Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

possible browser hijack help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

possible browser hijack help please

Unread postby sgf909 » October 29th, 2011, 9:26 pm

Hi,

My browser(chrome) has been sending me to some strange places. Microsoft Security Essentials has also been detecting, and trying to remove, a handful of malware over the past couple days.

Exploit:Java/Blacole.A (and .W .X .Y .Z)
TrojanDownloader:Win32/unruy.H
PWS:Win32/Zbot
Exploit:HTML/IframeRef.Z

Thanks in advance.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by dave at 19:06:19 on 2011-10-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1925 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Users\dave\Local Settings\Apps\F.lux\flux.exe
C:\Users\dave\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [F.lux] "C:\Users\dave\Local Settings\Apps\F.lux\flux.exe" /noshow
mRun: [TaskTray]
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8A5B7EA7-69C6-4D61-9707-E019645F8BC7} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [TaskTray]
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\sp6bf1ab.default\
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\dave\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Users\dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-28 366152]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-12-9 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Abyssus;Razer Abyssus;C:\Windows\system32\drivers\Abyssus.sys --> C:\Windows\system32\drivers\Abyssus.sys [?]
S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\dave\Downloads\RealTemp_360\WinRing0x64.sys [2008-7-26 14544]
.
=============== Created Last 30 ================
.
2011-10-30 00:36:17 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0CDDDB8-1D22-418C-B804-3EEE5E64619A}\offreg.dll
2011-10-29 03:25:11 -------- d-----w- C:\Users\dave\AppData\Roaming\Malwarebytes
2011-10-29 03:24:55 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-29 03:24:51 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-29 03:24:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-29 01:29:49 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0CDDDB8-1D22-418C-B804-3EEE5E64619A}\mpengine.dll
2011-10-27 17:41:08 175104 ----a-w- C:\Windows\SysWow64\SNx57.com_
2011-10-26 20:20:20 -------- d-----w- C:\Users\dave\AppData\Roaming\Ugdiy
2011-10-26 20:20:20 -------- d-----w- C:\Users\dave\AppData\Roaming\Ohwu
2011-10-26 07:14:03 -------- d-----we C:\Windows\system64
2011-10-25 18:36:37 -------- d-----w- C:\Users\dave\AppData\Local\Rockstar Games
2011-10-18 01:40:43 -------- d-----w- C:\Program Files (x86)\SopCast
2011-10-17 04:37:48 167936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{1B3A8AE1-15B0-4472-A22B-99BA0C2A8D3D}-Keygen.exe
2011-10-17 04:35:15 -------- d-----w- C:\Users\dave\AppData\Roaming\ChessBase
2011-10-17 04:35:08 -------- d-----w- C:\Users\dave\AppData\Local\ChessBase
2011-10-17 04:34:55 167936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{8A771CEF-7D74-4A77-A143-25518EFBDCBA}-Keygen.exe
2011-10-17 04:33:35 167936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{A2554253-1712-460A-B296-9CD48B9BA113}-Keygen.exe
2011-10-17 04:33:00 167936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{F160E348-FD7D-4330-B5A9-E53D23BB4228}-Keygen.exe
2011-10-17 04:32:02 -------- d-----w- C:\ProgramData\ChessBase
2011-10-17 04:32:02 -------- d-----w- C:\Program Files (x86)\Common Files\ChessBase
2011-10-12 22:58:07 -------- d-----w- C:\Users\dave\AppData\Roaming\mm
2011-10-12 16:57:18 388096 ----a-r- C:\Users\dave\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-12 16:57:16 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-10-12 16:44:27 -------- d-----w- C:\Users\dave\AppData\Local\Chromium
2011-10-12 16:44:04 -------- d-----w- C:\Users\dave\AppData\Local\Ubisoft Game Launcher
2011-10-12 16:41:51 -------- d-----w- C:\Users\dave\AppData\Roaming\Might & Magic Heroes VI
2011-10-12 00:43:59 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-10-12 00:43:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-10-12 00:43:58 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2011-10-12 00:43:58 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2011-10-11 23:07:04 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-11 23:07:03 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-11 23:07:03 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-11 23:07:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-11 23:07:02 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-11 23:06:40 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-11 23:06:40 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-11 23:06:40 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-11 23:06:40 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-11 22:47:58 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-10-11 22:43:41 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-10-11 22:43:40 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-11 22:43:36 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-10-11 22:43:30 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-10-11 22:43:19 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-10-11 22:43:18 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-10-11 22:43:06 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-10-11 22:43:02 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-10-11 22:43:01 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-10-11 22:43:00 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-10-11 22:43:00 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-10-11 22:41:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-10-11 22:41:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-10-11 22:41:58 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-10-11 22:41:57 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-10-11 22:41:57 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-10-11 22:41:57 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-10-11 22:41:54 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-10-11 22:41:52 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-11 22:41:48 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-10-11 22:41:47 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-10-11 22:41:46 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-10-11 22:41:46 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-10-11 22:41:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-10-11 00:37:31 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F715EEE6-5CD4-466E-B552-8DCC1633A8C9}\gapaengine.dll
2011-10-10 04:56:07 -------- d-----w- C:\Users\dave\AppData\Roaming\IObit
2011-10-10 04:55:56 -------- d-----w- C:\Program Files (x86)\IObit
2011-10-03 06:26:48 -------- d-----w- C:\Program Files (x86)\Boxee
2011-10-03 01:55:56 -------- d-----w- C:\Users\dave\AppData\Roaming\com.tametick.CardinalQuest
2011-10-03 01:55:53 -------- d-----w- C:\Program Files (x86)\cardinalquest
2011-10-03 01:53:42 -------- d-----w- C:\Users\dave\AppData\Local\Adobe
.
==================== Find3M ====================
.
2011-10-30 00:46:52 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 22:43:41 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-10-11 22:43:33 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-10-11 22:43:32 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-10-11 22:43:02 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-10-11 22:43:00 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-11 22:43:00 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-10-11 22:42:54 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-11 22:42:52 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-10-11 22:42:46 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-10-11 22:42:43 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-10-11 22:42:33 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-10-11 22:42:29 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-10-11 22:42:25 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-10-11 22:42:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-10-11 22:42:12 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-10-11 22:42:06 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-10-11 22:42:06 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-10-11 22:42:06 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-10-11 22:41:56 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-10-11 22:41:54 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-10-11 22:41:50 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-10-11 22:41:46 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-10-11 22:41:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-10-11 22:41:45 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-10-10 18:53:27 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-10 18:53:27 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-03 11:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-14 17:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 17:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 17:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 17:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 17:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 17:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-29 21:44:50 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-08-29 21:44:50 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-08-29 21:44:50 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-08-29 21:44:50 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-08-24 23:45:39 231440 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
.
============= FINISH: 19:07:10.17 ===============
sgf909
Active Member
 
Posts: 4
Joined: October 29th, 2011, 9:09 pm
Advertisement
Register to Remove

Re: possible browser hijack help please

Unread postby NonSuch » October 29th, 2011, 11:10 pm

This topic is a duplicate copy of the original and therefore will be closed. The original will be left open.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 143 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware