Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Script Error/Mevio.com/Browser Redirects


  • This topic is locked This topic is locked
2 replies to this topic

#1 wudaben

wudaben

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 12 April 2011 - 09:18 PM

While attempting to cleanup this computer a previous pass of Combofix, Malwarebytes & Housecall were run. Combofix removed the following:

c:\documents and settings\All Users\Application Data\19783476.exe
c:\documents and settings\All Users\Application Data\BkTMsDGeKfjuDY.exe
c:\documents and settings\jenniferh\Cookies\MM2048.DAT
c:\documents and settings\jenniferh\g2mdlhlpx.exe
c:\documents and settings\jenniferh\Start Menu\Programs\Windows Restore
c:\documents and settings\jenniferh\Start Menu\Programs\Windows Restore\Uninstall Windows Restore.lnk
c:\documents and settings\jenniferh\Start Menu\Programs\Windows Restore\Windows Restore.lnk
c:\documents and settings\jenniferm\Application Data\alot
c:\documents and settings\jenniferm\Application Data\alot\Resources\Images\alot_brand.png
c:\documents and settings\jenniferm\Application Data\alot\Resources\Images\alot_icon_35x16.bmp
c:\documents and settings\jenniferm\Application Data\alot\Resources\Images\alot_search_24x16.bmp
c:\documents and settings\jenniferm\Application Data\alot\Resources\Images\default_210_alot_music_musicsearch_24x16.bmp
c:\documents and settings\jenniferm\Application Data\alot\Resources\Images\default_213_alot_music_lyrics_24x16.bmp
c:\documents and settings\jenniferm\Application Data\alot\Resources\Images\default_214_alot_music_news_24x16.bmp
c:\documents and settings\jenniferm\Application Data\alot\Resources\Images\default_215_alot_music_freeradio.bmp
c:\documents and settings\jenniferm\Application Data\alot\Resources\Images\default_220_alot_music_freemusic.bmp
c:\documents and settings\jenniferm\Application Data\alot\toolbar.xml
c:\documents and settings\jheitmann.springfieldslf\Cookies\MM2048.DAT
c:\program files\MyWaySA
c:\program files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
c:\windows\system32\bszip.dll
c:\windows\system32\regobj.dll

Malwarebytes removed:

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWaySearchAssistantDE.Auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWaySearchAssistantDE.Auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Value: wxfw.dll -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\jenniferh\application data\Sun\Java\deployment\cache\6.0\36\478a7ca4-1160de9c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\i386\gtdownde_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\all users\application data\19783476.exe.vir (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\all users\application data\bktmsdgekfjudy.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\jheitmann\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\jheitmann\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\jheitmann.springfieldslf\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.


