Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot access real google.com website Malware still present after reformatting


  • This topic is locked This topic is locked
8 replies to this topic

#1 billyn4

billyn4

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 23 February 2014 - 08:31 AM

Following recommendations y boopme, I am posting here the DDS logs related to the problem I first explained here: 

 

http://www.bleepingcomputer.com/forums/t/524509/cannot-conect-to-the-real-googlecom-website/#entry3295418

 

After reformatting the computer by deleting all present partitions and reinstalling the OS, I still get the SSL error message "cannot connect to the real google.com website". It seems as though the malware is redirecting me through some hidden service, as pages take longer to load. Also, the time and date have been reset and I can't modfiy them.

 

I really need help identifying and applying a solution to this problem, as the malware seems to be stubborn and sophisticated.

 

Many thanks in advance.

 

I will now paste the DDS.txt log, you fill find attached the Attach.txt log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6000.16640
Run by Administrador at 20:58:01 on 1980-01-10
Microsoft Windows XP Professional  5.1.2600.3.1252.34.3082.18.1015.578 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Datos de programa\InternetUpdater\InternetUpdaterService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
C:\Documents and Settings\All Users\Datos de programa\Updater\Updater.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\All Users\Datos de programa\RHelpers\ChromeHelper\ChromeHelper.exe
C:\Documents and Settings\All Users\Datos de programa\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\Documents and Settings\All Users\Datos de programa\RHelpers\IEHelper\IeHelper.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\archivos de programa\java\jre1.6.0_06\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\archivos de programa\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\archivos de programa\avast software\avast\aswWebRepIE.dll
uRun: [TaskSwitchXP] c:\archivos de programa\taskswitchxp\TaskSwitchXP.exe
uRun: [Updater] c:\documents and settings\all users\datos de programa\updater\Updater.exe
mRun: [SoundMAXPnP] c:\archivos de programa\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AvastUI.exe] "c:\archivos de programa\avast software\avast\AvastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: NoSMHelp = dword:1
mPolicies-Explorer: NoSMConfigurePrograms = dword:1
mPolicies-Explorer: NoSMMyPictures = dword:1
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~1\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\archivos de programa\java\jre1.6.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: NameServer = 62.81.16.213 62.81.29.254
TCP: Interfaces\{41DDB4C9-E2AE-4197-8D1F-325DA397A84E} : DHCPNameServer = 62.81.16.213 62.81.29.254
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\archivos de programa\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [1980-1-9 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [1980-1-9 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1980-1-9 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1980-1-9 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [1980-1-9 67824]
R2 avast! Antivirus;avast! Antivirus;c:\archivos de programa\avast software\avast\AvastSvc.exe [1980-1-9 50344]
R2 InternetUpdater;Internet Updater;c:\documents and settings\all users\datos de programa\internetupdater\InternetUpdaterService.exe [2014-1-15 45568]
.
=============== Created Last 30 ================
.
2012-06-02 14:19:38 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19:24 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19:18 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-07-12 11:11:20 670016 ----a-w- c:\archivos de programa\archivos comunes\microsoft shared\vc\msdia90.dll
2008-05-13 19:10:02 1216 ----a-w- c:\windows\system32\nod32.cmd
2008-05-13 19:01:40 2762752 ----a-w- c:\windows\system32\winntbbu.dll
2008-05-11 19:08:32 3127 ----a-w- c:\windows\system32\presetup.cmd
2008-05-11 19:08:32 28672 ----a-w- c:\windows\system32\setupold.exe
2008-05-11 19:08:32 23040 ----a-w- c:\windows\system32\setup.exe
