files\Audacity
2010-03-12 08:31 . 2010-03-12 08:31 -------- d-----w- c:\program files\FLV Player
2010-03-12 08:09 . 2010-03-12 08:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
2010-03-11 22:10 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-11 22:10 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-11 22:10 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2010-03-11 22:10 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2010-03-11 22:10 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-11 22:10 . 2010-03-10 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-11 20:37 . 2010-03-11 20:40 -------- d-----w- c:\documents and settings\Owner\Application Data\ACAMPREF
2010-03-11 20:37 . 2010-03-12 01:02 -------- d-----w- c:\program files\Melody Assistant
2010-03-11 08:04 . 2010-03-28 09:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2010-03-10 21:04 . 2010-03-10 21:04 -------- dc----w- c:\documents and settings\All Users\Application Data\{349235F3-1FB1-49C2-A9BE-9594B228EA54}
2010-03-10 07:59 . 2010-03-14 02:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A6CBE6A2-B738-440D-B19A-60D7C36810C7}
2010-03-10 07:56 . 2010-03-14 02:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{261FD3E7-AC6C-4785-8405-DCF2100A3A46}
2010-03-10 07:55 . 2010-03-14 01:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{3EE98DDF-8EFF-4760-88EB-D666A839217F}
2010-03-10 07:54 . 2010-03-14 01:18 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
2010-03-10 07:52 . 2010-03-14 08:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Native Instruments
2010-03-10 07:38 . 2010-03-14 01:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
2010-03-10 07:38 . 2010-03-14 03:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{F322C569-6416-428D-A2EA-A5D1C7073DE8}
2010-03-09 17:42 . 2010-03-10 22:14 -------- d-----w- c:\program files\East West
2010-03-09 07:37 . 2010-03-22 17:27 93480 ----a-w- c:\documents and settings\Lucas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-09 04:21 . 2010-03-14 01:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2010-03-09 04:19 . 2010-03-09 04:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}
2010-03-09 04:19 . 2010-03-09 04:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
2010-03-09 04:18 . 2010-03-09 04:18 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
2010-03-09 04:18 . 2010-03-09 04:18 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2010-03-09 03:11 . 2009-12-08 18:20 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-09 03:11 . 2009-12-08 17:40 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-09 03:00 . 2010-03-09 03:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-03-09 02:53 . 2010-03-09 02:53 -------- d-----w- c:\program files\Common Files\Digidesign
2010-03-09 02:06 . 2006-12-01 01:49 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-03-09 02:05 . 2010-03-09 02:23 -------- d-----w- c:\program files\Cakewalk
2010-03-08 23:32 . 2010-03-09 07:38 -------- d-----w- c:\documents and settings\Lucas\Application Data\Apple Computer
2010-03-08 23:32 . 2009-05-19 00:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-08 23:32 . 2008-04-17 23:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-08 23:32 . 2010-03-08 23:32 -------- d-----w- c:\program files\iPod
2010-03-08 23:32 . 2010-03-08 23:32 -------- d-----w- c:\program files\iTunes
2010-03-08 23:32 . 2010-03-08 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-08 23:32 . 2010-03-08 23:32 -------- d-----w- c:\program files\Bonjour
2010-03-08 23:31 . 2010-03-08 23:31 -------- d-----w- c:\documents and settings\Lucas\Local Settings\Application Data\Apple
2010-03-08 23:31 . 2010-03-08 23:31 -------- d-----w- c:\program files\Apple Software Update
2010-03-08 23:31 . 2009-08-29 05:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-03-08 23:31 . 2009-08-29 05:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-03-08 23:31 . 2010-03-08 23:32 -------- d-----w- c:\program files\Common Files\Apple
2010-03-08 23:31 . 2010-03-08 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 00:05 . 2010-03-06 23:27 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-04-01 00:05 . 2010-03-06 23:26 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-30 19:25 . 2010-03-06 17:57 -------- d-----w- c:\program files\Java
2010-03-14 20:56 . 2010-03-06 17:57 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-09 14:28 . 2010-03-06 17:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 23:32 . 2010-03-06 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-08 23:31 . 2010-03-06 17:57 -------- d-----w- c:\program files\QuickTime Alternative
2010-03-08 08:20 . 2010-03-06 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-03-07 23:34 . 2010-03-06 17:55 -------- d-----w- c:\program files\MSBuild
2010-03-07 21:55 . 2010-03-06 17:49 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-07 18:05 . 2010-03-06 17:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-07 00:13 . 2010-03-06 11:34 176768 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2010-03-07 00:13 . 2010-03-06 11:34 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-03-06 23:27 . 2010-03-06 23:26 -------- d-----w- c:\program files\Logitech
2010-03-06 23:27 . 2010-03-06 23:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2010-03-06 23:26 . 2010-03-06 23:26 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-03-06 17:57 . 2010-03-06 17:57 -------- d-----w- c:\program files\7-Zip
2010-03-06 17:57 . 2010-03-06 17:57 -------- d-----w- c:\program files\Foxit Software
2010-03-06 17:57 . 2010-03-06 17:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit
2010-03-06 17:57 . 2010-03-06 17:57 -------- d-----w- c:\program files\UPHClean
2010-03-06 17:55 . 2010-03-06 17:55 94248 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-06 17:55 . 2010-03-06 17:55 -------- d-----w- c:\program files\Reference Assemblies
2010-03-06 17:50 . 2010-03-06 17:50 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-06 17:49 . 2010-03-06 17:49 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-06 17:48 . 2010-03-06 17:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-06 17:47 . 2010-03-06 17:47 -------- d-----w- c:\program files\MSXML 4.0
2010-02-25 06:19 . 2009-10-19 08:27 919040 ------w- c:\windows\system32\wininet.dll
2010-02-23 03:57 . 2010-03-06 23:29 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-02-23 03:57 . 2010-03-06 23:29 358944 ----a-w- c:\windows\vncutil.exe
2010-02-23 03:57 . 2010-03-06 23:29 1833504 ----a-w- c:\windows\SkyTel.exe
2010-02-23 03:57 . 2010-03-06 23:29 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-02-23 03:56 . 2010-03-06 23:29 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-02-23 03:56 . 2010-03-06 23:29 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-02-23 03:56 . 2010-03-06 23:29 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-02-23 03:56 . 2010-03-06 23:29 18791456 ----a-w- c:\windows\RTHDCPL.EXE
2010-02-23 03:56 . 2010-03-06 23:29 2177568 ----a-w- c:\windows\MicCal.exe
2010-02-23 03:56 . 2010-03-06 23:29 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-02-23 03:56 . 2010-03-06 23:29 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-02-23 03:28 . 2010-03-06 23:29 5862432 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-02-13 06:34 . 2010-02-13 06:34 99152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-02-13 06:34 . 2010-02-13 06:34 110096 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-02-13 06:34 . 2010-02-13 06:34 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-02-13 05:02 . 2010-03-06 23:29 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-02-10 17:13 . 2010-03-06 17:57 165376 ----a-w- c:\windows\system32\unrar.dll
2010-01-01 07:58 . 2009-10-19 08:27 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

