Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Google Redirect Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 ack1234

ack1234

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 04 November 2010 - 06:20 PM

I believe that I have fully removed a google redirect virus. I am having various problems with my computer not associated with this virus, however, a BC advisor suggested I make sure the problem is gone by presenting the following information. I need to post this before they will address my other problems.

This is a response to a previous topic: http://www.bleepingcomputer.com/forums/topic356053.html/page__p__1987717__fromsearch__1#entry1987717

DDS Log:


DDS (Ver_10-11-03.01) - NTFS_AMD64
Run by Alex at 18:22:11.87 on Thu 11/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6994 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Alex\Desktop\New folder\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = local;*.local
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [AdobeBridge]
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
StartupFolder: C:\Users\Alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fs3dw2nv.default\
FF - prefs.js: browser.startup.homepage - hxxp://torrentfreak.com/
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Alex\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-6 55856]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-3 203264]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-10-15 304464]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2010-10-12 185632]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2010-10-12 212256]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-3 116240]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-11-6 317480]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-3-22 24664]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-10-12 920864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-20 136176]
S3 ActionReplayDS;ActionReplayDS;C:\Windows\System32\drivers\ActionReplayDS_x64.sys [2010-3-18 51600]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2010-8-17 1124848]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-8-17 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-20 1255736]
S4 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

=============== Created Last 30 ================

2010-11-04 21:49:38 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{E8E0F88A-819E-4E0E-BD97-D4DD9F11584B}\mpengine.dll
2010-11-03 21:40:19 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2010-11-03 20:15:35 -------- d-----w- C:\Program Files\ATI Technologies
2010-11-03 20:15:33 -------- d-----w- C:\Program Files\ATI
2010-11-03 20:15:06 21344256 ----a-w- C:\Windows\System32\atio6axx.dll
2010-11-03 20:15:06 16201728 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-11-01 17:07:33 -------- d-----w- C:\Program Files (x86)\Common Files\Voyetra
2010-10-31 18:02:23 359424 ----a-w- C:\Windows\System32\CmiInstallResAll64.dll
2010-10-31 18:02:22 524768 ----a-w- C:\Windows\difxapi.dll
2010-10-31 18:02:19 323584 ----a-w- C:\Windows\CmiPCIUninstallRiviera.exe
2010-10-31 18:02:16 -------- d-----w- C:\Program Files (x86)\Turtle Beach
2010-10-31 18:01:56 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-10-31 18:01:56 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-10-31 18:01:56 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-10-31 18:01:56 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-10-31 18:01:56 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-10-31 18:01:56 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-10-31 18:01:56 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-10-27 00:01:00 -------- d-----w- C:\Program Files\NTCore
2010-10-26 23:56:46 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-26 23:56:46 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-26 23:56:46 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-26 23:56:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-26 23:56:46 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-26 23:56:46 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-26 23:56:46 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-26 23:56:43 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-26 00:20:31 -------- d-----w- C:\PROGRA~3\NexusDB3
2010-10-25 19:24:18 -------- d-----w- C:\Users\Alex\AppData\Local\Fallout3
2010-10-25 19:09:12 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2010-10-21 05:58:51 -------- d-----w- C:\Windows\Installer
2010-10-21 04:35:40 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2010-10-21 04:35:40 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2010-10-21 04:29:08 -------- d-----w- C:\Autodesk
2010-10-19 03:44:29 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-10-19 03:44:29 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-10-19 03:02:56 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-16 01:51:02 -------- d-----w- C:\TDSSKiller_Quarantine
2010-10-16 00:10:09 -------- d-----w- C:\Program Files\Shell Object Editor
2010-10-15 23:56:11 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-15 23:56:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-14 01:07:28 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
2010-10-13 02:16:47 -------- d--h--w- C:\Program Files (x86)\Temp
2010-10-13 02:12:20 -------- d-----w- C:\PROGRA~3\Ralink
2010-10-13 02:12:04 920864 ----a-w- C:\Windows\System32\drivers\netr28x.sys
2010-10-13 02:12:04 311072 ----a-w- C:\Windows\System32\RaCoInstx.dll
2010-10-13 02:12:04 -------- d-----w- C:\PROGRA~3\Ralink Driver
2010-10-13 02:11:53 -------- d-----w- C:\Program Files (x86)\Cisco
2010-10-13 02:11:47 2059552 ----a-w- C:\Windows\System32\RaCertMgr.dll
2010-10-13 02:11:47 1594656 ----a-w- C:\Windows\SysWow64\RaCertMgr.dll
2010-10-13 02:11:47 147456 ----a-w- C:\Windows\SysWow64\DiagFunc.dll
2010-10-13 02:11:47 147456 ----a-w- C:\Windows\System32\DiagFunc.dll
2010-10-13 02:11:47 1119008 ----a-w- C:\Windows\SysWow64\RAIHV.dll
2010-10-13 02:11:47 1119008 ----a-w- C:\Windows\System32\RAIHV.dll
2010-10-13 02:11:47 107808 ----a-w- C:\Windows\SysWow64\RAEXTUI.dll
2010-10-13 02:11:47 107808 ----a-w- C:\Windows\System32\RAEXTUI.dll
2010-10-13 02:11:47 -------- d-----w- C:\Windows\System32\RaLanguages
2010-10-13 02:11:46 -------- d-----w- C:\Program Files (x86)\Ralink
2010-10-13 02:10:34 1976944 ----a-w- C:\Windows\SysWow64\xRaidSetup.exe
2010-10-13 02:10:34 158320 ----a-w- C:\Windows\SysWow64\xRaidAPI.dll
2010-10-13 02:10:34 -------- d-----w- C:\RaidTool
2010-10-13 02:10:27 -------- d-----w- C:\Windows\RaidTool
2010-10-13 02:09:43 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2010-10-13 01:54:28 -------- d-----w- C:\PROGRA~3\PC Drivers HeadQuarters Inc
2010-10-13 01:51:12 -------- d-----w- C:\Users\Alex\AppData\Roaming\GetRightToGo
2010-10-11 00:36:07 -------- d-----w- C:\Program Files\Bonjour
2010-10-11 00:36:07 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-10-11 00:19:43 -------- d-----w- C:\Program Files (x86)\Audio Identifier
2010-10-08 00:20:16 3584 ----a-r- C:\Users\Alex\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-10-08 00:20:16 -------- d-----w- C:\Program Files (x86)\Windows Installer Clean Up
2010-10-08 00:19:51 -------- d-----w- C:\Program Files (x86)\MSECACHE