2008-05-11 19:05:42 308248 ----a-w- c:\windows\system32\drivers\iaStor.sys
2008-05-11 18:29:12 361344 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-05-11 18:29:12 220160 ----a-w- c:\windows\system32\uxtheme.dll
2008-05-11 18:29:12 141824 ----a-w- c:\windows\system32\sfc_os.dll
2008-05-11 18:29:12 1009664 ----a-w- c:\windows\system32\syssetup.dll
2008-05-11 18:27:58 317440 ----a-w- c:\windows\system32\mp4sdecd.dll
2008-05-11 18:27:58 284672 ----a-w- c:\windows\system32\audiodev.dll
2008-05-11 18:27:58 259072 ----a-w- c:\windows\system32\mpg4decd.dll
2008-05-11 18:27:58 259072 ----a-w- c:\windows\system32\mp43decd.dll
2008-05-11 18:27:58 249856 ----a-w- c:\windows\system32\drmupgds.exe
2008-05-11 18:27:58 232448 ----a-w- c:\windows\system32\l3codecp.acm
2008-05-11 18:27:58 212992 ----a-w- c:\windows\system32\mfplat.dll
2008-05-11 17:41:14 222720 ----a-w- c:\windows\system32\wmasf.dll
2008-04-14 06:04:38 1804 ----a-w- c:\windows\system32\Dcache.bin
2008-04-14 05:52:24 332288 ----a-w- c:\windows\system32\netsetup.exe
2008-04-14 05:48:58 8192 ----a-w- c:\windows\system32\forcedos.exe
2008-04-14 05:47:58 20480 ----a-w- c:\windows\system32\wmp.ocx
2008-04-14 05:46:56 7680 ----a-w- c:\windows\system32\kbdsmsno.dll
2008-04-14 05:28:44 120448 ----a-w- c:\windows\system32\drivers\pcmcia.sys
2008-04-14 05:28:42 68992 ----a-w- c:\windows\system32\drivers\pci.sys
2008-04-14 05:28:38 80256 ----a-w- c:\windows\system32\drivers\parport.sys
2008-04-14 05:28:36 46976 ----a-w- c:\windows\system32\drivers\p3.sys
2008-04-14 05:27:14 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-04-14 05:27:02 2147840 ----a-w- c:\windows\system32\ntoskrnl.exe
2008-04-14 05:26:42 4096 ----a-w- c:\windows\system32\dsprpres.dll
2008-04-14 05:25:46 154240 ----a-w- c:\windows\system32\drivers\dmio.sys
2008-04-14 05:25:44 800256 ----a-w- c:\windows\system32\drivers\dmboot.sys
2008-04-14 05:25:10 25088 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2008-04-14 05:25:02 90624 ----a-w- c:\windows\system32\msxml6r.dll
2008-04-14 05:24:48 37760 ----a-w- c:\windows\system32\drivers\isapnp.sys
2008-04-14 05:24:28 40960 ----a-w- c:\windows\system32\drivers\crusoe.sys
2008-04-14 05:24:08 40576 ----a-w- c:\windows\system32\drivers\intelppm.sys
2008-04-14 05:23:50 823808 ----a-w- c:\windows\system32\shdoclc.dll
2008-04-14 05:23:18 65792 ----a-w- c:\windows\system32\drivers\serial.sys
2008-04-14 05:22:36 53504 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2008-04-14 05:22:24 1845760 ----a-w- c:\windows\system32\win32k.sys
2008-04-14 05:21:38 68608 ----a-w- c:\windows\system32\browselc.dll
2008-04-14 05:21:26 10240 ----a-w- c:\windows\system32\gpkrsrc.dll
2008-04-14 05:21:18 53248 ----a-w- c:\windows\system32\drivers\volsnap.sys
2008-04-14 05:20:18 40064 ----a-w- c:\windows\system32\drivers\processr.sys
2008-04-14 05:20:14 44672 ----a-w- c:\windows\system32\drivers\fips.sys
2008-04-14 05:19:42 41984 ----a-w- c:\windows\system32\drivers\amdk7.sys
2008-04-14 05:19:42 41600 ----a-w- c:\windows\system32\drivers\amdk6.sys
2008-04-14 05:19:14 23552 ----a-w- c:\windows\system32\drivers\mouclass.sys
2008-04-14 05:19:08 30336 ----a-w- c:\windows\system32\drivers\modem.sys
2008-04-14 05:19:04 70544 ----a-w- c:\windows\system32\mmsystem.dll
2008-04-14 05:18:48 189056 ----a-w- c:\windows\system32\drivers\acpi.sys
2008-04-13 22:58:40 175744 ----a-w- c:\windows\system32\drivers\rdbss.sys
2008-04-13 22:51:02 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2008-04-13 22:50:44 91520 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2008-04-13 22:50:38 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2008-04-13 22:49:50 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys
2008-04-13 22:49:44 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2008-04-13 22:49:44 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys
2008-04-13 22:49:24 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2008-04-13 22:47:06 105344 ----a-w- c:\windows\system32\drivers\mup.sys
2008-04-13 22:47:02 456576 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-04-13 22:46:38 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2008-04-13 22:46:24 49536 ----a-w- c:\windows\system32\drivers\classpnp.sys
