Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacker -


  • This topic is locked This topic is locked
2 replies to this topic

#1 RickT2

RickT2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 20 June 2010 - 07:38 PM

hxxp://85.17.76.175/ppc/click.php
hxxp://c.xmlppc.com/
hxxp://64.111.196.114/c.php
hxxp://68.169.92.58/c.php
hxxp://bridge1.admarketplace.net/ct
hxxp://east.05tz2e9.com/click.php
hxxp://368_702984051.admarketplace.com/

Not much to say other than it redirects my google search results to places like above

(I got one of these 2 months ago and ended up rebuilding my system, and accidentally deleted 120g drive with all my data and apps.)


DDS (Ver_10-03-17.01) - NTFSx86
Run by Me at 17:36:50.35 on Sat 06/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2015.1326 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PROVIDUSSTD\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Documents and Settings\Me\Desktop\XP-Pro\ppAppsLive\NetStatLive\NSL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\System Explorer\SystemExplorer.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
D:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
C:\Documents and Settings\Me\Application Data\Mozenda\Programs\Mozenda.ClientConnector.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Me\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Me\Desktop\Source-Drivers\dds.scr
C:\WINDOWS\system32\wuauclt.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.4.13.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\ai roboform\roboform.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\ai roboform\roboform.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\system32\browseui.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [cdloader] "c:\documents and settings\me\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\ai roboform\RoboTaskBarIcon.exe"
uRun: [SystemExplorerAutoStart] "c:\program files\system explorer\SystemExplorer.exe" /TRAY
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NetStat Live] c:\documents and settings\me\desktop\xp-pro\ppappslive\netstatlive\NSL.EXE
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [SiSRaid] c:\program files\silicon integrated systems\sisraidpackage\SRaid.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
StartupFolder: c:\docume~1\me\startm~1\programs\startup\dragon~1.lnk - d:\program files\nuance\naturallyspeaking10\program\natspeak.exe
StartupFolder: c:\docume~1\me\startm~1\programs\startup\mozenda.lnk - c:\documents and settings\me\application data\mozenda\programs\Mozenda.ClientConnector.exe
StartupFolder: c:\docume~1\me\startm~1\programs\startup\system~1.lnk - e:\program files\systemexplorer\SystemExplorer_SFX.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - e:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
uPolicies-explorer: NoActiveDesktop = 00000000
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - e:\progra~1\micros~1\frontp~1\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\ai roboform\RoboFormComFillForms.html
IE: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
IE: Identities Editor - file://c:\program files\ai roboform\RoboFormComEditIdent.html
IE: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
IE: Passcards Editor - file://c:\program files\ai roboform\RoboFormComEditPass.html
IE: Save Forms - file://c:\program files\ai roboform\RoboFormComSavePass.html
IE: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
IE: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\ai roboform\RoboFormComSavePass.html
IE: {45DB34C3-955C-11D3-ABEF-444553540000} - c:\program files\ai roboform\RoboFormComEditIdent.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.4.13.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~1\frontp~1\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
AppInit_DLLs: odbcrgwiz40.dll credspl.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\me\applic~1\mozilla\firefox\profiles\tjafar0i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\me\application data\mozilla\firefox\profiles\tjafar0i.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-21 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-21 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-21 40384]
R2 MSSQL$PROVIDUSSTD;MSSQL$PROVIDUSSTD;c:\program files\microsoft sql server\mssql$providusstd\binn\sqlservr.exe -sprovidusstd --> c:\program files\microsoft sql server\mssql$providusstd\binn\sqlservr.exe -sPROVIDUSSTD [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-21 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-21 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-20 135664]
S3 SQLAgent$PROVIDUSSTD;SQLAgent$PROVIDUSSTD;c:\program files\microsoft sql server\mssql$providusstd\binn\sqlagent.exe -i providusstd --> c:\program files\microsoft sql server\mssql$providusstd\binn\sqlagent.EXE -i PROVIDUSSTD [?]

