Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Firefox and IE


  • This topic is locked This topic is locked
3 replies to this topic

#1 flashback30

flashback30

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:04:25 PM

Posted 05 November 2010 - 06:40 AM

Hi Think I may have malware, once i do a search in Firefox or IE and i click on the link for the search results I get redirected to some other site. I used Malwarebytes in safe mode and it still give the redirect.


DDS.text results



DDS (Ver_10-11-03.01) - NTFSx86
Run by Owner at 7:13:18.65 on Fri 11/05/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1295 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\devldr32.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\slbcsp32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\getuname32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\jgpl400wow.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {01288432-c3d0-4cc9-a683-6571890110f2} - c:\windows\system32\avicap3232.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: e4290c23: {0f088133-e954-d5ab-34ef-e96bc58b6b25} - c:\windows\system32\regwizc32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Norton Ghost 12.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [jgpl400wow.exe] c:\windows\jgpl400wow.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288282034593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: Antiwpa - antiwpa.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\windows\system32\regwizc32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bbxbqfm9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-9-23 11264]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-9-23 13696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67656]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 ERSvc32;Error Reporting Service ;c:\windows\system32\slbcsp32.exe [2010-10-23 1325568]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-23 304464]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-22 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-23 20952]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101029.003\naveng.sys [2010-10-29 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101029.003\navex15.sys [2010-10-29 1371184]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-8-29 14336]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

=============== Created Last 30 ================

2010-11-05 11:11:33 498688 --sh--w- c:\windows\jgpl400wow.exe
2010-11-04 14:35:26 174080 --sha-w- c:\windows\lsass.exe
2010-11-03 20:05:05 1128448 --sha-w- c:\windows\system32\14F.tmp
2010-11-03 11:16:18 -------- d-----w- c:\docume~1\owner\applic~1\Digiarty
2010-11-03 11:16:06 -------- d-----w- c:\program files\Digiarty
2010-11-02 11:43:59 1129984 --sha-w- c:\windows\system32\200.tmp
2010-11-01 17:47:09 -------- d-sh--w- c:\windows\system32\DBB83A5AADB9E11B62004B67E27B5A74
2010-11-01 15:43:59 1121280 --sha-w- c:\windows\system32\1A6.tmp
2010-10-31 19:43:59 1121280 --sha-w- c:\windows\system32\157.tmp
2010-10-31 15:54:50 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-31 15:35:23 -------- d-----w- c:\program files\Rockstar Games
2010-10-31 03:49:31 -------- d-----w- c:\program files\Everything
2010-10-30 23:43:13 1121280 --sha-w- c:\windows\system32\1.tmp
2010-10-30 23:39:35 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-10-30 23:39:35 -------- d-----w- c:\windows\nview
2010-10-30 23:39:20 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-10-30 23:39:18 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2010-10-30 23:39:18 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2010-10-30 23:39:18 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2010-10-30 23:39:18 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2010-10-30 23:39:18 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2010-10-30 23:39:12 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2010-10-30 23:39:11 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2010-10-30 23:39:07 -------- d-----w- C:\NVIDIA
2010-10-30 23:37:09 -------- d-----w- c:\docume~1\owner\applic~1\Carambis
2010-10-30 23:00:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hunter
2010-10-30 22:56:35 -------- d--h--w- c:\windows\msdownld.tmp
2010-10-30 22:56:29 -------- d-----w- c:\windows\Logs
2010-10-30 08:11:18 2178048 --sha-w- c:\windows\system32\B6E.tmp
2010-10-29 08:00:07 154624 ----a-w- c:\windows\system32\1006367697c4
2010-10-29 08:00:07 153088 ----a-w- c:\windows\system32\1006367697c1
2010-10-29 08:00:07 146432 ----a-w- c:\windows\system32\1006367697c3
2010-10-29 08:00:07 145408 ----a-w- c:\windows\system32\1006367697c2
2010-10-29 07:59:12 -------- d-sh--w- C:\System Volume Data
2010-10-29 07:58:26 2178048 --sha-w- c:\windows\system32\3A.tmp
2010-10-29 06:58:04 0 ----a-w- c:\windows\system32\39.tmp
2010-10-28 21:27:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-28 21:27:34 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-28 18:40:48 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-28 18:40:48 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-28 18:39:02 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-28 17:49:21 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-28 17:48:59 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-28 17:48:46 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-28 17:48:46 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-28 17:48:46 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-28 17:48:46 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-10-28 17:48:46 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-28 17:48:46 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-10-28 17:48:46 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-10-28 17:48:46 117760 ------w- c:\windows\system32\prntvpt.dll
2010-10-28 17:48:45 -------- d-----w- C:\2da83a3fe927ae8708056ed87c1b
2010-10-28 17:39:12 358912 ----a-w- c:\windows\system32\avicap3232.dll
2010-10-28 17:09:57 -------- d-----w- c:\windows\system32\scripting
2010-10-28 17:09:56 -------- d-----w- c:\windows\system32\en
2010-10-28 17:09:56 -------- d-----w- c:\windows\l2schemas
2010-10-28 17:06:06 -------- d-----w- c:\windows\network diagnostic
2010-10-28 16:55:59 61440 ------w- c:\windows\system32\kmsvc.dll
2010-10-28 16:30:34 -------- d-----w- c:\program files\MSXML 4.0
2010-10-28 16:24:53 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-28 16:21:56 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-10-28 16:21:51 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-10-28 16:21:36 357248 ------w- c:\windows\system32\dllcache\srv.sys
2010-10-28 16:20:43 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-10-28 16:20:43 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-10-28 16:20:35 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-10-28 16:18:27 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-10-28 16:17:23 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-10-28 16:16:03 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-10-28 16:16:03 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-10-28 16:16:03 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-10-28 16:16:03 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-10-28 16:16:02 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-10-28 16:16:02 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-10-28 16:16:02 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-10-28 16:16:02 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-10-28 16:16:02 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-10-28 16:16:01 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-10-28 16:16:01 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-10-28 16:16:00 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-10-28 16:15:47 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-10-28 16:15:47 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-10-28 16:14:46 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-10-28 16:14:43 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-10-28 16:13:55 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-10-28 16:13:51 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-10-28 16:07:46 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-10-28 16:07:46 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-10-28 14:28:29 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2010-10-28 14:28:29 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2010-10-28 14:28:28 98304 ----a-w- c:\program files\mozilla firefox\nssdbm3.dll
2010-10-28 14:28:28 89048 ----a-w- c:\program files\mozilla firefox\nssutil3.dll
2010-10-28 14:28:28 719832 ----a-w- c:\program files\mozilla firefox\mozcrt19.dll
2010-10-28 14:28:28 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-10-28 14:28:28 492504 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
2010-10-28 14:28:28 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2010-10-28 14:28:28 11744216 ----a-w- c:\program files\mozilla firefox\xul.dll
2010-10-28 14:28:27 107480 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2010-10-28 01:45:23 2173440 --sha-w- c:\windows\system32\42E.tmp
2010-10-27 05:45:23 1133056 --sha-w- c:\windows\system32\385.tmp
2010-10-26 16:58:41 35136 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
2010-10-25 13:45:22 1133056 --sha-w- c:\windows\system32\3F.tmp
2010-10-23 22:24:17 54784 --sha-r- c:\windows\system32\SymNetie.dll
2010-10-23 22:16:13 0 ---ha-w- c:\documents and settings\owner\wcequgewir.tmp
2010-10-23 22:16:03 203776 --sh--w- c:\windows\system32\unrar.exe
2010-10-23 22:16:03 -------- d-----w- c:\windows\system32\644365073
2010-10-23 22:15:45 1325568 ----a-w- c:\windows\system32\getuname32.exe
2010-10-23 22:15:44 250880 ----a-w- c:\windows\system32\regwizc32.dll
2010-10-23 22:15:43 1325568 ----a-w- c:\windows\system32\slbcsp32.exe
2010-10-23 22:15:42 361472 ----a-w- c:\windows\system32\avifil3232.dll
2010-10-23 21:42:57 -------- d-----w- c:\documents and settings\owner\Shared
2010-10-23 21:42:52 -------- d-----w- c:\documents and settings\owner\Incomplete
2010-10-23 21:42:39 -------- d-----w- c:\docume~1\owner\applic~1\LimeWire
2010-10-23 21:42:30 -------- d-----w- c:\program files\LimeWire
2010-10-23 21:35:42 120056 ------w- c:\windows\system32\pxcpyi64.exe
2010-10-23 21:35:42 118520 ------w- c:\windows\system32\pxinsi64.exe
2010-10-23 21:35:27 -------- d-----w- c:\program files\DivX
2010-10-23 19:59:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2010-10-23 19:30:40 -------- d-----w- c:\docume~1\owner\applic~1\TeamViewer
2010-10-23 19:30:35 -------- d-----w- c:\program files\TeamViewer
2010-10-23 19:15:14 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Adobe
2010-10-23 16:30:04 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Yahoo
2010-10-23 16:27:22 -------- d-----w- c:\program files\Yahoo!
2010-10-23 04:23:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-23 04:23:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-23 04:23:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-23 02:31:42 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-10-23 02:22:11 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-10-23 02:22:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-23 00:28:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-23 00:28:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-23 00:28:15 -------- d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-10-23 00:27:27 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-10-23 00:27:18 -------- d-----w- c:\docume~1\owner\applic~1\Symantec
2010-10-22 09:07:02 3712 ----a-w- c:\windows\system32\drivers\ctljystk.sys
2010-10-22 09:07:02 3712 ----a-w- c:\windows\system32\dllcache\ctljystk.sys

==================== Find3M ====================

2010-10-28 21:27:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ------w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 7:15:40.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:25 PM

Posted 13 November 2010 - 08:57 AM

Hello flashback30

Welcome to BleepingComputer :)
==========================
You appear to be running a cracked (illegal) version of Windows.
I suggest a full reformat and reinstall as you are also severely infected.
I will clean you up if need be but a reformat would be better.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 flashback30

flashback30
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:04:25 PM

Posted 13 November 2010 - 02:43 PM

Thanks for the help, yeah i will probably just reinstall It should be a legal copy I have called them for support before on it. But it seems to be getting worse and i do have everything backed up. I just need to make sure my backups aren't infected before i bring backed up files to the fresh install

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:25 PM

Posted 13 November 2010 - 03:51 PM

Yes just make sure to scan your backup drive before pulling anything over you can right click on the drive and choose scan with any up to date antivirus\antimalware.

You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users