2008-04-13 22:45:54 574976 ----a-w- c:\windows\system32\drivers\ntfs.sys
2008-04-13 22:45:12 334848 ----a-w- c:\windows\system32\drivers\srv.sys
2008-04-13 22:44:30 143744 ----a-w- c:\windows\system32\drivers\fastfat.sys
2008-04-13 22:44:22 63744 ----a-w- c:\windows\system32\drivers\cdfs.sys
2008-04-13 22:30:06 19072 ----a-w- c:\windows\system32\drivers\tdi.sys
2008-04-13 22:30:04 225664 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-04-13 22:27:34 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2008-04-13 22:27:30 40576 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2008-04-13 22:27:28 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2008-04-13 22:27:28 10112 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2008-04-13 22:27:22 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys
2008-04-13 22:27:16 152832 ----a-w- c:\windows\system32\drivers\ipnat.sys
2008-04-13 22:27:08 20864 ----a-w- c:\windows\system32\drivers\ipinip.sys
2008-04-13 22:26:50 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys
2008-04-13 22:26:50 12800 ----a-w- c:\windows\system32\drivers\usb8023.sys
2008-04-13 22:26:40 69120 ----a-w- c:\windows\system32\drivers\psched.sys
2008-04-13 22:26:34 35072 ----a-w- c:\windows\system32\drivers\msgpc.sys
2008-04-13 22:26:08 88320 ----a-w- c:\windows\system32\drivers\nwlnkipx.sys
2008-04-13 22:26:04 34688 ----a-w- c:\windows\system32\drivers\netbios.sys
2008-04-13 22:26:02 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2008-04-13 22:26:00 14592 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2008-04-13 22:25:10 202624 ----a-w- c:\windows\system32\drivers\RMCast.sys
2008-04-13 22:23:54 264832 ----a-w- c:\windows\system32\drivers\http.sys
2008-04-13 22:23:36 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
2008-04-13 22:23:24 71552 ----a-w- c:\windows\system32\drivers\bridge.sys
2008-04-13 22:23:10 40320 ----a-w- c:\windows\system32\drivers\nmnt.sys
2008-04-13 22:21:32 55808 ----a-w- c:\windows\system32\drivers\atmlane.sys
2008-04-13 22:21:26 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys
2008-04-13 22:21:26 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2008-04-13 22:21:26 59904 ----a-w- c:\windows\system32\drivers\atmarpc.sys
2008-04-13 22:16:20 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2008-04-13 22:16:20 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2008-04-13 22:16:08 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys
2008-04-13 22:15:44 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys
2008-04-13 22:15:42 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2008-04-13 22:15:42 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2008-04-13 22:15:38 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2008-04-13 22:15:38 143872 ----a-w- c:\windows\system32\drivers\usbport.sys
2008-04-13 22:15:36 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2008-04-13 22:15:36 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2008-04-13 22:15:28 36864 ----a-w- c:\windows\system32\drivers\hidclass.sys
2008-04-13 22:15:24 24960 ----a-w- c:\windows\system32\drivers\hidparse.sys
2008-04-13 22:15:16 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2008-04-13 22:15:00 17664 ----a-w- c:\windows\system32\watchdog.sys
2008-04-13 22:14:42 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys
2008-04-13 22:14:42 20992 ----a-w- c:\windows\system32\drivers\vga.sys
2008-04-13 22:13:32 12800 ----a-w- c:\windows\system32\spiisupd.exe
2008-04-13 22:11:00 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2008-04-13 22:09:54 4352 ----a-w- c:\windows\system32\drivers\swenum.sys
2008-04-13 22:09:48 42368 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2008-04-13 22:09:48 384768 ----a-w- c:\windows\system32\drivers\update.sys
2008-04-13 22:09:46 92544 ----a-w- c:\windows\system32\drivers\mqac.sys
2008-04-13 22:08:30 71168 ----a-w- c:\windows\system32\drivers\dxg.sys
2008-04-13 22:06:48 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2008-04-13 22:06:46 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
2008-04-13 22:06:42 63744 ----a-w- c:\windows\system32\drivers\mf.sys
2008-04-13 22:06:26 3807744 ----a-w- c:\windows\system32\xpsp2res.dll
2008-04-13 22:05:12 196096 ----a-w- c:\windows\system32\xpsp1res.dll
