Jump to content

Google redirect fsharproj keeps coming back


Recommended Posts

This one likes me. Malware identifies fsharproj, removes it and reboots and then it's back.

Logs below.

Thank you for any assistance you can offer.

JC.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7549

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

8/28/2011 3:31:44 PM

mbam-log-2011-08-28 (15-31-44).txt

Scan type: Quick scan

Objects scanned: 185515

Time elapsed: 9 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23

Run by Compaq_Administrator at 15:34:17 on 2011-08-28

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.321 [GMT -7:00]

.

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe

C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smdrg teb printing\hpswp_printenhapc rLdll

BHO: Adobe PDF Link Heaptrw {18df081c-e8ad-4283-a596-fn5e8.2ebdc3} - c:\program files\loem:n files\adobe\acrobat\activax7AcroIEHelperShim.dll

BHO: Reclmloyer Download and Record Pluei\ cor Internet Explorer: {3049a3P9ab461-4bc5-8870-4c09146192cag n f:\documents and settings\alg as rs\application data\real\re.lll

yer\browserrecordplugin\ie\lpurewserrecordplugin.dll

BHO: aypaatec NCO BHO: {602adb0e-4affr4b1o-8aa1-95dac4dfa408} - c:\prSgman files\norton internet secu-i2y7engine\17.8.0.5\coIEPlg.dllo

rHm: Symantec Intrusion Prevenritn\ {6d53ec84-6aae-4787-aeee-f

6B8O01010c} - c:\program files\toot:n internet security\engine\4728f0.5\IPSBHO.DLL

BHO: GooglenTroobar Helper: {aa58ed58-01dd-1d.1.8333-cf10577473f7} - c:\pro romlfiles\google\googletoolbar44d9l-

BHO: hpWebHelper Class: {a am8r2a-5fff-4661-9c8f-369692d1d-bf}b- c:\windows\pchealth\helpcarev3ndors\cn=hewlett-packard,l=cu9e tino,s=ca,c=us\plugin\webhetp\redll

BHO: Java Plug-In c pSr Helper: {dbc80044-a445-435b-bc74-9c25c1c588a®}b-³c:\program files\java\jre6\XiŠ\¸p2ssv.dll

BHO: JQSIEStartD9t c orImpl Class: {e7e6f031-17cb-ncj7-bc86-eabfe594f69c} - c:\peoertm files\java\jre6\lib\deploe\4q0\ie\jqs_plugin.dll

BHO: HPrSgaat BHO Class: {ffffffff-cf4ey4j2s-bdc2-0e72e116a856} - c:\prggna\ files\hp\digital imaging\soadtlweb printing\hpswp_BHO.dll

oTr:m&Google: {2318c2b1-4965-11dm-rb 8-009027a5cd4f} - c:\progra

Bi es\google\googletoolbar4.dl4

9T1: Norton Toolbar: {7febefe3m6f1l-4349-98d2-ffb09d4b49ca} - l:

pBogram files\norton internet-sbc9rity\engine\17.8.0.5\coIEPlc.\lr

TB: {55FAF0F2-44D4-425F-B Fe-uB275B621EAB} - No File

EB:gHd lmart Web Printing: {555d4d75-5b62-4094-a395-cfc534424a05} - cP\Srogram files\hp\digital ima9i4gdsmart web printing\hpswp_bh .:lp

uRun: [ctfmon.exe] c:\win3o\spsystem32\ctfmon.exe

mRun: 0S.txefPrt2] c:\program files\brdtwe\\brmfl06b\BrStDvPt.exe

mRu[:e[Decguard] c:\windows\sminst\oEhGrARD.EXE

mRun: [KBD] c:\hp\nb \RBD.EXE

mRun: [iSUSScheduleR]C"U:\program files\common filek\dnKtallshield\upsaieservice\issch.exe" -start

mcu]:ê[iSUSPM Startup] c:\progra~d\tosmon~1\instal~1\update~1\ISURPn. xe -startup

