Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect on Firefox, Google Chrome not loading


  • This topic is locked This topic is locked
2 replies to this topic

#1 colinberan

colinberan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 17 October 2010 - 03:37 AM

I used to use Google Chrome, but there was an incident that involved my computer rebooting itself and it doesn't load anymore. That was earlier tonight, now I'm using Firefox and I've gotten the Google redirect virus. Hitman Pro said there was a hidden version of the alureon virus on my hard disk. Here are some logs. ============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Users\Colin\AppData\Local\Apps\2.0\BXG90NKD.OCK\TMPDG5GX.BB4\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\CurseClient.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3E2UDN5Q\Firefox%20Setup%203.6.10[1].exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Colin\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17361010e106p0415v1i5k47i2r34r
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17361010e106p0415v1i5k47i2r34r
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17361010e106p0415v1i5k47i2r34r
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17361010e106p0415v1i5k47i2r34r
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Colin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\9etdsvb5.default\
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Colin\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-5-31 235312]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 AvgRkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 AvgLdx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 AvgMfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 AvgTdiA;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-9-7 381008]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-31 202752]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-9-10 3210176]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-9-3 6104144]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-9-10 265400]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-5-31 243232]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-5-31 6368256]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-5-31 188416]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-31 346144]
S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);C:\Users\Colin\Downloads\HitmanPro35_x64.exe [2010-10-16 6800704]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