Now the computer continually gets an "Internet Explorer Script Error" popup that often points to mevio.com. If I tell it to not show these errors the popup still continues to come up. Also when browsing any security type website I am redirected to various ad related websites.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by jenniferh at 12:09:20.70 on Tue 04/12/2011
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.190 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\nslookup.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Security\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [{D32470A1-B10C-4059-BA53-CF0486F68EBC}] RunDll32.exe c:\docume~1\jennif~1\locals~1\temp\6.9.30.16-easyshrx.dll,_uninstallplatform@16 c:\documents and settings\all users\application data\kodak\EasyShareSetup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {81105BDB-D417-4014-BA95-7E77E7865567} = 8.8.8.8
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jennif~1\applic~1\mozilla\firefox\profiles\5noeykwu.default\
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl1630786e;MpKsl1630786e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{19d55691-7a92-4d65-b2e6-0c180b7fd584}\MpKsl1630786e.sys [2011-4-12 28752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
.
=============== Created Last 30 ================
.
2011-04-12 16:07:59 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{19d55691-7a92-4d65-b2e6-0c180b7fd584}\MpKsl1630786e.sys
2011-04-12 16:07:42 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{19d55691-7a92-4d65-b2e6-0c180b7fd584}\mpengine.dll
2011-04-12 16:06:46 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-04-12 16:05:56 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-12 10:41:50 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-04-12 10:41:50 215920 ----a-w- c:\windows\system32\muweb.dll
2011-04-12 10:41:50 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-04-12 05:56:48 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-04-12 05:56:43 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-04-12 05:56:41 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-04-12 05:56:36 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-04-12 05:56:29 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-04-12 05:55:48 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-04-12 05:55:39 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-04-12 05:55:36 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-04-12 05:55:27 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-04-12 05:55:25 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-04-12 05:55:23 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-04-12 05:54:46 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-04-12 05:54:40 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-04-12 05:54:35 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-04-12 05:54:17 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2011-04-12 05:54:08 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-04-12 05:54:03 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-04-12 05:54:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-04-12 05:54:00 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-04-12 05:52:59 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-04-12 05:52:53 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-04-12 05:52:48 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2011-04-12 05:52:43 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2011-04-12 05:52:39 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-04-12 05:52:31 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-04-12 05:52:25 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2011-04-12 05:52:19 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2011-04-12 05:52:15 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2011-04-12 05:52:07 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-04-12 05:52:03 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-04-12 05:50:56 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-04-12 05:50:51 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2011-04-12 05:50:46 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2011-04-12 05:50:38 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2011-04-12 05:50:35 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2011-04-12 05:50:22 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-04-12 05:50:18 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2011-04-12 05:50:13 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-04-12 05:50:09 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2011-04-12 05:50:04 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-04-12 05:50:00 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2011-04-12 05:49:54 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2011-04-12 05:49:50 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2011-04-12 05:49:48 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-04-12 05:49:44 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2011-04-12 05:49:21 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2011-04-12 05:49:17 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-04-12 05:49:12 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-04-12 05:49:04 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-04-12 05:47:59 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2011-04-12 05:47:55 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2011-04-12 05:47:51 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-04-12 05:47:47 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-04-12 05:47:43 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-04-12 05:47:38 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-04-12 05:47:34 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-04-12 05:47:31 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2011-04-12 05:47:26 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-04-12 05:47:21 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-04-12 05:47:17 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2011-04-12 05:47:12 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2011-04-12 05:47:11 16896 ----a-w- c:\windows\system32\dllcache\status.dll
2011-04-12 05:45:58 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-04-12 05:44:54 28160 ----a-w- c:\windows\system32\dllcache\sm91w.dll
2011-04-12 05:43:58 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2011-04-12 05:43:58 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-04-12 05:43:41 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-04-12 05:43:37 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-04-12 05:43:34 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-04-12 05:43:30 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-04-12 05:43:25 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-04-12 05:43:14 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2011-04-12 05:43:10 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2011-04-12 05:43:09 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-04-12 05:43:03 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2011-04-12 05:43:01 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-04-12 05:41:58 210496 ----a-w- c:\windows\system32\dllcache\s3mvirge.dll