2008-04-13 22:04:14 163584 ----a-w- c:\windows\system32\drivers\nwrdr.sys
2008-04-13 22:02:46 180608 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2008-04-13 22:02:40 30848 ----a-w- c:\windows\system32\drivers\npfs.sys
2008-04-13 22:02:40 19072 ----a-w- c:\windows\system32\drivers\msfs.sys
2008-04-13 22:02:38 66048 ----a-w- c:\windows\system32\drivers\udfs.sys
2008-04-13 22:01:44 92288 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2008-04-13 22:01:36 7424 ----a-w- c:\windows\system32\kd1394.dll
2008-04-13 22:00:48 61440 ----a-w- c:\windows\system32\msvcrt40.dll
2008-04-13 21:08:00 306176 ----a-w- c:\windows\system32\slbcsp.dll
2008-04-13 21:08:00 169984 ----a-w- c:\windows\system32\sccbase.dll
2008-04-13 21:08:00 101888 ----a-w- c:\windows\system32\gpkcsp.dll
2008-04-13 21:07:58 208384 ----a-w- c:\windows\system32\rsaenh.dll
2008-04-13 21:07:58 138752 ----a-w- c:\windows\system32\dssenh.dll
2008-04-13 20:56:08 12288 ----a-w- c:\windows\system32\mscpx32r.dLL
2008-04-13 20:56:06 12288 ----a-w- c:\windows\system32\odbcp32r.dll
2008-04-13 20:54:18 16384 ----a-w- c:\windows\system32\simpdata.tlb
2008-04-13 20:54:02 12288 ----a-w- c:\windows\system32\msdatsrc.tlb
2008-04-13 20:51:34 733696 ----a-w- c:\windows\system32\qedwipes.dll
2008-04-13 20:24:56 54000 ----a-w- c:\windows\system32\dosx.exe
2008-04-13 20:24:48 5120 ----a-w- c:\windows\system32\winnls.dll
2008-04-13 20:23:38 92480 ----a-w- c:\windows\system32\krnl386.exe
2008-04-13 20:22:34 3346 ----a-w- c:\windows\system32\redir.exe
2008-04-13 20:20:56 42537 ----a-w- c:\windows\system32\keyboard.sys
2008-04-13 20:19:50 34016 ----a-w- c:\windows\system32\ntio.sys
2008-04-13 20:19:44 35424 ----a-w- c:\windows\system32\ntio412.sys
2008-04-13 20:19:44 34560 ----a-w- c:\windows\system32\ntio404.sys
2008-04-13 20:19:42 34560 ----a-w- c:\windows\system32\ntio804.sys
2008-04-13 20:19:40 35648 ----a-w- c:\windows\system32\ntio411.sys
2008-04-13 20:18:54 1692672 ----a-w- c:\windows\system32\winbrand.dll
2008-04-13 20:15:32 216064 ----a-w- c:\windows\system32\moricons.dll
2008-04-13 20:09:16 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys
2008-04-13 20:06:06 144384 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2008-04-13 19:53:32 48128 ----a-w- c:\windows\system32\msprivs.dll
2008-04-13 19:12:08 16896 ----a-w- c:\windows\system32\stdole2.tlb
2008-04-13 19:09:44 884736 ----a-w- c:\windows\system32\msimsg.dll
2007-10-24 06:47:38 84480 ----a-w- c:\windows\system32\mscories.dll
2007-10-24 06:47:38 282112 ----a-w- c:\windows\system32\mscoree.dll
2007-10-24 06:47:38 158720 ----a-w- c:\windows\system32\mscorier.dll
2007-10-24 06:47:38 158720 ----a-w- c:\archivos de programa\internet explorer\mui\0409\mscorier.dll
2007-10-24 06:47:28 96760 ----a-w- c:\windows\system32\dfshim.dll
2007-10-22 13:00:52 1516568 ----a-w- c:\windows\system32\msjet40.dll
2007-10-01 12:27:40 281600 ----a-w- c:\windows\system32\drivers\ADIHdAud.sys
2007-08-30 08:17:16 435712 ----a-w- c:\windows\system32\M3.dll
2007-08-30 08:12:40 1199104 ----a-w- c:\windows\system32\ATSC70.dll
2007-07-13 09:26:12 94976 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2007-04-03 06:44:48 981760 ----a-w- c:\windows\system32\mfc42u.dll
2007-04-02 17:35:22 4656 ----a-w- c:\windows\system32\ds16gt.dLL
2007-04-02 17:35:22 26224 ----a-w- c:\windows\system32\odbc16gt.dll
2007-04-02 16:22:02 355104 ----a-w- c:\windows\system32\msxbde40.dll
2007-04-02 16:21:48 838432 ----a-w- c:\windows\system32\mswdat10.dll
2007-04-02 16:21:28 264992 ----a-w- c:\windows\system32\mstext40.dll
2007-04-02 16:21:06 559904 ----a-w- c:\windows\system32\msrepl40.dll
2007-04-02 16:20:44 322336 ----a-w- c:\windows\system32\msrd3x40.dll
2007-04-02 16:20:28 432928 ----a-w- c:\windows\system32\msrd2x40.dll
2007-04-02 16:20:06 355104 ----a-w- c:\windows\system32\mspbde40.dll
2007-04-02 16:19:52 219936 ----a-w- c:\windows\system32\msltus40.dll
2007-04-02 16:19:38 248608 ----a-w- c:\windows\system32\msjtes40.dll
2007-04-02 16:19:34 60192 ----a-w- c:\windows\system32\msjter40.dll
2007-04-02 16:18:00 326432 ----a-w- c:\windows\system32\msexcl40.dll
2007-04-02 16:17:44 518944 ----a-w- c:\windows\system32\msexch40.dll
2007-03-28 16:24:52 98304 ----a-w- c:\windows\system32\sqlsrv32.rll