------- Sigcheck -------

[-] 2009-10-19 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys


c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-03-31_23.38.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-01 00:06 . 2010-04-01 00:06 16384 c:\windows\Temp\Perflib_Perfdata_5c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

"\\MAHA\EPSON WorkForce 610 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE" [2009-01-26 199680]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"M-Audio Taskbar Icon"="c:\windows\system32\DeltaIITray.exe" [2009-07-27 236040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-23 18791456]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 1468256]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-06 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-22 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-12 948672]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-10-19 128512]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
hott notes 4.lnk - c:\program files\hott notes 4\hottnotes.exe [2007-5-15 1249280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-12-8 1153824]
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2010-3-6 1560576]
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2010-3-6 716800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [3/7/2010 1:43 PM 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [3/7/2010 1:43 PM 41680]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [3/6/2010 1:28 PM 19072]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [3/6/2010 8:30 AM 302472]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2/12/2010 8:34 PM 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2/12/2010 8:34 PM 110096]
S0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [10/18/2009 10:50 PM 9096]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [10/18/2009 10:29 PM 9472]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/6/2010 1:29 PM 1691480]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [3/7/2010 1:43 PM 31824]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/7/2010 9:18 AM 716272]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-04 01:07]

2010-04-01 c:\windows\Tasks\User_Feed_Synchronization-{B853BB5C-0ADB-412E-8A69-6F69D7D24CFB}.job
- c:\windows\system32\msfeedssync.exe [2009-10-19 08:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1idg8r84.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1idg8r84.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 14:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,2d,0f,34,0a,64,0c,40,a8,c6,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,2d,0f,34,0a,64,0c,40,a8,c6,4b,\