=============== Created Last 30 ================

2010-06-20 00:35:30 0 ----a-w- c:\documents and settings\me\defogger_reenable
2010-06-18 20:32:51 0 d-----w- c:\program files\GoogleTrafficJam
2010-06-17 01:54:45 249856 ------w- c:\windows\Setup1.exe
2010-06-17 01:54:44 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-06-16 01:11:52 95 ----a-w- c:\windows\system32\InstallGAC.bat
2010-06-16 01:10:56 233525 ----a-w- c:\windows\system32\CryptoHIE.dll
2010-06-15 08:13:46 57856 ----a-w- c:\windows\system32\Cimime.ocx
2010-06-15 08:13:46 102400 ----a-w- c:\windows\system32\Cimail.ocx
2010-06-15 08:13:45 724992 ----a-w- c:\windows\system32\VBCore.dll
2010-06-15 08:13:45 207360 ----a-w- c:\windows\system32\oestore.dll
2010-06-15 08:13:45 178889 ----a-w- c:\windows\system32\fraplus1.ocx
2010-06-15 08:13:45 111616 ----a-w- c:\windows\system32\Decenc32.dll
2010-06-15 08:13:44 865080 ----a-w- c:\windows\system32\ExplorerBarXP2.ocx
2010-06-15 08:13:44 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-06-15 08:13:44 137000 ----a-w- c:\windows\system32\Msmapi32.ocx
2010-06-15 08:13:44 1266688 ----a-w- c:\windows\system32\redemption.dll
2010-06-15 07:36:56 0 d-----w- c:\docume~1\me\applic~1\Supernova
2010-06-15 07:35:15 71 ----a-w- c:\documents and settings\me\.emailgrabber2
2010-06-15 07:34:16 0 d-----w- c:\docume~1\me\applic~1\aoaExtractor.98DE54B16A553C1F1B6CA3F4BD772311AF7C19C1.1
2010-06-15 07:34:12 0 d-----w- c:\program files\aoaExtractor
2010-06-15 06:12:17 3120 ----a-w- c:\windows\system32\DORP1XFO.ocx
2010-06-15 06:10:18 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2010-06-15 06:10:18 24576 ------w- c:\windows\system32\dbmsgnet.dll
2010-06-15 06:09:51 0 d-----w- c:\program files\Web Scraper Plus+
2010-06-15 06:09:51 0 d-----w- c:\program files\Microsoft SQL Server
2010-06-14 22:11:24 0 d-----w- c:\docume~1\me\applic~1\Nuance
2010-06-14 22:06:25 0 d-----w- c:\program files\common files\ScanSoft Shared
2010-06-14 22:06:25 0 d-----w- c:\program files\common files\Nuance
2010-06-14 22:05:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Nuance
2010-06-14 22:05:12 0 d-----w- c:\windows\speech
2010-06-14 19:01:39 0 d-----w- c:\program files\Citrix
2010-06-14 18:36:29 0 d-----w- c:\docume~1\me\applic~1\Mozenda
2010-06-14 14:56:11 0 d-----w- C:\Downloads
2010-06-14 14:56:10 0 d-----w- c:\docume~1\me\applic~1\BitComet
2010-06-14 14:54:05 0 d-----w- c:\program files\BitComet
2010-06-14 11:40:36 438272 --sh--w- c:\windows\system32\odbcrgwiz40.dll
2010-06-14 11:40:28 22016 --sh--w- c:\windows\system32\credspl.dll
2010-06-14 10:32:57 3243 ----a-w- c:\windows\system32\wbem\Outlook_01cb0bacf4a439f8.mof
2010-06-14 10:22:01 0 d-----w- c:\program files\common files\Lencom
2010-06-14 10:02:35 0 d-----w- c:\program files\Video Master
2010-06-14 10:01:33 0 d-----w- c:\program files\Lencom.com
2010-06-14 09:55:28 0 d-----w- c:\program files\Lencom Software Inc
2010-06-14 09:03:05 9472 ----a-w- c:\windows\system32\drivers\sisperf.sys
2010-06-14 09:03:05 139264 ----a-w- c:\windows\system32\IDEproperty.dll
2010-06-14 08:32:35 49024 ----a-w- c:\windows\system32\drivers\sisidex.sys
2010-06-14 08:32:31 0 d-----w- c:\program files\Silicon Integrated Systems
2010-06-14 07:31:49 0 d-----w- c:\docume~1\me\applic~1\Carambis
2010-06-13 03:18:26 0 d-----w- c:\program files\Market Samurai
2010-06-12 05:08:52 0 d-----w- c:\program files\ConvertHelper
2010-06-12 05:06:46 96 ----a-w- c:\documents and settings\me\default.pls
2010-06-09 19:52:58 0 d-----w- c:\docume~1\alluse~1\applic~1\SystemExplorer
2010-06-09 19:52:56 0 d-----w- c:\program files\System Explorer
2010-06-09 01:39:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 09:33:08 124688 ----a-w- c:\windows\system32\mswinsck.ocx
