Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.Dealio Infection attached to PDForge Toolbar


  • This topic is locked This topic is locked
2 replies to this topic

#1 Rouzell

Rouzell

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 05 February 2011 - 12:11 PM

I'm working through your well written and illustrated instructions and am now at step 9, while GMER is running its scan in the background.
After doing all of this, I was planning to run combofix, but I'll wait to hear from you about next steps. This is an education for me, although I've been using MWB and combofix for some time now...
This computer is about to be decommissioned after only about 8 months of service. So, I thought this would be a good time to go through this exercise with you, as this experience should help me to serve my clients in the future. Thanks for all you do. Keep up the good work! BR at Rouzell

To further explain my description; I found PUP.Dealio attached to the PDForge toolbar (installed with PDFCreator) and removed the infection and the toolbar as part of the cleanup process last time. As of this writing, I do not know if I still do have an infection, so I hope this is not a waste of your time. If so, I apologize in advance.
_______________________________

DDS (Ver_10-12-12.02) - NTFSx86
Run by Rothenay at 8:20:48.53 on Sat 02/05/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2047.967 [GMT -8:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\vsnapvss.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rothenay\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Rothenay\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [CardScanAgent] "c:\program files\cardscan\cardscan\CardScanAgent.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: Web-Based Email Tools - hxxp://email02.secureserver.net/Download.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://join-test.webex.com/client/T27L/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {D0446D93-2706-4E9F-AB41-736C50A019A9} = 8.8.8.8,8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 stcvsm;StorageCraft Volume Snapshot Driver;c:\windows\system32\drivers\stcvsm.sys [2010-6-23 193440]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]
R1 MpKsl38fa227b;MpKsl38fa227b;c:\programdata\microsoft\microsoft antimalware\definition updates\{ba854c24-9964-4752-a98f-da474c8cb897}\MpKsl38fa227b.sys [2011-2-5 28752]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2010-12-10 86552]
R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [2010-6-23 102560]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-12-6 1238408]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-7-1 47640]
R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\storagecraft\shadowprotect\ShadowProtectSvc.exe [2010-6-23 1649184]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [2010-6-23 67616]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 43392]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-4-20 12096]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CrossLoopService;CrossLoop Service;"c:\users\rouzell\appdata\local\crossloop\crossloopservice.exe" --service --> c:\users\rouzell\appdata\local\crossloop\CrossLoopService.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-22 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 KFHRLHDKOAG;KFHRLHDKOAG;c:\users\rothenay\appdata\local\temp\KFHRLHDKOAG.exe [2010-11-26 408448]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2010-1-19 55184]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 OZJDXK;OZJDXK;c:\users\rothenay\appdata\local\temp\OZJDXK.exe [2010-11-26 564096]
S3 QFVFKN;QFVFKN;c:\users\rouzell\appdata\local\temp\qfvfkn.exe --> c:\users\rouzell\appdata\local\temp\QFVFKN.exe [?]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2010-12-10 24876]
S3 UFFA;UFFA;c:\users\rothenay\appdata\local\temp\UFFA.exe [2011-2-5 478080]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-2 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-02-05 16:13:02 -------- d-----w- c:\users\rothenay\appdata\roaming\Malwarebytes
2011-02-05 15:33:14 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{ba854c24-9964-4752-a98f-da474c8cb897}\MpKsl38fa227b.sys
2011-02-05 15:33:06 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{ba854c24-9964-4752-a98f-da474c8cb897}\mpengine.dll
2011-02-05 15:24:36 -------- d-----w- c:\users\rothenay\appdata\local\Adobe
2011-02-01 03:32:37 -------- d-----w- c:\program files\iPod
2011-02-01 03:32:33 -------- d-----w- c:\program files\iTunes
2011-01-30 04:25:47 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-01-30 04:25:47 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-01-30 04:25:46 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-01-30 04:25:43 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-01-30 04:25:43 -------- d-----w- c:\program files\PDFCreator
2011-01-26 14:59:00 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{30b74f62-9479-430e-a3eb-133cccd4a689}\gapaengine.dll
2011-01-26 14:45:37 -------- d-----w- c:\windows\Temp13E11D06-17D7-9871-4E68-868EB96D258E-Signatures
2011-01-26 14:44:45 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-26 14:44:21 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-25 05:14:50 -------- d-----w- c:\program files\HooTech AAC MP3 Converter
2011-01-24 04:13:21 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-24 04:13:21 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-01-24 04:11:35 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-01-24 04:10:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-01-24 04:10:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-01-24 04:10:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-01-24 04:10:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-01-24 04:10:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-01-24 04:10:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-01-24 04:10:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-01-24 04:06:28 -------- d-----w- c:\program files\Bonjour
2011-01-19 05:53:13 -------- d-----w- c:\program files\MSN Toolbar
2011-01-18 03:24:38 -------- d-----w- c:\program files\Bing Bar Installer
2011-01-18 03:22:06 319488 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp02t.dll
2011-01-18 03:21:49 125440 ----a-w- c:\windows\system32\hpf3l02t.dll
2011-01-18 03:19:15 454504 ----a-w- c:\windows\system32\hpzids01.dll
2011-01-18 03:19:12 372736 ----a-w- c:\windows\system32\hppldcoi.dll

==================== Find3M ====================

2010-12-08 21:12:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 21:11:52 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 21:11:46 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 21:11:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 8:21:41.19 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:28 AM

Posted 07 February 2011 - 07:48 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:28 AM

Posted 12 February 2011 - 07:52 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users