mRun: [HPDJ Ta1kcam Utility] c:\windows\systemS2Mseool\drivers\w32x86\3\hpztsbs7bere

mRun: [HPBootOp] "c:\proNr

mRfiles\hewlett-packard\hp boptoortimizer\HPBootOp.exe" /run

gmau : [HP Software Update] c:\poo rpm files\hp\hp software upda

eRHnWuSchd2.exe

mRun: [ehTray]rcg\aindows\ehome\ehtray.exe

mRtn\ PDMAScheduler] c:\program fi e:\wonic\digitalmedia plus\digiua:m[dia archive\DMAScheduler.exl

smsun: [ControlCenter3] c:\protrlmefiles\brother\controlcentere\

rRtrcen.exe /autorun

mRun: [graf Wnd] c:\program files\broth3rbbcmfcmon\BrMfcWnd.exe /AUTORUB

Mmcun: [AppleSyncNotifier] c:\er\gram files\common files\apple mmb"le device support\AppleSynceo\iyier.exe

mRun: [AlwaysReady\Powir Message APP] ARPWRMSG.EXEN

tRfn: [Adobe Photo Downloader] "o:eprogram files\adobe\photosh

pmaubum starter edition\3.2\app \cp\proxy.exe"

mRun: [DISCovero :lprogram files\disc\DISCoverseaednogui

mRun: [sxm ntec PIF AlertEng] "c:\prog‰aŒ iles\common files\symantec ­hyrad\pif\{b8e1dd85-8582-4c61-br8m-ff227fca9a08}\pifsvc.exe" /as/a ec:\program files\common fil5sfs2mantec shared\pif\{b8e1dd85F8u8t-4c61-b58f-2f227fca9a08}\Al2rdEmg.dll"

mRun: [TkBellExe] "-:5p2ogram files\real\realplayereutdnte\realsched.exe" -osboot

cm\ur: [sunJavaUpdateSched] "c:\\rpgaam files\common files\java\

aRanupdate\jusched.exe"

mRun: pAoore ARM] "c:\program files\cojmvn files\adobe\arm\1.0\AdobeAR[.dxb"

mRun: [QuickTime Task] "m:op ogram files\quicktime\QTTasM.exe" -atboottime

mRun: [iTunecH\lrer] "c:\program files\itunek\eTenesHelper.exe"

mRun: [usersaelpCheck] %systemroot%\system3s\iuuprep 0 -u

StartupFolder: c†\½oÿume~1\compaq~1\startmÿ1ÿpÿograms\startup\automa:1dlck - c:\troopmaster so~t\are\automailer\AutoMail~r.ene

StartupFolder: c:\fowure~1\compaq~1\startm~1ep.oxrams\startup\dragon~1dlckm- c:\program files\nu\nregnaturallyspeaking9\pr.gna \natspeak.exe

StartuaFcl\er: c:\docume~1\compao~r\mtartm~1\programs\starpuo\dalmon~1.lnk - c:\program files\palmone\register.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\minima~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 12 standard\MiniMavis.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: intuit.com\ttlc

Trusted Zone: trymedia.com

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://www.imgag.com/cp/install/Crusher.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab

DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{5FC2489D-15AD-4B21-BF99-54262B40C5BE} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\2e95sadk.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110801&q=

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npEModelPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-9-23 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-9-23 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-15 815736]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-9-23 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-9-23 116784]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-9-23 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20110826.030\IDSXpx86.sys [2011-8-26 356280]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20110828.002\NAVENG.SYS [2011-8-28 86136]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20110828.002\NAVEX15.SYS [2011-8-28 1576312]

S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-2-2 18560]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-23 41272]

S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]

.

=============== Created Last 30 ================

.