=============== Created Last 30 ================

2010-10-17 07:54:24 -------- d-----w- C:\Program Files (x86)\CCleaner
2010-10-17 07:50:35 77312 ----a-w- C:\Windows\mbr.exe
2010-10-17 06:51:03 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2010-10-17 06:51:02 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2010-10-17 06:50:43 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-10-17 05:28:52 -------- d-----w- C:\Program Files\Paint.NET
2010-10-17 05:28:41 -------- d-----w- C:\Users\Colin\AppData\Local\Paint.NET
2010-10-17 05:08:02 -------- d-----w- C:\Program Files (x86)\RocketDock
2010-10-17 01:11:51 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-10-15 03:33:14 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2010-10-15 01:21:20 -------- d-----w- C:\Windows\.jagex_cache_32
2010-10-15 01:21:08 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-10-14 13:29:39 -------- d-----w- C:\Users\Colin\AppData\Roaming\AVG10
2010-10-14 10:04:31 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-10-14 10:04:31 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-10-14 10:04:31 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-10-14 10:04:31 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-10-14 10:04:31 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-10-14 10:04:31 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-10-14 10:04:31 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-10-14 10:04:31 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-10-14 10:04:31 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-10-14 10:04:31 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-10-14 10:00:31 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-10-14 08:45:03 -------- d--h--w- C:\PROGRA~3\Common Files
2010-10-14 08:44:51 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2010-10-14 08:44:25 -------- d-----w- C:\Windows\System32\drivers\AVG
2010-10-14 08:44:25 -------- d-----w- C:\PROGRA~3\AVG10
2010-10-14 08:43:42 -------- d-----w- C:\Program Files (x86)\AVG
2010-10-14 07:59:10 -------- d-----w- C:\PROGRA~3\MFAData
2010-10-14 06:40:59 -------- d-----w- C:\Users\Colin\AppData\Roaming\AnvSoft
2010-10-14 06:40:57 -------- d-----w- C:\Program Files (x86)\AnvSoft
2010-10-14 05:28:14 -------- d-----w- C:\Users\Colin\AppData\Local\tcbackup
2010-10-14 05:12:29 -------- d-----w- C:\Users\Colin\AppData\Local\Wide Angle Software
2010-10-14 05:12:28 -------- d-----w- C:\Users\Colin\AppData\Local\tctemp
2010-10-14 04:57:19 -------- d-----w- C:\Users\Colin\AppData\Local\Apple Computer
2010-10-14 04:57:14 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-10-14 04:57:14 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2010-10-14 04:57:14 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2010-10-14 04:55:56 -------- d-----w- C:\Program Files\Bonjour
2010-10-14 04:55:56 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-10-14 04:53:00 -------- d-----w- C:\Users\Colin\AppData\Roaming\DiskAid
2010-10-14 04:52:57 -------- d-----w- C:\Program Files (x86)\DigiDNA
2010-10-14 01:51:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2010-10-14 01:51:48 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2010-10-14 01:51:48 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2010-10-14 01:51:48 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2010-10-14 01:22:28 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-14 01:22:28 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-14 01:22:28 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-14 01:22:27 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-14 01:22:27 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-14 01:22:27 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-14 01:22:27 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-14 00:39:34 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2010-10-14 00:39:34 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2010-10-14 00:39:33 3955080 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2010-10-14 00:08:10 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-14 00:08:10 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-13 23:36:41 1736608 ----a-w- C:\Windows\System32\ntdll.dll
2010-10-13 23:36:41 1289528 ----a-w- C:\Windows\SysWow64\ntdll.dll
2010-10-13 23:36:02 -------- d-----w- C:\Users\Colin\AppData\Local\Deployment
2010-10-13 23:36:02 -------- d-----w- C:\Users\Colin\AppData\Local\Apps
2010-10-13 23:15:37 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2010-10-13 23:15:37 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2010-10-13 23:15:37 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2010-10-13 23:15:04 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2010-10-13 22:49:21 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-13 22:49:20 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-13 22:49:20 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-10-13 22:49:20 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-10-13 22:46:35 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
2010-10-13 22:17:04 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2010-10-13 22:17:04 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2010-10-13 22:15:02 612352 ----a-w- C:\Windows\System32\vbscript.dll
2010-10-13 22:15:02 427520 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-10-13 22:14:41 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-13 22:14:41 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-13 22:14:28 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-13 22:14:28 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-13 22:14:28 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-10-13 22:14:28 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-13 22:12:17 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2010-10-13 22:12:17 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2010-10-13 22:04:12 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2010-10-13 22:04:12 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2010-10-13 22:04:12 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll
2010-10-13 22:04:12 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll
2010-10-13 22:03:48 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2010-10-13 21:58:12 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-10-13 21:58:12 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-13 21:57:52 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-13 21:57:52 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-13 21:57:05 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2010-10-13 21:57:05 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2010-10-13 21:56:31 52224 ----a-w- C:\Windows\System32\rtutils.dll
2010-10-13 21:56:31 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2010-10-13 21:46:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-13 21:46:16 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-13 21:45:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-10-13 21:45:23 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-10-13 21:45:09 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-10-13 21:40:22 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-13 21:40:22 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-10-13 21:39:46 1877504 ----a-w- C:\Windows\System32\msxml3.dll
2010-10-13 21:39:46 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-10-13 21:28:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-13 21:28:46 366080 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-13 21:28:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-13 21:28:46 293888 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-13 21:28:46 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-10-13 21:28:46 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-10-13 21:21:59 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-13 21:21:59 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-13 21:21:59 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-13 21:21:59 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-13 21:21:59 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-13 21:14:46 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-10-13 07:31:59 -------- d-----w- C:\Users\Colin\AppData\Local\ElevatedDiagnostics
2010-10-13 02:06:40 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-10-13 02:05:48 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-10-13 02:03:04 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-10-13 02:02:52 588096 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-13 00:16:34 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{6D73FEF0-E60E-4EFC-B71C-BC150C71A57C}\mpengine.dll
2010-10-13 00:16:33 270208 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-12 23:10:27 -------- d-----w- C:\Program Files (x86)\uTorrent
2010-10-12 23:10:09 -------- d-----w- C:\Users\Colin\AppData\Roaming\uTorrent
2010-10-12 23:05:41 -------- d-----w- C:\Program Files (x86)\Download Manager
2010-10-12 11:07:29 -------- d-----w- C:\Windows\WindowsMobile
2010-10-12 10:55:39 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-10-12 10:55:39 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-10-12 10:55:38 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-10-12 10:55:38 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-10-12 10:49:03 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2010-10-12 06:57:04 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment.temp
2010-10-12 05:07:47 -------- d-----w- C:\Users\Colin\AppData\Roaming\Xfire
2010-10-12 05:07:45 -------- d-----w- C:\Program Files (x86)\Xfire
2010-10-12 05:07:45 -------- d-----w- C:\PROGRA~3\Xfire
2010-10-12 03:44:25 -------- d-----w- C:\PROGRA~3\Blizzard
2010-10-12 03:30:36 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2010-10-12 03:05:08 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2010-10-12 03:05:06 -------- d-----w- C:\Program Files (x86)\Steam
2010-10-12 02:44:49 -------- d-----w- C:\Program Files\Ventrilo
2010-10-12 02:44:35 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-10-12 02:39:49 -------- d-----w- C:\Users\Colin\AppData\Local\Cyberlink
2010-10-12 02:38:20 -------- d-----w- C:\Users\Colin\AppData\Local\Google
2010-10-12 02:32:36 -------- d-----w- C:\Users\Colin\AppData\Local\ATI
2010-10-12 02:32:03 -------- d-----w- C:\Users\Colin\AppData\Local\IOI
2010-10-12 02:31:57 -------- d-----w- C:\Users\Colin\AppData\Roaming\OEM
2010-10-12 02:31:36 -------- d-----w- C:\Users\Colin\AppData\Local\VirtualStore

==================== Find3M ====================

2010-09-13 23:28:00 27216 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-07 10:48:58 381008 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-09-07 10:48:56 41040 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2010-09-07 10:48:52 305232 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-09-07 10:48:50 30288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2010-08-20 04:42:38 35920 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys
2010-08-20 04:42:38 157264 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2010-08-14 00:30:51 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2010-08-14 00:30:50 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2010-08-14 00:30:50 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2010-08-14 00:28:49 0 ----a-w- C:\Windows\ativpsrm.bin
2010-08-14 00:27:55 6 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2010-07-28 01:55:50 95520 ----a-w- C:\Windows\System32\dnssd.dll
2010-07-28 01:55:50 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2010-07-28 01:55:50 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2010-07-28 01:55:50 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2010-07-28 01:44:10 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2010-07-28 01:44:10 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2010-07-28 01:44:10 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2010-07-28 01:44:10 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

============= FINISH: 1:15:04.29 ===============

I couldn't get GMER to work correctly so I don't have that log.


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:43 PM

Posted 26 October 2010 - 01:08 PM

Hi colinberan, and welcome to Bleeping Computer.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:43 PM

Posted 07 November 2010 - 08:20 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users