2007-03-28 16:24:50 28672 ----a-w- c:\windows\system32\cliconfg.rll
2007-03-28 16:24:48 102400 ----a-w- c:\windows\system32\odbcint.dll
2007-03-28 16:24:44 621344 ----a-w- c:\windows\system32\mswstr10.dll
2007-03-28 16:24:38 24576 ----a-w- c:\windows\system32\msorc32r.dll
2007-03-28 16:24:38 187168 ----a-w- c:\windows\system32\msjint40.dll
2006-12-31 05:08:20 177272 ----a-w- c:\windows\system32\xenroll.dll
2006-12-29 16:34:58 7168 ----a-w- c:\windows\system32\stdole32.tlb
2006-06-30 15:00:50 28160 ----a-w- c:\windows\system32\PostProc.dll
2006-03-01 02:53:40 773120 ----a-w- c:\windows\system32\bubbles.scr
2005-12-23 07:53:00 150016 ----a-w- c:\archivos de programa\internet explorer\mui\0c0a\mscorier.dll
2005-07-11 02:42:34 2048 ----a-w- c:\windows\system32\hidcon.exe
2004-12-19 09:32:54 31232 ----a-w- c:\windows\system32\cmdow.exe
2004-09-21 00:12:48 109256 ----a-w- c:\archivos de programa\archivos comunes\microsoft shared\dw\1025\DWINTL20.DLL
2003-08-14 17:59:40 26013 ----a-w- c:\windows\system32\sleep.exe
2003-08-08 19:44:48 111192 ----a-w- c:\archivos de programa\archivos comunes\microsoft shared\dw\3082\DWINTL20.DLL
2003-08-08 18:35:44 112216 ----a-w- c:\archivos de programa\archivos comunes\microsoft shared\dw\1036\DWINTL20.DLL
2003-08-08 18:34:08 111704 ----a-w- c:\archivos de programa\archivos comunes\microsoft shared\dw\1040\DWINTL20.DLL
2003-07-15 02:54:00 109120 ----a-w- c:\archivos de programa\archivos comunes\microsoft shared\dw\1042\DWINTL20.DLL
2003-07-15 02:53:46 109120 ----a-w- c:\archivos de programa\archivos comunes\microsoft shared\dw\1028\DWINTL20.DLL
2003-07-15 02:53:28 112704 ----a-w- c:\archivos de programa\archivos comunes\microsoft shared\dw\1031\DWINTL20.DLL
2003-07-15 02:53:22 109120 ----a-w- c:\archivos de programa\archivos comunes\microsoft shared\dw\1041\DWINTL20.DLL
2003-07-15 02:53:12 109120 ----a-w- c:\archivos de programa\archivos comunes\microsoft shared\dw\2052\DWINTL20.DLL
2003-07-15 02:53:12 109120 ----a-w- c:\archivos de programa\archivos comunes\microsoft shared\dw\1033\DWINTL20.DLL
2003-02-20 17:16:34 32768 ----a-w- c:\windows\system32\netfxperf.dll
2001-10-06 17:58:34 13107200 ----a-w- c:\windows\system32\oembios.bin
2001-09-26 16:11:00 1634304 ----a-w- c:\windows\system32\XPize.scr
2001-08-22 20:15:42 77891 ----a-w- c:\windows\system32\usrmlnka.exe
2001-08-22 20:14:46 3200 ----a-w- c:\windows\system32\wowfax.dll
2001-08-22 19:45:38 12416 ----a-w- c:\windows\system32\drivers\fsvga.sys
2001-08-17 20:06:22 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2001-08-17 19:52:30 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2001-08-17 19:24:46 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2001-08-17 19:24:46 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2001-08-17 19:24:44 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2001-08-17 19:24:38 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
1980-01-09 09:15:16 -------- d-----w- c:\windows\system32\xircom
1980-01-09 09:15:16 -------- d-----w- c:\windows\system32\wbem\snmp
1980-01-09 09:15:16 -------- d-----w- c:\windows\system32\oobe
1980-01-09 09:15:16 -------- d-----w- c:\windows\srchasst
1980-01-09 09:15:16 -------- d-----w- c:\windows\msagent
1980-01-09 09:15:16 -------- d-----w- c:\archivos de programa\msn gaming zone
1980-01-09 09:08:02 -------- d-sha-r- C:\cmdcons
1980-01-09 09:07:21 98816 ----a-w- c:\windows\sed.exe
1980-01-09 09:07:21 256000 ----a-w- c:\windows\PEV.exe
1980-01-09 09:07:21 208896 ----a-w- c:\windows\MBR.exe
1980-01-09 08:51:24 -------- d-----w- c:\documents and settings\all users\datos de programa\InternetUpdater
1980-01-09 08:50:59 -------- d-----w- c:\documents and settings\administrador\datos de programa\AVAST Software
1980-01-09 08:48:19 -------- d-----w- c:\documents and settings\all users\datos de programa\Updater
1980-01-09 08:48:19 -------- d-----w- c:\documents and settings\all users\datos de programa\RHelpers
1980-01-09 08:48:14 -------- d-----w- c:\documents and settings\all users\datos de programa\Websteroids
1980-01-09 08:43:14 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
1980-01-09 08:43:14 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
1980-01-09 08:43:13 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
