Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake google and youtube and fake 500 server not found errors


  • This topic is locked This topic is locked
2 replies to this topic

#1 StandardToaster

StandardToaster

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 15 July 2010 - 12:38 AM

When I try to open google or youtube, I get some fake pages filled of advertisements. The address bar shows "google.com" or "youtube.com" only. The elements on these pages contain reference to "smartname.com" if that may help.

Also I'm hitting a lot of 500 server not found errors. I know that they are fake because of the general url structure. For example, If I try to visit website.com, I get redirected to "website.com/pages/error/error500.htm". This seems to happen with websites that help in removing malware and spyware, but with many other websites too. Even bleeping computer can't be opened, it gets redirected to "www.bleepingcomputer.com/pages/error/error500.htm". I'm currently using a web/cgi proxy to make this post.

I checked my hosts file and it doesn't contain any reference to malware sites or other unknown websites.

I hit these pages and errors after some time I start browsing the internet - like 3 or 5 minutes later. I mainly use chrome, but have checked with firefox 3.3.6 and IE8, but still get these errors.

Any help is appreciated!

Thanks you smile.gif

PS: I already have gmer logs and the file attach.txt from dds logs - however, I'm unable to attach it due to proxy issues. Can I paste the contents in the post itself?



DDS (Ver_10-03-17.01) - FAT32x86
Run by Lokesh Sharma at 10:19:18.92 on Thu 07/15/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.104 [GMT 5.5:30]

AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
D:\Windows\Softwares\Avast 5\afwServ.exe
D:\Windows\Softwares\Avast 5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Windows\Softwares\WinAutomation\WinAutomation.ServiceAgent.exe
D:\Windows\SOFTWA~1\AVAST5~1\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Lokesh Sharma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lokesh Sharma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lokesh Sharma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lokesh Sharma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lokesh Sharma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lokesh Sharma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Windows\Softwares\Notepad++\notepad++.exe
D:\IDM Downloads\General\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = 72.8.155.33:51791
uInternet Settings,ProxyOverride = <local>
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - d:\windows\softwares\snagit\SnagitBHO.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - d:\windows\softwares\snagit\SnagitIEAddin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - d:\windows\softwares\imacros\imacros.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Swhst] c:\documents and settings\lokesh sharma\application data\bc\swhst.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [avast5] d:\windows\softwa~1\avast5~1\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uExplorerRun: [Policies] c:\windows\system32\install\explore.exe
mExplorerRun: [Policies] c:\windows\system32\install\explore.exe
StartupFolder: c:\docume~1\lokesh~1\startm~1\programs\startup\DATAONE.LNK -
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39456} - c:\docume~1\lokesh~1\locals~1\temp\rar$ex07.703\AgataSoft_Image_Button.exe
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - d:\windows\softwares\imacros\imacros.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\msword~1\office12\REFIEBAR.DLL
LSP: c:\windows\system32\idmmbc.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268533042640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {8B356673-CCB5-40B0-99FE-9BBEC5EF3F90} = 218.248.240.79 61.1.96.69
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - d:\windows\softwares\stardock\fences\FencesMenu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lokesh~1\applic~1\mozilla\firefox\profiles\a6xkhnsx.default\
FF - component: c:\documents and settings\lokesh sharma\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\lokesh sharma\application data\mozilla\firefox\profiles\a6xkhnsx.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\lokesh sharma\application data\mozilla\firefox\profiles\a6xkhnsx.default\extensions\afom@idevfh\components\npAFOM.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\lokesh sharma\local settings\application data\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\documents and settings\lokesh sharma\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\windows\softwares\vlc\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-4-29 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-4-29 190416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-4-29 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-4-29 307280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-29 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-29 19024]
R2 avast! Antivirus;avast! Antivirus;d:\windows\softwares\avast 5\AvastSvc.exe [2010-4-29 40384]
R2 avast! Firewall;avast! Firewall;d:\windows\softwares\avast 5\afwServ.exe [2010-4-29 119200]
R2 WinAutomation Service;WinAutomation Service;d:\windows\softwares\winautomation\WinAutomation.ServiceAgent.exe [2008-9-11 81920]
R3 avast! Mail Scanner;avast! Mail Scanner;d:\windows\softwares\avast 5\AvastSvc.exe [2010-4-29 40384]
R3 avast! Web Scanner;avast! Web Scanner;d:\windows\softwares\avast 5\AvastSvc.exe [2010-4-29 40384]
S2 bwuxxrkvgakccf;\??\c:\docume~;\??\c:\docume~1\lokesh~1\locals~1\temp\uynuy.sys --> c:\docume~1\lokesh~1\locals~1\temp\uynuy.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-5 136176]
S2 jyrycdcafltum;\??\c:\docume;\??\c:\docume~1\lokesh~1\locals~1\temp\ogwrajuf.sys --> c:\docume~1\lokesh~1\locals~1\temp\ogwrajuf.sys [?]
S3 InnovativeSolutions_monitor;Innovative Solutions Service Monitor;c:\program files\common files\innovative solutions\advanced uninstaller pro\innovativesolutions_monitor_svr.exe --> c:\program files\common files\innovative solutions\advanced uninstaller pro\InnovativeSolutions_monitor_Svr.exe [?]

