Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 nriacone

nriacone

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 29 April 2010 - 02:46 PM

I have a HP Pavillion machine with Windows Vista Home Premium 64 bit with 4 GB of RAM. The system was infected with (despite have Trend Micro installed) the ave.exe virus and Digital Protection to name a few. I have run multiple passes of MalwareBytes and it appears to have cleaned the system. However, I still have items such as MyWebSearch service on the machine. Based on instructions from this site I ran the DDS application and the GMER Utility. The results from the DDS run are attached, the GMER Utility did not detect anything according to the completion message. I would just like someone with a broader knowledge of these issues to take a look at the log and see if there are any more items that need to be addressed.

BTW, I tried to post this issue this morning and realized that I posted it in the incorrect forum and even though I can see it listed by my username, I cannot open the post. Sorry for the duplication.

Thanks in advance for your assistance.

Pasting in log from aforementioned topic which I shall delete as a duplicate. ~ OB

DDS (Ver_09-12-01.01) - NTFSX64
Run by owner at 7:36:16.39 on Thu 04/29/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3965.2254 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\owner\Desktop\DDS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
uSearch Page =
uSearch Bar =
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: H - No File
BHO: MRI_DISABLED - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Javaâ„¢ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: hotrevenue browser enhancer: {ed9c7b18-dec7-b9a4-db6a-344a4f877104} - c:\windows\syswow64\oswamruyiqf.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files (x86)\yahoo!\search protection\SearchProtection.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [YVIBBBHA8C] c:\users\owner\appdata\local\temp\Akl.exe
uRun: [sysmon64x.exe] c:\users\owner\appdata\local\temp\sysmon64x.exe
uRun: [Digital Protection] "c:\users\owner\appdata\local\temp\\digital protection\digprot.exe" -noscan
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\program files (x86)\hewlett-packard\kbd\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files (x86)\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [TSMAgent] "c:\program files (x86)\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [ReminderApp] c:\program files (x86)\nova development\greeting card factory photo card maker\ReminderApp.exe
mRun: [hpqSRMon]
mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\k861rryk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80229&language=en&qkw=
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files (x86)\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\owner\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\k861rryk.default\extensions\{38ab6a6c-cc4c-4f9e-a3dd-3c5681ef18a1}\plugins\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-4-13 42000]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr7364.sys [2008-11-6 615424]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-11-12 917768]
S2 Norton Internet Security;Norton Internet Security;"c:\program files (x86)\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files (x86)\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files (x86)\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrxusb.sys [2009-10-5 1021440]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-11-13 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files (x86)\citrix\gotoassist express customer\223\g2ax_service.exe [2010-4-26 161144]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S4 MyWebSearchService;My Web Search Service;c:\progra~2\mywebs~1\bar\2.bin\mwssvc.exe --> c:\progra~2\mywebs~1\bar\2.bin\mwssvc.exe [?]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-04-29 03:19:46 0 ---ha-w- c:\users\owner\BIT18F.tmp
2010-04-28 22:20:19 0 d-----w- c:\programdata\Sun
2010-04-28 22:20:05 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-04-28 22:20:05 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-04-28 22:20:05 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-04-28 22:20:04 145184 ----a-w- c:\windows\syswow64\java.exe
2010-04-27 20:22:04 82432 ----a-w- c:\windows\system32\SystemPropertiesProtection.com
2010-04-27 00:18:18 0 d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2010-04-27 00:18:14 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 00:18:14 0 d-----w- c:\programdata\Malwarebytes
2010-04-27 00:18:14 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-04-27 00:05:39 0 d-----w- c:\program files (x86)\Citrix
2010-04-27 00:05:32 108920 ----a-w- c:\users\owner\g2ax_customer_downloadhelper_win32_x86.exe
2010-04-25 21:46:51 0 d-----w- c:\users\owner\appdata\roaming\DDE0187F7D8239799BF1C2F9D8BEC32F
2010-04-14 11:56:15 98304 ----a-w- c:\windows\syswow64\cabview.dll
2010-04-14 11:56:15 104960 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 11:56:03 218624 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 11:56:02 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-04-13 10:50:23 42000 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-04-13 10:50:23 265744 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-04-13 10:50:23 2007056 ----a-w- c:\windows\system32\drivers\vsapint.sys

==================== Find3M ====================

2010-03-12 02:20:49 608 ----a-w- c:\users\owner\appdata\roaming\wklnhst.dat
2010-03-07 20:27:49 166676 ----a-w- c:\windows\hpoins36.dat
2010-03-07 20:17:15 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-07 20:17:15 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-07 20:16:52 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-05 14:32:42 612864 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 14:01:02 420352 ----a-w- c:\windows\syswow64\vbscript.dll
2010-02-24 15:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 07:03:02 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:57:40 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:57:39 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:39:13 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-02-23 06:39:00 1209344 ----a-w- c:\windows\syswow64\urlmon.dll
2010-02-23 06:37:26 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-02-23 06:35:21 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-02-23 06:34:51 5944832 ----a-w- c:\windows\syswow64\mshtml.dll
2010-02-23 06:34:49 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-02-23 06:34:49 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-02-23 06:34:06 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-02-23 06:33:45 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2010-02-23 06:33:45 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-02-23 06:33:44 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-02-23 06:33:44 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-02-23 06:33:44 11070976 ----a-w- c:\windows\syswow64\ieframe.dll
2010-02-23 06:33:38 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-02-23 05:19:22 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-23 04:55:36 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-02-23 04:55:24 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-02-23 04:54:43 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-02-20 23:15:56 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:14:20 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 23:06:41 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2010-02-18 14:28:01 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 13:49:59 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-13 12:49:29 23142 ----a-w- c:\windows\hpqins15.dat
2009-11-18 01:31:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-14 22:25:31 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-05-19 19:00:56 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-11-22 19:08:58 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-11-07 04:56:29 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 7:36:34.89 ===============

Attached Files


Edited by Orange Blossom, 30 April 2010 - 10:33 AM.
Since a log is posted, I am moving this to the Malware Removal forum ~ Elise


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:51 PM

Posted 03 May 2010 - 03:16 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Can you post the Gmer log that resulted. Or rerun Gmer and post that log.
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:51 PM

Posted 07 May 2010 - 06:21 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users