2010-06-08 09:33:08 0 d-----w- c:\docume~1\me\applic~1\Convivea
2010-06-07 22:12:14 0 d-sh--w- c:\documents and settings\me\IECompatCache
2010-06-02 18:48:52 458752 ----a-w- c:\windows\system32\GrdOLEDB.ocx
2010-06-02 18:48:52 252928 ----a-w- c:\windows\system32\Elastic.ocx
2010-06-02 18:48:52 244416 ----a-w- c:\windows\system32\msflxgrd.ocx
2010-06-02 18:48:52 115016 ----a-w- c:\windows\system32\MSINET.OCX
2010-05-31 17:00:59 2172 ----a-w- C:\QuickReplyIBDC.url
2010-05-29 23:22:34 0 d-----w- c:\docume~1\me\applic~1\FrostWire
2010-05-29 07:31:04 72 ----a-w- c:\windows\ANS2000.INI
2010-05-29 07:31:04 4 ---ha-w- c:\windows\a3kebook.ini
2010-05-29 07:31:04 20 ---ha-w- c:\windows\akebook.ini
2010-05-29 07:06:28 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-05-29 07:06:18 0 d-----w- c:\program files\Windows Media Connect 2
2010-05-25 04:48:20 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-05-24 10:07:40 0 d-----w- c:\windows\SxsCaPendDel
2010-05-23 20:25:55 0 d-----w- c:\docume~1\me\applic~1\High Impact eMail 5
2010-05-23 20:23:34 40448 ----a-w- c:\windows\system32\regobj.dll
2010-05-23 20:23:34 28672 ----a-w- c:\windows\system32\Test.dll
2010-05-23 20:23:33 77824 ----a-w- c:\windows\system32\LWLLClientMiddleWare3.dll
2010-05-23 20:23:33 40960 ----a-w- c:\windows\system32\coreEncryptDecrypt.dll
2010-05-23 20:23:33 36864 ----a-w- c:\windows\system32\LWLLInstances3.dll
2010-05-23 20:23:33 36864 ----a-w- c:\windows\system32\AdvMetrics.dll
2010-05-23 20:23:33 32768 ----a-w- c:\windows\system32\LWXLLDFRequest3.dll
2010-05-23 20:23:33 32768 ----a-w- c:\windows\system32\LWLLClasses3.dll
2010-05-23 20:23:33 24576 ----a-w- c:\windows\system32\GUID.dll
2010-05-23 20:23:33 151552 ----a-w- c:\windows\system32\LWLLHttpsUpload2.dll
2010-05-23 08:11:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Lencom
2010-05-23 07:58:47 0 d-----w- c:\docume~1\me\applic~1\Lencom
2010-05-23 07:58:39 0 d-----w- c:\program files\common files\LencomShare
2010-05-23 03:39:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-23 03:39:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-23 03:39:00 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-05-23 03:34:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-23 03:34:33 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-23 01:49:18 0 d-----w- c:\windows\system32\XPSViewer
2010-05-23 01:48:28 14048 ------w- c:\windows\system32\spmsg2.dll
2010-05-23 00:59:16 0 d-----w- c:\program files\AI RoboForm
2010-05-22 18:23:46 0 d-----w- c:\docume~1\me\applic~1\KCI
2010-05-21 23:35:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-21 21:43:45 0 d-----w- c:\docume~1\alluse~1\applic~1\GoodSync
2010-05-21 21:43:44 0 d-----w- c:\docume~1\me\applic~1\GoodSync

==================== Find3M ====================

2010-06-14 19:01:22 72080 ----a-w- c:\documents and settings\me\g2mdlhlpx.exe
2010-06-14 09:46:07 99435 ----a-w- c:\program files\common files\Engines.lnl
2010-05-15 10:58:05 139806 ----a-w- c:\windows\hpoins15.dat
2010-05-15 08:08:50 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-15 08:08:50 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-15 03:47:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 17:37:38.29 ===============

Attached Files


Edited by Orange Blossom, 20 June 2010 - 09:15 PM.
Deactivated links. ~ OB


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 AM

Posted 26 June 2010 - 06:33 AM

Do you still desire help? If so please clearly describe what you have done so far and the current problems your experiencing.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 AM

Posted 30 June 2010 - 06:24 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users