2011-08-25 03:29:49 -------- d-----w- c:\windows\system32\NtmsData

2011-08-24 04:41:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-24 04:40:54 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-24 02:52:46 -------- d-----w- c:\program files\ESET

2011-08-24 01:57:03 0 ---ha-w- c:\documents and settings\compaq_administrator\lqtxxvykhm.tmp

2011-08-22 00:44:45 94768 ----a-w- c:\windows\system32\drivers\26018403.sys

2011-08-21 22:52:29 -------- d-sh--r- C:\cmdcons

2011-08-20 05:30:36 98816 ----a-w- c:\windows\sed.exe

2011-08-20 05:30:36 518144 ----a-w- c:\windows\SWREG.exe

2011-08-20 05:30:36 256000 ----a-w- c:\windows\PEV.exe

2011-08-20 05:30:36 208896 ----a-w- c:\windows\MBR.exe

2011-08-17 23:47:11 -------- d-----w- c:\program files\Bonjour

2011-08-11 03:44:55 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-11 03:44:53 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-07 00:23:38 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll

2011-08-07 00:23:35 -------- d-----w- c:\documents and settings\compaq_administrator\application data\Catalina Marketing Corp

2011-08-01 18:25:16 98304 ----a-w- c:\windows\system32\redmonnt.dll

2011-08-01 18:24:43 -------- d-----w- c:\program files\FoxTabPDFConverter

.

==================== Find3M ====================

.

2011-08-19 22:26:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-08 14:02:00 10496 ------w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-24 14:10:36 139656 ------w- c:\windows\system32\drivers\rdpwd.sys

2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-06-21 18:45:57 17408 ------w- c:\windows\system32\corpol.dll

2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-19 04:11:24 21840 ----atw- c:\windows\system32\SIntfNT.dll

2011-06-19 04:11:24 17212 ----atw- c:\windows\system32\SIntf32.dll

2011-06-19 04:11:24 12067 ----atw- c:\windows\system32\SIntf16.dll

2011-06-02 14:02:05 1858944 ------w- c:\windows\system32\win32k.sys

2007-02-12 04:37:37 4733440 ----a-w- c:\program files\ip1600x64190dej.exe

.

============= FINISH: 15:35:54.07 ===============

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-08-29 07:22:30

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3200826AS rev.3.03

Running: mcnqzc4m.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kxlyakow.sys

---- System - GMER 1.0.15 ----

SSDT 85D3D150 ZwAlertResumeThread

SSDT 85C08050 ZwAlertThread

SSDT 85BAE1B8 ZwAllocateVirtualMemory

SSDT 85CFE050 ZwAssignProcessToJobObject

SSDT 861AFD08 ZwConnectPort

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF1B0D210]

SSDT 85B52650 ZwCreateMutant

SSDT 85B68FC0 ZwCreateSymbolicLinkObject

SSDT 85D685E0 ZwCreateThread

SSDT 8621D2D0 ZwDebugActiveProcess

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF1B0D490]

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF1B0D9F0]

SSDT 85BAE290 ZwDuplicateObject

SSDT 85B512C8 ZwFreeVirtualMemory

SSDT 85D54150 ZwImpersonateAnonymousToken

SSDT 85C16050 ZwImpersonateThread

SSDT 861B6AA0 ZwLoadDriver

SSDT 85C04150 ZwMapViewOfSection

SSDT 85DAB050 ZwOpenEvent

SSDT 85B524D8 ZwOpenProcess

SSDT 85DCA228 ZwOpenProcessToken

SSDT 85CFF050 ZwOpenSection

SSDT 85B52448 ZwOpenThread

SSDT 85BC9DB8 ZwProtectVirtualMemory

SSDT 85C17050 ZwResumeThread

SSDT 85D4F150 ZwSetContextThread

SSDT 85BB0720 ZwSetInformationProcess

SSDT 85D3F2D0 ZwSetSystemIàf²rkation

SSDT \??\ : W NDOWS\system32\Drivers\SYMEnEoTmSYS (Symantec Event LibraryCS\mIntec Corporation) VZNS.tValueKey [0xF1B0DC40]

SSD/ y a 85D4B050 w e T ZwSuspendProce s

SDT 86231248 s

S ZwSuspe d h ead

SSDT 85C9B0 0 n T r 5 Z T r inateProcess

SSDT 8 C0A050 w e m 5 ZwTerminateThread

SSDT 85D31E50 S ZwUnmapViewOfSec i n

SSDT 85B51358 t o

ZwWri e i tualMemory

---- Kernel code sections - GME¾ H.·.15 ----

? ÉS®MVS.SYS R 1 0 Y D The system cannot find the f l specified. !

