Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting redirected after removing anitivrus action


  • This topic is locked This topic is locked
3 replies to this topic

#1 nomad310

nomad310

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 24 October 2010 - 11:54 PM

A mates computer was infected with Antivirus Action, I helped him remove it with MBAM its gone now, and he took it back and then said that his getting redirected when using IE, I took it back did another scan but found nothing, checked proxy settings and still getting redirected to a malwareinfolist.com no idea what to do now.


DDS (Ver_10-10-21.02) - NTFSx86
Run by Paul Ballagh at 15:22:21.71 on Mon 10/25/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.1110 [GMT 11:00]

AV: Antivirus Action *On-access scanning enabled* (Updated) {E7FCBE35-624B-430e-B670-92C66DF06BC9}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\mfevtps.exe
C:\windows\system32\rundll32.exe
C:\Program Files\McAfee Online Backup\MOBK742backup.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee Online Backup\MOBK742backup.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\McAfee Online Backup\MOBK742backup.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Paul Ballagh\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local;
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - c:\program files\addthis toolbar\Helper.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101002074545.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AddThis Toolbar BHO: {9ebf8aaf-0a31-4786-909a-97a0ef101743} - c:\program files\addthis toolbar\Toolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AddThis Toolbar: {b43176cc-4d9e-493b-a636-d9cbfe39c6da} - c:\program files\addthis toolbar\Toolbar.dll
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NOBuActivation.exe" UNATTENDED
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 386712]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-2 164808]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-10-2 64304]
R1 MOBK742Filter;MOBK742Filter;c:\windows\system32\drivers\MOBK742.sys [2010-10-2 54776]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-7 172032]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-29 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-10-9 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-2 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-2 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-2 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-2 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-2 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-2 141792]
R2 MOBK742backup;McAfee Online Backup;c:\program files\mcafee online backup\MOBK742backup.exe [2010-6-30 206136]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.3.202\SymcPCCULaunchSvc.exe [2010-7-7 103792]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.3.202\ccSvcHst.exe [2010-7-7 126392]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-7-7 5340160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-7-7 152064]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-2 55840]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-7-7 7680]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-3-5 67624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-2 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-2 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-2 312904]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-7-7 24064]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-7-7 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-6 111960]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-2 84264]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-7-7 182304]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-3 1343400]
S4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-2 84072]

=============== Created Last 30 ================

2010-10-25 03:54:41 -------- d-s---w- C:\ComboFix
2010-10-25 03:50:26 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-25 03:44:37 -------- d-----w- c:\users\paulba~1\appdata\local\temp
2010-10-25 03:26:12 77312 ----a-w- c:\windows\MBR.exe
2010-10-25 03:26:09 98816 ----a-w- c:\windows\sed.exe
2010-10-25 03:26:09 256512 ----a-w- c:\windows\PEV.exe
2010-10-25 03:26:09 161792 ----a-w- c:\windows\SWREG.exe
2010-10-25 01:51:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-25 01:51:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-25 01:51:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-22 21:54:31 -------- d-----w- c:\program files\STOPzilla!
2010-10-22 21:54:29 -------- d-----w- c:\program files\common files\iS3
2010-10-22 21:54:28 -------- d-----w- c:\progra~2\STOPzilla!
2010-10-21 23:45:42 -------- d-----w- c:\users\paulba~1\appdata\roaming\Malwarebytes
2010-10-21 23:45:29 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-17 01:24:23 -------- d-----w- c:\users\paulba~1\appdata\local\Apple Computer
2010-10-17 01:24:02 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-17 01:24:02 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-17 01:23:01 -------- d-----w- c:\program files\iPod
2010-10-17 01:23:00 -------- d-----w- c:\program files\iTunes
2010-10-17 01:23:00 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-17 01:22:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-10-17 01:22:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-10-17 01:22:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-10-17 01:22:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-10-17 01:22:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-10-17 01:22:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-10-17 01:22:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-10-17 01:21:07 -------- d-----w- c:\users\paulba~1\appdata\local\Apple
2010-10-17 01:20:15 -------- d-----w- c:\program files\Bonjour
2010-10-16 05:32:56 -------- d-----w- c:\program files\AddThis Toolbar
2010-10-14 03:05:04 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-09 05:35:55 280064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
2010-10-09 05:25:57 -------- d-----w- c:\users\paulba~1\appdata\roaming\WildTangent
2010-10-04 10:02:01 -------- d-----w- c:\users\paulba~1\appdata\local\Diagnostics
2010-10-03 08:55:38 -------- d-----w- c:\windows\system32\Wat
2010-10-02 22:53:41 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-02 22:53:41 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-10-02 22:05:12 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-02 22:05:12 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-02 22:05:12 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-02 22:05:12 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-02 22:05:12 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-02 21:58:04 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2010-10-02 21:55:10 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-10-01 23:02:53 -------- d-----w- c:\users\paulba~1\appdata\local\Toshiba Corporation
2010-10-01 21:52:57 -------- d-----w- c:\users\paulba~1\appdata\local\Adobe
2010-10-01 21:46:54 -------- d-----w- c:\program files\McAfeeMOBK
2010-10-01 21:46:49 54776 ----a-w- c:\windows\system32\drivers\MOBK742.sys
2010-10-01 21:46:48 -------- d-----w- c:\program files\McAfee Online Backup
2010-10-01 21:45:44 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-01 21:45:09 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-01 21:45:09 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-10-01 21:45:09 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-01 21:45:09 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-01 21:45:09 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-01 21:45:09 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-10-01 21:45:09 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-01 21:45:01 -------- d-----w- c:\program files\McAfee.com
2010-10-01 21:33:32 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-10-01 21:07:08 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-01 21:07:02 -------- d-----w- c:\program files\common files\Mcafee
2010-10-01 21:06:54 -------- d-----w- c:\program files\McAfee
2010-10-01 20:40:55 -------- d-----w- c:\windows\system32\sda
2010-10-01 20:18:54 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-01 08:52:29 -------- d-----w- c:\program files\Telstra
2010-10-01 07:29:48 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{1eaf1c88-0cb4-4532-b87b-3201d3dea769}\mpengine.dll
2010-10-01 07:20:21 -------- d-----w- c:\users\paulba~1\appdata\local\Tific
2010-10-01 07:20:13 -------- d-----w- c:\users\paulba~1\appdata\roaming\Tific
2010-10-01 06:59:26 -------- d-----w- c:\users\paulba~1\appdata\local\TOSHIBA_Corporation
2010-10-01 06:58:14 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-10-01 06:58:14 132608 ----a-w- c:\windows\system32\cabview.dll
2010-10-01 06:58:09 -------- d-----w- c:\users\paulba~1\appdata\local\Toshiba
2010-10-01 06:57:12 -------- d-----w- c:\users\paulba~1\appdata\local\ATI

==================== Find3M ====================

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-08 00:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 00:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 07:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 07:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 07:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 07:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 15:23:31.91 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:56 AM

Posted 02 November 2010 - 05:16 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    hlp.dat
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 nomad310

nomad310
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 03 November 2010 - 06:49 PM

Thanks for the help, but i've already fixed the problem, turns out there was a rootkit on there, has been removed and now everything is fine.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:56 AM

Posted 04 November 2010 - 02:47 AM

Since this topic appears to be resolved, I will now close it. Thanks for letting us know.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users