Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

firefox redirects me virus (trojan.hiloti)


  • This topic is locked This topic is locked
2 replies to this topic

#1 inzane35

inzane35

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 PM

Posted 20 October 2010 - 01:27 PM

Here is my DDS.txt..

DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by XoXo at 14:15:55.03 on 20/10/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.2814.1312 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Users\Patti\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html
IE: S&end to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {1046875D-0653-4069-A393-4DBECC9203E7} = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\SysWow64\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\4cx92mb1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.http - 99.234.251.133
FF - prefs.js: network.proxy.http_port - 8085
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\4cx92mb1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-12-27 225296]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-1-21 83312]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-10-20 304464]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-11 1153368]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2009-11-13 67072]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-10-20 24664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S1 AMD64CA;AMD64CA;C:\Windows\SysWOW64\drivers\AMD64CAx64.sys [2010-9-25 9264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-15 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-29 219136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-24 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2010-10-20 17:20:18 -------- d-----w- C:\Program Files (x86)\ESET
2010-10-20 07:47:15 388096 ----a-r- C:\Users\Patti\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-20 07:47:14 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-10-20 05:43:09 -------- d-----w- C:\Users\Patti\AppData\Roaming\Malwarebytes
2010-10-20 05:43:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-20 05:42:59 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-20 05:42:57 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-20 05:42:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-20 05:29:32 25048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2010-10-20 05:29:32 140248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2010-10-20 01:55:18 191488 ----a-w- C:\Windows\System32\unrar.dll
2010-10-20 01:55:16 136704 ----a-w- C:\Windows\System32\ff_vfw.dll
2010-10-20 01:55:09 -------- d-----w- C:\Program Files\KLCP64
2010-10-19 18:30:16 8006480 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{1EA680F2-FC86-4BD5-9E21-3F553FAA4E92}\mpengine.dll
2010-10-13 02:02:58 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-10-12 07:08:13 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR
2010-10-12 07:08:10 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT
2010-10-12 07:08:08 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL
2010-10-12 07:08:05 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT
2010-10-12 07:08:02 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE
2010-10-12 07:07:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR
2010-10-12 07:07:54 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES
2010-10-12 03:35:30 -------- d-----w- C:\Windows\SysWow64\RTCOM
2010-10-11 02:37:18 7935824 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-08 07:18:17 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2010-10-08 07:18:11 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-10-03 06:42:54 -------- d-----w- C:\Windows\en
2010-10-03 06:35:12 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2010-10-03 06:35:11 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2010-10-03 06:35:11 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2010-10-03 06:35:11 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2010-10-03 06:33:53 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f28f44e01cb62c40b\MeshBetaRemover.exe
2010-10-03 06:33:50 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f07d741e1cb62c40a\DSETUP.dll
2010-10-03 06:33:50 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f07d741e1cb62c40a\DXSETUP.exe
2010-10-03 06:33:50 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f07d741e1cb62c40a\dsetup32.dll
