Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All My Gbookmarks Infected by Redirect Script


  • This topic is locked This topic is locked
3 replies to this topic

#1 ersl

ersl

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 11 February 2011 - 03:07 PM

Hi,

All my Google Bookmarks on my Firefox 3.6.3 contain a redirect script:

liutilities.com/affcb/?id=SPgen&aff=8875&xat=gen

It goes to a Uniblue sales page.

Nothing has been found with MABAM, or Win Security Essentials or AntiVir Pro or MS MSRT

Here is the HijAck this Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:45:58, on 2/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Drive Space Indicator\DrvSpace.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\windows-kb890830-v3.16.exe
g:\df1574c489f6addc4a40f137b6dc00ea\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DriveSpace] "C:\Program Files\Drive Space Indicator\DrvSpace.exe" /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE12AC00-F5A4-45C6-AC45-DA58B025797A}: NameServer = 221.228.255.1 218.2.135.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5446 bytes

Any ideas, or know anything about it. There's lots of people getting it but not found any solutions.

BC AdBot (Login to Remove)

 


#2 ersl

ersl
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 12 February 2011 - 08:50 AM

Hi,

I am running XP Pro and Firefox 3.6.3

Every one of my Google Bookmarks Folders contains a link "Increase Your PC Speed". It is a url: "liutilities.com/affcb/?id=SPgen&aff=8875&xat=gen" that is then immediately redirected to a UniBlue sales page.

There lots of discussion on the net about "liutilities.com/affcb/?id=SPgen&aff=8875&xat=gen" but after many hours of searching I could not find a solution.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 13:27:55.00 on Sat 02/12/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.367 [GMT 7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Drive Space Indicator\DrvSpace.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\Defogger.exe
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [BitComet] c:\program files\bitcomet\BitComet.exe /tray
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\devices.exe" -agent
uRun: [DriverMax_RESTART]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DriveSpace] "c:\program files\drive space indicator\DrvSpace.exe" /STARTUP
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
uPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {BE12AC00-F5A4-45C6-AC45-DA58B025797A} = 221.228.255.1 218.2.135.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\jkxx2663.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/ncr
FF - component: c:\documents and settings\administrator\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jkxx2663.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jkxx2663.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jkxx2663.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\administrator\application data\idm\idmmzcc3
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Bookmarks for Firefox: {473f9a20-ce5a-11da-a94d-0800200c9a66} - %profile%\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}
FF - Ext: Deng Google Bookmarks: denggb@balandro.net - %profile%\extensions\denggb@balandro.net
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Google Global: {B97F57B9-1B42-4aed-9475-0022600C62DC} - %profile%\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2011-2-12 267136]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]

=============== Created Last 30 ================

2011-02-11 20:44:07 388096 ----a-r- c:\docume~1\admini~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-11 20:44:07 -------- d-----w- c:\program files\Trend Micro
2011-02-11 20:21:21 -------- d-----w- c:\program files\Mythicsoft
2011-02-11 19:45:39 -------- d-----w- c:\program files\sisagp
2011-02-11 19:25:50 -------- d-----w- c:\program files\SiS7012
2011-02-11 19:25:34 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-02-11 19:25:34 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-02-11 19:25:34 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-02-11 19:25:34 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-02-11 19:25:34 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-02-11 19:25:34 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-02-11 19:25:33 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-02-11 19:25:33 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-02-11 19:24:36 267136 ----a-w- c:\windows\system32\drivers\sis7012.sys
2011-02-11 19:24:36 115864 ----a-w- c:\windows\system32\a3d.dll
2011-02-11 17:16:14 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{b1587f0b-1c1d-4aa3-abcf-9cdaea8a9d5d}\mpengine.dll
2011-02-11 16:58:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Innovative Solutions
2011-02-11 16:58:10 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Innovative Solutions
2011-02-11 16:58:04 -------- d-----w- c:\program files\Innovative Solutions
2011-02-11 14:14:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2011-02-11 14:05:25 -------- d-----w- c:\program files\Lavalys
2011-02-11 02:21:21 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Temp
2011-02-11 02:21:14 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Google
2011-02-10 18:04:42 -------- d--h--w- c:\windows\$hf_mig$
2011-02-10 18:01:34 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-02-10 18:01:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-10 18:01:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-10 18:01:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-10 18:01:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-10 18:00:57 -------- d-----w- c:\program files\SumatraPDFPortable
2011-02-10 17:59:58 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-10 17:59:57 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-10 17:58:44 -------- d-----w- C:\Downloads
2011-02-10 17:58:21 -------- d-----w- c:\docume~1\admini~1\applic~1\BitComet
2011-02-10 17:58:20 -------- d-----w- c:\program files\BitComet
2011-02-10 17:55:18 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-02-10 17:55:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-10 17:49:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-10 17:49:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-10 17:49:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-10 17:49:57 1992192 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-10 17:49:56 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-10 17:49:55 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-10 17:49:53 11082752 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-10 17:40:34 -------- d-----w- c:\windows\system32\XPSViewer
2011-02-10 17:40:08 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-02-10 17:40:03 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-02-10 17:40:03 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-02-10 17:40:03 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-02-10 17:40:03 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-02-10 17:40:03 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-02-10 17:40:03 117760 ------w- c:\windows\system32\prntvpt.dll
2011-02-10 17:40:02 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-02-10 17:40:02 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-02-10 17:14:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Zbshareware Lab
2011-02-10 16:57:24 -------- d-----w- c:\program files\The KMPlayer
2011-02-10 16:48:58 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla
2011-02-10 16:35:21 -------- d-----w- c:\program files\USB Disk Security
2011-02-10 16:35:12 165376 ----a-w- c:\windows\system32\unrar.dll
2011-02-10 16:35:09 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-02-10 16:35:03 -------- d-----w- c:\program files\foobar2000
2011-02-10 16:35:02 -------- d-----w- c:\program files\UniKeyNT
2011-02-10 16:33:46 -------- d-----w- c:\program files\Vista Rainbar
2011-02-10 16:33:45 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\AKSoftware
2011-02-10 16:33:05 -------- d-----w- c:\program files\RocketDock
2011-02-10 16:33:02 -------- d-----w- c:\program files\Drive Space Indicator
2011-02-10 16:32:41 -------- d-----w- c:\program files\VS Revo Group
2011-02-10 16:32:37 -------- d-----w- c:\program files\System
2011-02-10 16:32:36 208896 ----a-w- c:\windows\system32\cttune.cpl
2011-02-10 16:30:15 -------- d-----w- c:\program files\CCleaner
2011-02-10 16:18:59 98304 -c--a-w- c:\windows\system32\dllcache\actxprxy.dll
2011-02-10 16:17:33 -------- d-----w- c:\windows\nview
2011-02-10 16:17:14 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-02-10 16:14:58 4096 ----a-w- c:\windows\system32\drivers\siside.sys
2011-02-10 16:14:58 36992 ----a-w- c:\windows\system32\drivers\SISAGPX.SYS

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:14:45 1864064 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:32:24 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:58:53 919552 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:58:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:58:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:24:18 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:48:24 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:41 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:29:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:43:18 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 11:39:28 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

============= FINISH: 13:28:28.79 ===============

Attached Files


Edited by Orange Blossom, 12 February 2011 - 03:54 PM.
Merged topics. ~ OB


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:35 PM

Posted 17 February 2011 - 08:43 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:35 PM

Posted 23 February 2011 - 08:34 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users