1980-01-09 08:28:28 -------- d-----w- c:\documents and settings\administrador\configuración local\datos de programa\Deployment
1980-01-09 08:25:53 188416 ----a-w- c:\windows\system32\igfxres.dll
1980-01-09 08:21:59 208896 ----a-w- c:\windows\system32\igfxdev.dll
1980-01-09 08:20:40 -------- d-----w- c:\windows\system32\SoftwareDistribution
1980-01-09 08:20:23 57344 ----a-r- c:\documents and settings\administrador\datos de programa\microsoft\installer\{7f362f06-a9a3-440f-8b19-6a01a72723c4}\ARPPRODUCTICON.exe
1980-01-09 08:20:23 -------- d-----w- c:\archivos de programa\Fingerprint Sensor
1980-01-09 08:20:21 45056 ----a-w- c:\windows\FPDRV_Ver.dll
1980-01-09 08:18:51 745472 ----a-w- c:\windows\system32\NETw4c32.dll
1980-01-09 08:18:51 2777088 ----a-w- c:\windows\system32\NETw4r32.dll
1980-01-09 08:18:51 2236544 ----a-w- c:\windows\system32\drivers\NETw4x32.sys
1980-01-09 08:17:11 -------- d-----w- c:\archivos de programa\Broadcom
1980-01-09 08:15:54 -------- d-----w- c:\windows\system32\ReinstallBackups
1980-01-09 08:15:45 -------- d-----w- C:\swsetup
1980-01-09 08:13:16 -------- d-----w- c:\documents and settings\administrador\configuración local\datos de programa\Google
1980-01-09 08:13:14 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
1980-01-09 08:12:55 43152 ----a-w- c:\windows\avastSS.scr
1980-01-09 08:12:37 -------- d-----w- c:\documents and settings\all users\datos de programa\AVAST Software
1980-01-09 08:12:37 -------- d-----w- c:\archivos de programa\AVAST Software
1980-01-09 08:05:51 221184 ----a-w- c:\windows\system32\wmpns.dll
1980-01-09 08:00:05 -------- d-----w- c:\archivos de programa\TaskSwitchXP
.
==================== Find3M  ====================
.
2012-06-02 14:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2008-08-20 09:06:22 170520 ----a-w- c:\windows\system32\igfxzoom.exe
2008-08-20 09:06:16 141848 ----a-w- c:\windows\system32\igfxtray.exe
2008-08-20 09:06:12 256536 ----a-w- c:\windows\system32\igfxsrvc.exe
2008-08-20 09:06:08 137752 ----a-w- c:\windows\system32\igfxpers.exe
2008-08-20 09:06:02 170520 ----a-w- c:\windows\system32\igfxext.exe
2008-08-20 09:05:58 530968 ----a-w- c:\windows\system32\igfxcfg.exe
2008-08-20 09:05:46 166424 ----a-w- c:\windows\system32\hkcmd.exe
2008-08-20 09:05:30 920088 ----a-w- c:\windows\system32\igxpun.exe
2008-05-11 18:54:20 1831424 ----a-w- c:\windows\system32\inetcpl.cpl
2008-05-11 18:54:12 826368 ----a-w- c:\windows\system32\wininet.dll
2008-05-11 18:28:56 24576 ----a-w- c:\windows\system32\nlsdl.dll
2008-04-28 20:58:52 676224 ----a-w- c:\windows\system32\OgaCheckControl.dll
2008-04-14 06:53:30 1246421 ----a-r- c:\windows\SET3.tmp
2008-04-14 06:46:54 16825 ----a-r- c:\windows\SET8.tmp
2008-04-14 06:46:54 1088840 ----a-r- c:\windows\SET4.tmp
2008-04-14 05:48:58 86528 ----a-w- c:\windows\system32\eventtriggers.exe
2008-04-14 05:47:56 5632 ----a-w- c:\windows\system32\wmi.dll
2008-04-14 05:47:42 233984 ----a-w- c:\windows\system32\sysmon.ocx
2008-04-14 05:47:38 86016 ----a-w- c:\windows\system32\sl_anet.acm
2008-04-14 05:47:34 103424 ----a-w- c:\windows\system32\dpcdll.dll
2008-04-14 05:47:26 81920 ----a-w- c:\windows\system32\proctexe.ocx
2008-04-14 05:47:22 61471 ----a-w- c:\windows\system32\odbcji32.dll
2008-04-14 05:47:12 110592 ----a-w- c:\windows\system32\msscript.ocx
2008-04-14 05:47:06 4126 ----a-w- c:\windows\system32\msdxmlc.dll
2008-04-14 05:47:06 1069594 ----a-w- c:\windows\system32\msdxm.ocx
2008-04-14 05:47:04 3584 ----a-w- c:\windows\system32\msafd.dll
2008-04-14 05:47:04 294912 ----a-w- c:\windows\system32\msaud32.acm
2008-04-14 05:47:04 177152 ----a-w- c:\windows\system32\MSCTFIME.IME
2008-04-14 05:47:04 14848 ----a-w- c:\windows\system32\msadp32.acm
2008-04-14 05:28:44 73472 ----a-w- c:\windows\system32\drivers\sr.sys
2008-04-14 05:24:28 81920 ----a-w- c:\windows\system32\msshavmsg.dll
2008-04-14 05:23:44 57856 ----a-w- c:\windows\system32\inetres.dll
2008-04-14 05:23:22 7680 ----a-w- c:\windows\system32\wbem\wmiapres.dll
2008-04-14 05:19:04 70544 ----a-w- c:\windows\system\MMSYSTEM.DLL
2008-04-14 04:49:44 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2008-04-14 04:49:20 294912 ----a-w- c:\windows\system32\msh263.drv
2008-04-14 04:49:20 23552 ----a-w- c:\windows\system32\wdmaud.drv
2008-04-14 04:49:20 129536 ----a-w- c:\windows\system32\ksproxy.ax