2010-10-03 06:33:48 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ee9cc6341cb62c409\DSETUP.dll
2010-10-03 06:33:48 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ee9cc6341cb62c409\DXSETUP.exe
2010-10-03 06:33:48 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ee9cc6341cb62c409\dsetup32.dll
2010-09-29 07:00:36 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 03:00:39 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-29 03:00:39 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-28 03:48:53 -------- d-----w- C:\Users\Patti\AppData\Local\Apple Computer
2010-09-28 03:48:45 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-09-28 03:48:45 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2010-09-28 03:48:45 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2010-09-28 03:48:08 -------- d-----w- C:\Program Files\iTunes
2010-09-28 03:48:08 -------- d-----w- C:\Program Files\iPod
2010-09-28 03:48:08 -------- d-----w- C:\Program Files (x86)\iTunes
2010-09-28 03:48:08 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-09-28 03:46:18 -------- d-----w- C:\Users\Patti\AppData\Local\Apple
2010-09-25 05:44:57 9264 ----a-w- C:\Windows\SysWow64\drivers\AMD64CAx64.sys
2010-09-24 17:25:10 6144 ----a-w- C:\Windows\System32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
2010-09-24 17:25:04 6144 ----a-w- C:\Windows\System32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
2010-09-24 17:24:58 6656 ----a-w- C:\Windows\System32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
2010-09-24 17:24:52 6656 ----a-w- C:\Windows\System32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
2010-09-24 17:24:46 6144 ----a-w- C:\Windows\System32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
2010-09-24 17:24:40 6656 ----a-w- C:\Windows\System32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
2010-09-24 17:24:34 6144 ----a-w- C:\Windows\System32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
2010-09-24 17:17:16 467696 ----a-w- C:\Windows\System32\ZuneWlanCfgSvc.exe
2010-09-24 16:26:22 6144 ----a-w- C:\Windows\System32\drivers\UMDF\en-US\ZuneDriver.dll.mui
2010-09-24 15:50:02 67072 ----a-w- C:\Windows\System32\ZuneTcp2Udp.dll
2010-09-24 15:50:02 60928 ----a-w- C:\Windows\System32\ZuneRegUtil.dll
2010-09-24 15:50:02 45568 ----a-w- C:\Windows\System32\ZunePTDNS.dll
2010-09-24 15:50:02 405504 ----a-w- C:\Windows\System32\ZuneNetProxy.dll
2010-09-24 15:50:02 249344 ----a-w- C:\Windows\System32\ZuneMTPZ.dll
2010-09-24 15:50:02 149504 ----a-w- C:\Windows\System32\ZuneUsbTransport.dll
2010-09-24 15:50:00 227328 ----a-w- C:\Windows\System32\ZuneCoInst.dll
2010-09-24 15:50:00 1093632 ----a-w- C:\Windows\System32\drivers\UMDF\ZuneDriver.dll
2010-09-23 04:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 04:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-22 22:10:52 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 22:10:52 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2010-09-21 18:54:04 529280 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
2010-09-21 18:51:18 55704 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
2010-09-21 18:51:18 1129880 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
2010-09-21 18:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 18:49:00 419712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
2010-09-21 18:49:00 290176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
2010-09-21 18:49:00 2286976 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2010-09-21 18:49:00 222592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2010-09-21 18:49:00 170880 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
2010-09-21 18:47:38 1558016 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
2010-09-21 18:13:50 1564072 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
2010-09-21 18:08:38 439168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
2010-09-21 18:06:02 853912 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
2010-09-21 18:06:02 57752 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
2010-09-21 18:03:14 332160 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
2010-09-21 18:03:14 237952 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
2010-09-21 18:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-21 18:03:14 145280 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