2011-04-12 05:40:58 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2011-04-12 05:40:53 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2011-04-12 05:40:47 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-04-12 05:40:42 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2011-04-12 05:40:38 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-04-12 05:40:37 14848 ----a-w- c:\windows\system32\dllcache\register.exe
2011-04-12 05:40:22 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-04-12 05:40:15 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-04-12 05:40:11 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-04-12 05:40:06 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2011-04-12 05:40:02 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-04-12 05:40:01 16384 ----a-w- c:\windows\system32\dllcache\quser.exe
2011-04-12 05:40:00 9728 ----a-w- c:\windows\system32\dllcache\query.exe
2011-04-12 05:38:51 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-04-12 05:37:58 26153 ----a-w- c:\windows\system32\dllcache\pcmlm56.sys
2011-04-12 05:36:59 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-04-12 05:36:55 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2011-04-12 05:36:51 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-04-12 05:36:46 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-04-12 05:36:40 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys
2011-04-12 05:36:28 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-04-12 05:36:24 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-04-12 05:36:14 2027008 ----a-w- c:\windows\system32\dllcache\OLD5B6.tmp
2011-04-12 05:36:04 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-04-12 05:36:03 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-04-12 05:34:57 85248 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2011-04-12 05:33:30 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2011-04-12 05:33:29 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-04-12 05:33:20 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-04-12 05:33:03 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-04-12 05:33:00 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-04-12 05:32:59 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-04-12 05:32:41 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-04-12 05:32:37 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-04-12 05:32:35 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-04-12 05:32:01 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-04-12 05:31:46 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-04-12 05:31:34 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2011-04-12 05:31:29 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe
2011-04-12 05:31:24 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-04-12 05:31:20 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2011-04-12 05:31:20 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2011-04-12 05:31:19 92032 ----a-w- c:\windows\system32\dllcache\mga.dll
2011-04-12 05:31:17 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2011-04-12 05:31:14 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2011-04-12 05:31:10 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2011-04-12 05:31:08 26624 ----a-w- c:\windows\system32\dllcache\mdsync.dll
2011-04-12 05:31:04 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-04-12 05:29:59 25065 ----a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-04-12 05:28:57 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2011-04-12 05:27:54 471102 ----a-w- c:\windows\system32\dllcache\imskdic.dll
2011-04-12 05:26:57 91136 ----a-w- c:\windows\system32\dllcache\icam4com.dll
2011-04-12 05:25:56 44863 ----a-w- c:\windows\system32\dllcache\hsf_soar.sys
2011-04-12 05:24:57 101376 ----a-w- c:\windows\system32\dllcache\hpgt34.dll
2011-04-12 05:23:58 454912 ----a-w- c:\windows\system32\dllcache\fxusbase.sys
2011-04-12 05:22:58 16998 ----a-w- c:\windows\system32\dllcache\ex10.sys
2011-04-12 05:21:59 19996 ----a-w- c:\windows\system32\dllcache\OLD3A9.tmp
2011-04-12 05:20:55 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys
2011-04-12 05:19:58 7424 ----a-w- c:\windows\system32\dllcache\ddsmc.sys
2011-04-12 05:18:52 10240 ----a-w- c:\windows\system32\dllcache\compbatt.sys
2011-04-12 05:17:59 223232 ----a-w- c:\windows\system32\dllcache\camdrv21.sys
2011-04-12 05:16:59 871388 ----a-w- c:\windows\system32\dllcache\bcmdm.sys
2011-04-12 05:15:59 61440 ----a-w- c:\windows\system32\dllcache\acerscad.dll
2011-04-12 05:14:59 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-04-12 01:21:58 -------- d-----w- c:\program files\Trend Micro
2011-04-12 00:41:14 -------- d-----w- c:\docume~1\jennif~1\applic~1\Malwarebytes
2011-04-12 00:41:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-12 00:41:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-12 00:41:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 00:30:34 -------- d-sha-r- C:\cmdcons
2011-04-11 23:51:16 161792 ----a-w- c:\windows\SWREG.exe
2011-04-11 23:46:14 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-04-11 23:46:14 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-04-11 23:46:12 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-04-11 23:46:12 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-04-11 23:46:02 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-04-11 23:46:02 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-04-11 23:45:55 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-04-11 23:45:55 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-04-08 20:47:07 -------- d-----w- C:\6460e578700d535197d52e3ef7
2011-04-04 20:47:42 -------- d-----w- c:\docume~1\jennif~1\applic~1\ZoomBrowser EX
2011-04-04 20:43:18 -------- d-----w- c:\docume~1\jennif~1\applic~1\CANON INC
2011-04-04 20:31:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2011-04-04 20:30:41 -------- d-----w- c:\program files\Canon
2011-04-04 20:18:17 -------- d-----w- c:\windows\system32\XPSViewer
2011-04-04 20:16:12 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-04-04 20:15:38 14048 ------w- c:\windows\system32\spmsg2.dll
2011-04-04 20:00:12 -------- d-----w- c:\program files\common files\Canon
.
==================== Find3M ====================
.
2011-03-11 18:17:46 256 ----a-w- c:\windows\system32\pool.bin
2011-02-18 15:43:08 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 12:11:20.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:58 PM

Posted 22 April 2011 - 07:03 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:58 PM

Posted 27 April 2011 - 07:28 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users