2008-04-14 04:48:46 77824 ----a-w- c:\windows\system32\usbui.dll
2008-04-14 04:48:46 76288 ----a-w- c:\windows\system32\storprop.dll
2008-04-14 04:48:36 29184 ----a-w- c:\windows\system32\sdhcinst.dll
2008-04-14 04:48:26 4096 ----a-w- c:\windows\system32\ksuser.dll
2008-04-14 04:48:20 30208 ----a-w- c:\windows\system32\bthserv.dll
2008-04-14 04:48:20 20992 ----a-w- c:\windows\system32\bthci.dll
2008-04-14 04:24:06 5632 ----a-w- c:\windows\system32\drivers\intelide.sys
2008-04-14 04:21:32 58880 ----a-w- c:\windows\system32\drivers\redbook.sys
2008-04-13 22:24:30 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2008-04-13 22:03:00 129792 ----a-w- c:\windows\system32\drivers\fltMgr.sys
2008-04-13 21:49:42 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2008-04-13 21:47:20 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2008-04-13 21:45:56 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2008-04-13 21:15:16 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2008-04-13 21:15:14 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2008-04-13 21:15:10 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2008-04-13 21:15:10 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2008-04-13 21:15:08 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2008-04-13 21:15:02 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2008-04-13 21:10:32 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2008-04-13 21:10:30 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys
2008-04-13 21:09:54 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2008-04-13 21:09:52 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2008-04-13 21:09:52 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2008-04-13 21:06:40 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2008-04-13 21:06:38 13952 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2008-04-13 21:06:38 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2008-04-13 21:06:34 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2008-04-13 21:02:52 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2008-04-13 19:09:24 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2008-03-25 01:37:01 180224 ----a-w- c:\windows\system32\javacpl.cpl
2008-02-15 13:21:56 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll
2008-02-15 13:12:16 1670144 ----a-w- c:\windows\system32\igxpdv32.dll
2008-02-15 13:12:14 2643968 ----a-w- c:\windows\system32\igxpdx32.dll
2008-02-15 13:12:06 5854752 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2008-02-15 13:12:06 57344 ----a-w- c:\windows\system32\igxprd32.dll
2008-02-15 13:12:06 151040 ----a-w- c:\windows\system32\igxpgd32.dll
2008-02-15 13:01:04 294912 ----a-w- c:\windows\system32\igldev32.dll
2008-02-15 13:00:58 2334720 ----a-w- c:\windows\system32\iglicd32.dll
2008-02-15 12:46:28 122880 ----a-w- c:\windows\system32\igfxcpl.cpl
2008-02-15 12:46:26 204800 ----a-w- c:\windows\system32\igfxpph.dll
2008-02-15 12:46:18 24576 ----a-w- c:\windows\system32\igfxexps.dll
2008-02-15 12:46:16 135168 ----a-w- c:\windows\system32\igfxdo.dll
2008-02-15 12:46:08 48128 ----a-w- c:\windows\system32\igfxsrvc.dll
2008-02-15 12:45:44 102400 ----a-w- c:\windows\system32\hccutils.dll
2008-02-15 12:45:40 172032 ----a-w- c:\windows\system32\igfxrenu.lrc
2008-02-15 12:45:28 3293184 ----a-w- c:\windows\system32\igfxress.dll
2007-10-29 11:45:44 967440 ----a-w- c:\windows\system32\calc.exe
2007-04-02 16:19:22 355112 ----a-w- c:\windows\system32\msjetoledb40.dll
2007-04-02 16:17:44 518944 ----a-w- c:\windows\system32\msexch40.dll
2006-11-10 08:25:46 319456 ----a-w- c:\windows\system32\difxapi.dll
2006-07-10 14:42:46 49152 ------w- c:\windows\system32\DSndUp.exe
2005-05-04 08:20:00 53248 ------w- c:\windows\system32\wdmioctl.dll
2002-04-17 14:05:32 45056 ------w- c:\windows\system32\CleanUp.exe
2001-09-11 14:20:50 1285632 ------w- c:\windows\system32\SMMedia.dll
2001-08-17 18:59:44 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2001-08-17 18:46:40 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
1980-01-09 07:04:10 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
.
============= FINISH: 20:58:35,46 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 24 February 2014 - 06:40 AM

