Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redircting Virus issue.


  • This topic is locked This topic is locked
3 replies to this topic

#1 GFace101

GFace101

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 20 October 2010 - 08:40 PM

Computer was infected recently with a persistent virus, malware, etc. that redirects internet sites or generates pop up tabs/windows to sites upon clicking links. This happens in Firefox, IE, and Chrome. Most often, the pop ups direct to:
epoclick.com (ex: hxxp://www.epoclick.com/?ad=1287602219)
google-analytics.com
or a fake virus scan site: hxxp://85.234.190.159/index.php?2E50=YU2&Uv=7QgtdKT...


DDS (Ver_10-10-10.03) - NTFSx86
Run by Luis Work at 20:43:44.28 on Wed 10/20/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.189 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEMA.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Luis Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T82C8LWD\Defogger[1].exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Luis Work\Desktop\ddss\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=c:\users\luis work\appdata\roaming\hotfix.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [EPSON Artisan 800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiema.exe /fu "c:\windows\temp\E_S7224.tmp" /EF "HKCU"
uRun: [Google Update] "c:\users\luis work\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Qderinaqaf] rundll32.exe "c:\users\luis work\appdata\local\KBDiad.dll",Startup
uRun: [dfrgsnapnt.exe] c:\users\luiswo~1\appdata\local\temp\dfrgsnapnt.exe
uRun: [{52A2B085-83F9-2C91-8C35-0B5E3CA3ACDC}] "c:\users\luis work\appdata\roaming\uxvo\liwov.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Mwuqaniyanun] rundll32.exe "c:\users\luis work\appdata\local\oruxuyoyulidemaw.dll",Startup
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.162.249,93.188.160.59
TCP: {AF4F421C-0A32-4090-AE56-745092AEF0E0} = 93.188.162.249,93.188.160.59
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: XULRunner: {FCFD743E-35E5-4F08-B054-947098D26827} - c:\users\luis work\appdata\local\{FCFD743E-35E5-4F08-B054-947098D26827}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.search-clsid", "{80A904BC-F5E2-4CA9-B759-E1582774E675}");

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-16 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-16 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-16 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-16 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-16 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-16 40384]
R3 libusb0;Atmel - LibUsb Kernel Driver 07/07/2009, 1.12.0.1;c:\windows\system32\drivers\libusb0.sys [2010-2-16 21504]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2010-3-2 2048]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-9-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ser2at;ATEN USB to Serial port driver;c:\windows\system32\drivers\ser2at.sys [2009-10-15 80896]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-9-13 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-9-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-9-13 121576]

=============== Created Last 30 ================

2010-10-21 01:25:25 -------- d-----w- c:\users\luiswo~1\appdata\roaming\Xufido
2010-10-21 01:25:25 -------- d-----w- c:\users\luiswo~1\appdata\roaming\Uxvo
2010-10-21 01:25:23 -------- d-----w- c:\progra~2\WSTB
2010-10-21 01:25:22 192 ----a-w- c:\users\luiswo~1\appdata\roaming\49770.bat
2010-10-21 01:25:19 54272 ---ha-w- c:\windows\system32\BitLogon.dll
2010-10-21 01:24:56 193 ----a-w- c:\users\luiswo~1\appdata\roaming\4142.bat
2010-10-21 00:53:13 -------- d-----w- c:\program files\combofix
2010-10-19 08:08:37 0 ----a-w- c:\users\luiswo~1\appdata\local\Frilipejoxir.bin
2010-10-19 08:08:32 -------- d-----w- c:\users\luiswo~1\appdata\local\{FCFD743E-35E5-4F08-B054-947098D26827}
2010-10-19 07:59:12 514560 ----a-w- c:\users\luiswo~1\appdata\roaming\hotfix.exe
2010-10-19 07:59:12 194 ----a-w- c:\users\luiswo~1\appdata\roaming\39910.bat
2010-10-19 07:59:12 194 ----a-w- c:\users\luiswo~1\appdata\roaming\36294.bat
2010-10-16 18:46:28 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-16 18:44:45 38848 ----a-w- c:\windows\avastSS.scr
2010-10-16 18:06:21 -------- d-----w- c:\progra~2\Alwil Software
2010-10-15 23:10:20 -------- d-----w- c:\program files\common files\xing shared
2010-10-15 23:10:00 569397 ----a-w- c:\program files\internet explorer\plugins\richfx\player\nprfxins.dll
2010-10-15 23:09:58 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-15 23:09:55 -------- d-----w- c:\program files\common files\Real
2010-10-13 21:49:58 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 21:49:57 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 21:49:57 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 21:49:57 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 21:49:57 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 21:49:55 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-13 21:49:54 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-12 18:22:42 -------- d-----w- c:\progra~2\Seagate
2010-10-12 18:22:07 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-10-12 18:22:07 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-10-12 18:22:02 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-12 18:21:52 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-10-12 18:19:19 -------- d-----w- c:\program files\Seagate
2010-10-12 18:19:19 -------- d-----w- c:\program files\common files\Seagate
2010-10-08 15:07:56 -------- d-----w- c:\users\luiswo~1\appdata\local\Microsoft Help
2010-10-08 14:58:15 -------- d-----w- c:\program files\Omt
2010-10-03 07:17:12 -------- d-----w- c:\users\luiswo~1\appdata\roaming\GameTuts
2010-09-30 10:03:56 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 11:22:33 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 11:22:28 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-26 07:24:29 -------- d-----w- c:\program files\FlashFXP
2010-09-26 07:24:28 -------- d-----w- c:\progra~2\FlashFXP
2010-09-25 20:35:56 -------- d-----w- c:\program files\WinSCP
2010-09-25 05:50:46 -------- d-----w- c:\program files\Atmel
2010-09-25 01:03:11 -------- d-----w- c:\users\luiswo~1\appdata\local\Apple Computer
2010-09-25 01:02:39 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-25 01:02:39 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-25 01:02:09 -------- d-----w- c:\program files\iPod
2010-09-25 01:02:08 -------- d-----w- c:\program files\iTunes
2010-09-25 01:02:08 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-25 01:01:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-09-25 01:01:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-09-25 01:01:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-09-25 01:01:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-09-25 01:01:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-09-25 01:01:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-09-25 01:01:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-09-25 01:00:26 -------- d-----w- c:\users\luiswo~1\appdata\local\Apple
2010-09-25 00:59:07 -------- d-----w- c:\program files\Bonjour
2010-09-25 00:31:20 -------- d-----w- c:\progra~2\Soulseek
2010-09-25 00:30:59 -------- d-----w- c:\program files\SoulseekNS
2010-09-23 01:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-10-02 21:56:54 87608 ----a-w- c:\users\luiswo~1\appdata\roaming\inst.exe
2010-10-02 21:56:54 47360 ----a-w- c:\users\luiswo~1\appdata\roaming\pcouffin.sys
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 12:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 12:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-28 01:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 21:01:44.11 ===============
Attached File  Attach.txt   9.95KB   0 downloads
Attached File  Ark.log   420.35KB   1 downloads

Edited by Orange Blossom, 20 October 2010 - 10:38 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:49 PM

Posted 23 October 2010 - 09:46 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Do not Attach logs unless I ask you to.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:49 PM

Posted 26 October 2010 - 01:12 AM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:49 PM

Posted 28 October 2010 - 11:09 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users