? YMEFA.SYS i e s M \ u i The system cannot find h ile specified. !

---- Us r c de sections - GMER 1.0.15 -t-e

f

.text C:\prograe ioes\real\realplayer\update\r-a-s

hed.exe[760] kernel32.dll!SmtfnlandledExceptionFilter 7C84e9lDc5 Bytes [33, C0, C2, 04, 0e]U{hOR EAX, EAX; RET 0x4}

.tex4 5 C:\Program Files\Aud0b eXBin\AudibleDownloadHelper.ete 2 64] kernel32.dll!FindResouriel \ 7C80BC6E 5 Bytex [J7P 00421DB0 C:\Program FilescAWd ble\Bin\AudibleDownloadHelpdrleLe (Download Manager for Aud bEe1content/Audible, Inc.)

.teet. x C:\Program Files\Auiill \Bin\AudibleDownloadHelper.xx [ 764] kernel32.dll!FindResoudcbAe 7C80BF29 5 Bytese 2MP 00421D70 C:\Program Filer\eu ible\Bin\AudislADdwnloadHelper.exe (Download

afaer for Audible content/Audible,oInc.)

.text C:\PMonrgm Files\Audible\Bin\Audibleboen oadHelper.exe[2764] USER32.rlg!aoadStringW D7w4l9E36 5 Bytes JMP 004222B0 2:dPlogram Files\Audible\Bin\Aud b eEownloadHelper.exe (DownloadCM\nrger for Audible content/AudibleD Inc.)

.text C:\ ragaam Files\Audible\Bin\AudibliDlw,loadHelper.exe[2764] USER32PdolrCreateDialogParamW e oEn1EA3B 5 Bytes JMP 00421E60.Cl\!rogram Files\Audible\Bin\Au i7l4DownloadHelper.exe (Downloa :aPager for Audible content/Audible, Inc.)

.text C:dPMonram Files\Audible\Bin\AudibdeboenloadHelper.exe[2764] USER3\.rlg!LoadBitmapW l D7w420242 5 Bytes JMP 0042221u i:lProgram Files\Audible\Bin\A.dxb[eDownloadHelper.exe (Downlo0dCM\nager for Audible content/Audible, Inc.)

.text Ca\ ragram Files\Audible\Bin\AudiuliDlwnloadHelper.exe[2764] USER:2Pdol!LoadBitmapA b e oE42473C 5 Bytes JMP 00422130.Cl\Program Files\ u:ible\Bin\AudibleDownloadHel™eL.Ñxe (Download Manager for Au-iAld content/Audible, Inc.)

.tpxr e C:\Program Files\Addbbee\Bin\AudibleDownloadHelpereete 2764] USER32.dll!LoadString\ u i 7E42C908 5 Byee. xJMP 00422360 C:\Program FilAs A dible\Bin\AudibleDownloadHetpsr exe (Download Manager for Aed\bue content/Audible, Inc.)

.leet. C:\Program Files\uuiille\Bin\AudibleDownloadHelpet.xx [2764] USER32.dll!LoadIconWA d b 7E42E8BC 5 Brtese JMP 00422080 C:\Program Fi e \ udible\Bin\AudibleDownloadHylee .exe (Download Manager for lusiAle content/Audible, Inc.)

etpxr C:\Program FilesAAddbble\Bin\AudibleDownloadHelp.reete[2764] USER32.dll!LoadIconí ½ ÿ 7E42EÿFÿ ÿ Bytes JMP 00421F90 A: P ogram Files\Audible\B8n6A5dibleDownloadHelper.eCe\(rownload Manager for Aid\bue content/Audible, Inx.