Hi,
 

Run by Administrador at 20:58:01 on 1980-01-10

These SSL errors in Chrome might be caused by your system date that is many years in the past. Set the correct date and time: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_date_change_time.mspx?mfr=true

Edited by aharonov, 24 February 2014 - 06:41 AM.


#3 billyn4

billyn4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 25 February 2014 - 06:30 AM

Hi aharonov,

 

Thanks a lot for your help.

 

After setting the correct time and date, the error has stopped coming up. 

 

Should I run any further scans? I have to say that before asking for help here and because I was quite desperate, I ran ComboFix and it said explorer.exe was infected as well as other .exe system files. Should I worry about this?

 

Thanks again.



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 25 February 2014 - 06:53 AM

Hi,

please post up the log file of this Combofix run (C:\Combofix.txt).

#5 billyn4

billyn4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 28 February 2014 - 03:40 AM

Hi,

please post up the log file of this Combofix run (C:\Combofix.txt).

Hi aharonov,

 

I will post it tomorrow as soon as I'm home.

 

Thans so much for your help. 



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 28 February 2014 - 03:58 AM

Hi,

all right. :)

#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 12 March 2014 - 12:07 PM

Do you still need help?



#8 billyn4

billyn4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 13 March 2014 - 06:23 AM

Sorry for not letting you know, but I don't have access to that computer right now. 

 

You can close the topic for now.

 

Thanks a lot for your assistance. 



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 13 March 2014 - 08:01 AM

All right, thanks for letting me know.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users