=============== Created Last 30 ================

2010-07-15 01:51:58 0 d-sh--w- C:\FOUND.044
2010-07-13 13:10:53 0 d-----w- c:\program files\common files\PCSuite
2010-07-13 13:10:41 0 d-----w- c:\program files\common files\Nokia
2010-07-13 03:08:22 0 d-sh--w- C:\FOUND.043
2010-07-12 17:27:03 44 ----a-w- c:\windows\SYMGAMES.INI
2010-07-12 02:31:11 0 d-----w- c:\program files\MSXML 4.0
2010-07-11 11:45:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-11 11:45:43 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-11 11:38:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Nokia
2010-07-11 11:36:05 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-07-11 11:35:53 0 d-----w- c:\program files\PC Connectivity Solution
2010-07-11 11:35:08 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-07-11 11:33:28 0 d-----w- c:\program files\Nokia
2010-07-11 05:01:12 45 ----a-w- c:\windows\hs21.ini
2010-07-11 04:56:45 20 ----a-w- c:\windows\entpack.ini
2010-07-09 07:22:06 0 d-sh--w- C:\FOUND.042
2010-07-09 03:53:20 0 d-sh--w- C:\FOUND.041
2010-07-08 12:46:03 0 d-----w- c:\docume~1\lokesh~1\applic~1\Bc
2010-07-08 02:59:12 62976 ----a-w- c:\windows\svhst.exe
2010-07-07 13:07:36 0 d-sh--w- C:\FOUND.040
2010-07-06 05:01:16 260006 ----a-w- C:\pri1.tmp.ps
2010-07-06 05:00:30 0 d-----w- c:\docume~1\alluse~1\applic~1\A-PDF
2010-07-06 04:23:21 488448 ----a-w- c:\windows\system32\apdfprintmon.dll
2010-07-05 07:56:28 0 d-----w- c:\program files\MS Word 2007
2010-07-05 07:52:45 0 d-----w- c:\docume~1\lokesh~1\applic~1\DAEMON Tools Pro
2010-07-03 06:22:53 0 d-----w- C:\C++
2010-06-30 16:04:22 0 ----a-w- c:\windows\PROTOCOL.INI
2010-06-30 16:03:24 299520 ----a-w- c:\windows\uninst.exe
2010-06-30 15:53:28 0 d-----w- C:\My Web Sites
2010-06-30 09:13:04 0 d-sh--w- C:\FOUND.039
2010-06-30 04:40:12 8 ---h--w- c:\windows\FILMNK.CFG
2010-06-30 04:38:32 73 ----a-w- c:\windows\emext32.ini
2010-06-30 01:16:08 0 d-sh--w- C:\FOUND.038
2010-06-29 10:59:16 0 d-sh--w- C:\FOUND.037
2010-06-29 01:22:46 0 d-sh--w- C:\FOUND.036
2010-06-28 02:43:20 1376 ----a-w- c:\windows\system32\comctl29q.ocx
2010-06-27 02:18:02 0 d-sh--w- C:\FOUND.035
2010-06-26 01:48:44 4096 ----a-w- c:\documents and settings\lokesh sharma\swconf.sqlite
2010-06-24 17:26:38 0 d-----w- c:\docume~1\lokesh~1\applic~1\Swhst
2010-06-24 12:15:00 0 d-sh--w- C:\FOUND.034
2010-06-23 16:03:10 0 d-sh--w- C:\FOUND.033
2010-06-23 11:14:33 0 d-----w- c:\windows\XSxS
2010-06-23 11:14:33 0 d-----w- c:\program files\Xenocode
2010-06-22 15:11:26 0 d-sh--w- C:\FOUND.032
2010-06-22 13:44:56 647872 ----a-w- c:\windows\system32\mscomct2.ocx
2010-06-22 13:44:56 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2010-06-22 13:44:56 106496 ----a-w- c:\windows\system32\mbprgbar.ocx
2010-06-22 02:58:24 0 d-sh--w- C:\FOUND.031
2010-06-21 12:48:08 0 d-sh--w- C:\FOUND.030
2010-06-21 07:22:32 0 d-sh--w- C:\FOUND.029
2010-06-20 05:18:14 0 d-sh--w- C:\FOUND.028

==================== Find3M ====================

2010-06-14 14:31:20 744448 ----a-w- c:\windows\system32\dllcache\helpsvc.exe
2010-05-18 13:13:00 23808 ----a-w- c:\docume~1\lokesh~1\applic~1\GDIPFONTCACHEV1.DAT
2010-05-05 13:30:58 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-05 03:10:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\dllcache\atmfd.dll
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2004-04-06 13:22:48 3456 ----a-w- c:\windows\inf\other\CMIAINFO.SYS

============= FINISH: 10:20:00.96 ===============

Update: Could now upload the attachements...

ark.txt is the gmer log (filename as suggested by the sticky).

Thank you.

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 15 July 2010 - 10:34 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:22 AM

Posted 20 July 2010 - 07:06 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:22 AM

Posted 25 July 2010 - 07:06 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users