[HKEY_USERS\S-1-5-21-1417001333-1035525444-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{260059F1-5670-3449-5A5B-BA26AE47A6C2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nakmejdbciefiilngnmblkagcffa"=hex:6a,61,6f,68,6b,65,65,61,6b,6f,6e,6a,6b,62,
63,67,6c,6a,63,70,00,00
"mammjaeaekbcdlpmfichdjeiho"=hex:6a,61,6f,68,6b,65,65,61,6b,6f,6e,6a,6b,62,63,
67,6c,6a,63,70,00,85

[HKEY_USERS\S-1-5-21-1417001333-1035525444-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{41A268CA-09F2-4192-CAB4-1999E3753D93}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5032)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Ralink\Common\RaRegistry.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-31 14:16:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-01 00:16
ComboFix2.txt 2010-03-31 23:46

Pre-Run: 48,264,376,320 bytes free
Post-Run: 48,217,812,992 bytes free

- - End Of File - - 872B6ED85597B0A88E76C1D2726B1004

Attached Files

  • Attached File  log.txt   32.78KB   5 downloads

Edited by PropagandaPanda, 01 April 2010 - 03:35 PM.


#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 PM

Posted 01 April 2010 - 03:55 PM

Hello.

There are few suspicious folders, but I don't see evidence of malware. Let's take a closer look at those.



Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    CODE
    DIRLOOK::
    c:\documents and settings\All Users\Application Data\{349235F3-1FB1-49C2-A9BE-9594B228EA54}
    c:\documents and settings\All Users\Application Data\{A6CBE6A2-B738-440D-B19A-60D7C36810C7}
    c:\documents and settings\All Users\Application Data\{261FD3E7-AC6C-4785-8405-DCF2100A3A46}
    c:\documents and settings\All Users\Application Data\{3EE98DDF-8EFF-4760-88EB-D666A839217F}
    c:\documents and settings\All Users\Application Data\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
    c:\documents and settings\All Users\Application Data\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
    c:\documents and settings\All Users\Application Data\{F322C569-6416-428D-A2EA-A5D1C7073DE8}
    c:\documents and settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
    c:\documents and settings\All Users\Application Data\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}
    c:\documents and settings\All Users\Application Data\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
    c:\documents and settings\All Users\Application Data\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
    c:\documents and settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)

    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

With Regards,
The Panda

#11 herby canopy

herby canopy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 01 April 2010 - 04:44 PM

Here you are...it looks like the folders are for my Music programs and VST addons.

Attached Files

  • Attached File  log.txt   47.69KB   6 downloads

Edited by herby canopy, 01 April 2010 - 04:45 PM.


#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 PM

Posted 01 April 2010 - 06:24 PM

Hello Herby.

You are right that those are harmless. Please upload a couple files for me to examine.

Submit File Sample
  • Open to the Submission Channel.
  • Under Link to topic where this file was requested, input:
    CODE
    LINKLINK
  • Click the Browse button. Locate and select the following files:
    1. c:\windows\system32\drivers\tcpip.sys
    2. c:\windows\system32\advpack.dll
    (If more than one file is listed, do one at a time.)
  • Under the comments section, say that Panda asked for the submission.

With Regards,
The Panda

#13 herby canopy

herby canopy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 01 April 2010 - 06:46 PM

I uploaded the files. There was one called tpcip6.sys I uploaded that just in case...

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 PM

Posted 02 April 2010 - 02:18 PM

Hello.

Those files are clean.

Please try clearing your cookies, then starting FireFox in Safe Mode (I don't mean your computer). Does the issue still occur then?

With Regards,
The Panda

#15 herby canopy

herby canopy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 03 April 2010 - 01:10 PM

That fixed the problem so I did some text and all my addons worked just fine so I tried disabling my .net addon for Firefox. This that disabled then it does not appear to cause problems with google. I will do more research on this and more testing.

I can not believe all this time it might have been an addon put out by what I assumed was a good company, Sun Microsystems. . Thanks for your time on this and sorry to have wasted your time.

Aloha
Herby

Edited by herby canopy, 03 April 2010 - 01:19 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users