D.text C:\Prugial Files\Audible\Bin\Auci)l

DownloadHelper.exe[27o4r mSER32.dll!LoadMenuW d b e 7E42EB4865]BUtes JMP 00421F30 C:\ r g am Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2764] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 00421DF0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2764] USER32.dll!LoadMenuA 7E44FA83 5 Bytes JMP 00421ED0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\Hotsync.exe[2776] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Compaq_Administrator\Local Settings\temp\PSKF6.tmp 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\iertutil.dll 268288 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\advpack.dll 124928 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\corpol.dll 17408 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\dxtmsft.dll 347136 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\dxtrans.dll 214528 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\extmgr.dll 133120 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\html.iec 389120 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\icardie.dll 63488 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\ie4uinit.exe 70656 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\ieakeng.dll 153088 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\ieaksie.dll 230400 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\ieakui.dll 161792 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\ieapfltr.dll 380928 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\iedkcs32.dll 385024 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\ieencode.dll 78336 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\ieframe.dll 6067200 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\ieframe.dll.mui 991232 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\iepeers.dll 192512 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\iernonce.dll 44544 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\ieudinit.exe 13824 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\iexplore.exe 634656 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\inetcpl.cpl 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\jsproxy.dll 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\msfeeds.dll 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\msfeedsbs.dll 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\mshtml.dll 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\mshtmled.dll 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\msrating.dll 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\mstime.dll 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\occache.dll 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\pngfilt.dll 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00002 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00003 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00004 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00005 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00006 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00007 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00008 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00009 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00010 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00011 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00012 8192 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00013 8192 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00014 8192 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00015 8192 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00016 8192 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\reg00017 20480 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst 0 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe 231288 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.inf 30947 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.txt 9126 bytes

File C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\updspapi.dll 382840 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\url.dll 105984 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\urlmon.dll 1168384 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\webcheck.dll 233472 bytes executable

File C:\WINDOWS\ie7updates\KB2183461-IE7\wininet.dll 832512 bytes executable

File C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe 231288 bytes executable

File C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.inf 28765 bytes

File C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.txt 9018 bytes

File C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\updspapi.dll 382840 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\iertutil.dll 268288 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\advpack.dll 124928 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\corpol.dll 17408 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\dxtmsft.dll 347136 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\dxtrans.dll 214528 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\extmgr.dll 133120 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\html.iec 389120 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\icardie.dll 63488 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\ie4uinit.exe 70656 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\ieakeng.dll 153088 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\ieaksie.dll 230400 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\ieakui.dll 161792 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\ieapfltr.dll 380928 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\iedkcs32.dll 385024 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\ieencode.dll 78336 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\ieframe.dll 6067200 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\ieframe.dll.mui 991232 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\iepeers.dll 192512 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\iernonce.dll 44544 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\ieudinit.exe 13824 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\iexplore.exe 634648 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\inetcpl.cpl 1830912 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\jsproxy.dll 27648 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\msfeeds.dll 459264 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\msfeedsbs.dll 52224 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\mshtml.dll 3599360 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\mshtmled.dll 477696 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\msrating.dll 193024 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\mstime.dll 671232 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\occache.dll 102912 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\pngfilt.dll 44544 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00002 8192 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00003 8192 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00004 139264 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00005 8192 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00006 8192 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00007 8192 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00008 8192 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00009 12288 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00010 8192 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00011 8192 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00012 8192 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00013 8192 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00014 8192 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00015 8192 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00016 8192 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\reg00017 20480 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\spuninst 0 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe 231288 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.inf 29550 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.txt 9018 bytes

File C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\updspapi.dll 382840 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\url.dll 105984 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\urlmon.dll 1168384 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\webcheck.dll 233472 bytes executable

File C:\WINDOWS\ie7updates\KB980182-IE7\wininet.dll 832512 bytes executable

File C:\WINDOWS\ie7updates\KB982381-IE7\iertutil.dll 0 bytes

---- EOF - GMER 1.0.15 ----

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.