==================== Find3M ====================

2010-10-14 03:27:21 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2010-10-13 04:13:18 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-10-06 22:39:50 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2010-10-06 00:00:24 2048104 ----a-w- C:\Windows\System32\RtPgEx64.dll
2010-10-06 00:00:24 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2010-10-06 00:00:14 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2010-10-06 00:00:14 2511464 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2010-10-06 00:00:02 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2010-10-05 23:59:50 601704 ----a-w- C:\Windows\System32\RtkApi64.dll
2010-10-05 23:59:50 2625640 ----a-w- C:\Windows\System32\RtkAPO64.dll
2010-10-05 23:59:50 1215592 ----a-w- C:\Windows\System32\RTCOM64.dll
2010-10-05 23:59:40 79976 ----a-w- C:\Windows\System32\RCoInst64.dll
2010-10-05 23:59:40 477800 ----a-w- C:\Windows\System32\RCoRes64.dat
2010-09-29 17:11:02 1251944 ----a-w- C:\Windows\RtlExUpd.dll
2010-09-27 13:34:30 318808 ----a-w- C:\Windows\System32\MaxxAudioAPO20.dll
2010-09-16 23:35:08 474336 ----a-w- C:\Windows\System32\DTSVoiceClarityDLL64.dll
2010-09-16 23:35:06 489696 ----a-w- C:\Windows\System32\DTSSymmetryDLL64.dll
2010-09-16 23:35:02 1325792 ----a-w- C:\Windows\System32\DTSS2SpeakerDLL64.dll
2010-09-16 23:34:58 1178336 ----a-w- C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2010-09-16 23:34:56 315616 ----a-w- C:\Windows\System32\DTSNeoPCDLL64.dll
2010-09-16 23:34:52 268512 ----a-w- C:\Windows\System32\DTSLimiterDLL64.dll
2010-09-16 23:34:48 124640 ----a-w- C:\Windows\System32\DTSLFXAPO64.dll
2010-09-16 23:34:46 123616 ----a-w- C:\Windows\System32\DTSGFXAPONS64.dll
2010-09-16 23:34:42 124128 ----a-w- C:\Windows\System32\DTSGFXAPO64.dll
2010-09-16 23:34:38 265440 ----a-w- C:\Windows\System32\DTSGainCompensatorDLL64.dll
2010-09-16 23:34:36 1110240 ----a-w- C:\Windows\System32\DTSBoostDLL64.dll
2010-09-16 23:34:32 503520 ----a-w- C:\Windows\System32\DTSBassEnhancementDLL64.dll
2010-09-08 18:00:22 120208 ----a-w- C:\Windows\System32\SFSS_APO.dll
2010-09-08 15:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-04 16:53:58 2931712 ----a-w- C:\Windows\SysWow64\x264vfw.dll
2010-09-03 11:47:54 338336 ----a-w- C:\Windows\System32\FMAPO64.dll
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:46:36 1355264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2010-09-01 04:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-01 04:44:30 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-01 04:44:24 1122304 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-01 04:44:06 424960 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-09-01 04:43:22 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-01 04:43:12 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-01 04:43:12 114176 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-01 04:43:10 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2010-09-01 04:43:10 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2010-09-01 04:43:02 448512 ----a-w- C:\Windows\System32\html.iec
2010-09-01 04:41:56 601088 ----a-w- C:\Windows\System32\vbscript.dll
2010-09-01 04:40:56 76800 ----a-w- C:\Windows\System32\tdc.ocx
2010-09-01 04:40:40 215552 ----a-w- C:\Windows\System32\msls31.dll
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-16 06:50:45 1137664 ----a-w- C:\Windows\System32\FntCache.dll
2010-08-16 06:50:43 1543168 ----a-w- C:\Windows\System32\DWrite.dll
2010-08-16 06:50:42 899072 ----a-w- C:\Windows\System32\d2d1.dll
2010-08-16 06:50:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-08-16 06:50:42 1844224 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-08-16 06:14:36 1076224 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-08-16 06:14:24 737280 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-08-16 06:14:24 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-08-16 06:14:24 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-08-12 08:00:00 108032 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2010-08-10 16:27:12 265992 ----a-w- C:\Windows\System32\PDBoot.exe
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-07-22 20:48:58 220496 ----a-w- C:\Windows\System32\SFNHK64.dll
2010-07-22 20:48:50 78160 ----a-w- C:\Windows\System32\SFAPO64.dll
2010-07-22 20:48:44 81232 ----a-w- C:\Windows\System32\SFCOM64.dll
2010-07-22 20:48:26 74064 ----a-w- C:\Windows\SysWow64\SFCOM.dll
2010-07-22 20:37:14 200800 ----a-w- C:\Windows\System32\AERTAC64.dll

============= FINISH: 14:17:24.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:09 PM

Posted 29 October 2010 - 12:20 PM

Hi inzane35, and welcome to Bleeping Computer.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:09 PM

Posted 17 November 2010 - 12:30 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users