==================== Find3M ====================

2010-11-01 22:49:52 237568 ----a-w- C:\Windows\SysWow64\rmc_rtspdl.dll
2010-11-01 22:49:52 156672 ----a-w- C:\Windows\SysWow64\rmc_fixasf.exe
2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-28 23:26:12 7883264 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-09-28 22:55:12 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-09-28 22:55:02 536576 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-09-28 22:54:02 628224 ----a-w- C:\Windows\System32\aticfx64.dll
2010-09-28 22:51:52 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-09-28 22:51:46 462336 ----a-w- C:\Windows\System32\atieclxx.exe
2010-09-28 22:51:08 203264 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-09-28 22:49:58 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-09-28 22:49:42 421376 ----a-w- C:\Windows\System32\atipdl64.dll
2010-09-28 22:49:34 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-09-28 22:49:24 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-09-28 22:49:18 12288 ----a-w- C:\Windows\System32\atimuixx.dll
2010-09-28 22:49:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-09-28 22:49:08 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-09-28 22:46:06 3953152 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-09-28 22:37:28 4660224 ----a-w- C:\Windows\System32\atidxx64.dll
2010-09-28 22:30:02 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-09-28 22:28:00 4077568 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-09-28 22:27:22 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-09-28 22:27:20 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-09-28 22:27:12 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-09-28 22:27:10 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-09-28 22:27:00 5470720 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-09-28 22:26:04 4407808 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-09-28 22:23:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-09-28 22:22:56 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-09-28 22:21:54 5240832 ----a-w- C:\Windows\System32\atiumd64.dll
2010-09-28 22:15:20 340480 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-09-28 22:15:12 241664 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-09-28 22:15:02 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-09-28 22:14:58 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-09-28 22:14:58 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-09-28 22:14:56 21504 ----a-w- C:\Windows\System32\atig6txx.dll
2010-09-28 22:14:52 19968 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-09-28 22:14:48 285696 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-09-28 22:14:06 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-09-28 22:14:00 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-09-28 22:13:54 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-09-28 22:13:44 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-09-28 22:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-09-28 22:09:32 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-09-28 22:09:32 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-09-28 22:09:24 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-09-28 22:09:24 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-09-11 22:03:56 869608 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 15:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 15:33:08 332800 ----a-w- C:\Windows\System32\ATIODE.exe
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-16 07:42:00 116240 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

============= FINISH: 18:22:54.80 ===============

is it a problem that gmer.exe would not let me fill in these boxes?

Posted Image

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:33 AM

Posted 12 November 2010 - 09:12 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:33 AM

Posted 17 November 2010 - 07:23 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users