Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE7 takeover and pop-ups


  • This topic is locked This topic is locked
2 replies to this topic

#1 shanegarr

shanegarr

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 09 January 2009 - 09:57 PM

Internet Explorer starts up on its own and I keep getting a pop-up at the bottom of my screen that has a different add for something every time. I keep getting a pop-up saying my download of a certain porn video is done and ask if I want to play it now. I have not downloaded any videos. I also get a pop-up saying I have infected files on my computer and I need to click yes to download a program to fix it. It doesn't say what the program name is. I have to use Firefox because IE7 has been taken over by something. If I try to go to any website I get redirected to either a blank page or a search results page. <http://123.fluxads.com/sw/10208/CD8319/> is something that keeps popping up with a blank page. <http://www.consumerrewards.us.com/?config=4776&src=WC-95274aaa2571.ecovg:163700:> is another one.

DDS (Ver_09-01-07.01) - NTFSx86
Run by Shane at 19:13:52.39 on 2009-01-09
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1318 [GMT -6:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
D:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
D:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\dtsdeqls.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Eco Ads\ecoads.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ppcbooster\ppcb_32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Shane\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: adsoftinc: {49b8c2b8-351f-fb97-0db7-45a11ddd4d65} - c:\windows\system32\nsmE7.dll
BHO: winhost_app.winhost_appdll: {5e06398e-3017-467b-a399-18425a20f655} - c:\windows\winhost_app.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: TBSB05288 Class: {6714adbd-c6c1-42a8-bd84-9c9339059421} - c:\program files\ietoolbar\eco bar\ecobar.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: adsoftinc browser enhancer: {9c7b2557-49c8-9e9d-27ac-5d89ac2ad384} - c:\windows\system32\htepknhacqpfmksqy.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: SmsToolbar: {d804f606-dc8a-4ecd-9ff7-10390305239b} - c:\windows\system32\fkinjzg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: ECO Bar: {10000000-1000-1000-1000-100000000000} - c:\program files\ietoolbar\eco bar\ecobar.dll
TB: {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ScanSoft OmniPage 16-reminder] "d:\program files\scansoft\omnipage16\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 16\ereg\Ereg.ini"
mRun: [WinFaxAppPortStarter] "c:\windows\system32\wfxsnt40.exe"
mRun: [WFXSwtch] "c:\progra~1\winfax\WFXSWTCH.exe"
mRun: [VirtualDrive] "d:\program files\farstone\virtualdrive\VDTask.exe" /AutoRestore
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE"
mRun: [RAMDrive] "d:\program files\farstone\virtualdrive\vhd\RDTask.exe"
mRun: [PC Pitstop Optimize Scheduler] "c:\program files\pcpitstop\optimize\PCPOptimize.exe" -boot
mRun: [OSSelectorReinstall] "c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe"
mRun: [LXBRKsk] "c:\progra~1\lexmar~2\LXBRKsk.exe"
mRun: [Logitech Utility] "c:\windows\Logi_MwX.Exe"
mRun: [Lexmark X5100 Series] "c:\program files\lexmark x5100 series\lxbabmgr.exe"
mRun: [Lexmark 3100 Series] "c:\program files\lexmark 3100 series\lxbrbmgr.exe"
mRun: [fontnav] "c:\program files\corel\wordperfect office 2000\font navigator\FontNav.exe" *1
mRun: [AcronisTimounterMonitor] "c:\program files\acronis\trueimagehome\TimounterMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [RemoteControl8] "d:\program files\cyberlink\powerdvd8\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "d:\program files\cyberlink\powerdvd8\powerdvd8\language\Language.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [yhuoevthel] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\htepknhacqpfmksqy.dll"
mRun: [dtsdeqls] "c:\windows\system32\dtsdeqls.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\shane\startm~1\programs\startup\ecoads.lnk - c:\program files\eco ads\ecoads.exe
StartupFolder: c:\docume~1\shane\startm~1\programs\startup\p2pmax.lnk - c:\program files\p2pmax\p2pmax.exe
StartupFolder: c:\docume~1\shane\startm~1\programs\startup\ppcb_32.lnk - c:\program files\ppcbooster\ppcb_32.exe
StartupFolder: c:\docume~1\shane\startm~1\programs\startup\runit_32.lnk - c:\program files\runit\runit_32.exe
IE: &Search - ?p=ZJxdm128YYUS
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: msn.com\www
Trusted Zone: myyearbook.com\www
Trusted Zone: turbotax.com
Notify: AtiExtEvent - Ati2evxx.dll
Notify: c00D8C2C - c00D8C2C.mat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shane\applic~1\mozilla\firefox\profiles\mrunq3q3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - component: c:\program files\mozilla firefox\components\nsadsoftinc.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: d:\gametap\bin\release\npgametaptool.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=

============= SERVICES / DRIVERS ===============

R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [2007-10-27 32768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-4 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090109.003\NAVENG.SYS [2009-1-9 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090109.003\NAVEX15.SYS [2009-1-9 876112]
R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};d:\program files\cyberlink\powerdvd8\powerdvd8\000.fcl [2008-6-27 61424]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R4 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2008-2-18 214888]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R4 Marvell RAID;Marvell RAID Event Agent;c:\program files\marvell\61xx\svc\mvraidsvc.exe [2006-7-25 114688]
R4 MRUWebService;MRU Web Service;c:\program files\marvell\61xx\apache2\bin\Apache.exe [2006-6-26 20541]
R4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208]
R4 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2008-6-14 11018]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2008-6-14 8704]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-2-2 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-2-2 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-2-2 23680]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-1-4 1245064]

=============== Created Last 30 ================

2009-01-08 16:30 446,464 a------- c:\windows\system32\rinhlsvc.exe
2009-01-08 16:30 158,720 a------- c:\windows\vcssm01403.exe
2009-01-08 16:30 102,917 a------- c:\windows\uuuwp82660.exe
2009-01-08 16:30 446,464 a------- c:\windows\system32\dtsdeqls.exe
2009-01-08 16:30 158,720 a------- c:\windows\qmho44184.exe
2009-01-08 16:30 <DIR> --d----- c:\program files\Eco Ads
2009-01-08 16:30 596,448 a------- c:\windows\snwso06641.exe
2009-01-08 16:30 102,917 a------- c:\windows\etrr74340.exe
2009-01-08 16:30 56,318 a------- c:\windows\pboqw47227.exe
2009-01-08 16:30 905,670 a------- c:\windows\swrim45012.exe
2009-01-08 16:30 85,460 a------- c:\windows\agdlk26546.exe
2009-01-08 16:30 596,448 a------- c:\windows\jenj4633.exe
2009-01-08 16:29 28,672 a------- c:\windows\xajw2481.exe
2009-01-08 16:29 <DIR> --d----- c:\program files\p2pmax
2009-01-08 16:29 56,318 a------- c:\windows\ixsd70288.exe
2009-01-08 16:29 <DIR> --d----- c:\program files\IEToolbar
2009-01-08 16:29 69,686 a------- c:\windows\awrhm45212.exe
2009-01-08 16:29 905,670 a------- c:\windows\mqlb88068.exe
2009-01-08 16:29 <DIR> --d----- c:\program files\ppcbooster
2009-01-08 16:29 85,460 a------- c:\windows\khpi46768.exe
2009-01-08 16:29 28,672 a------- c:\windows\bkxc2816.exe
2009-01-08 16:29 <DIR> --d----- c:\program files\runit
2009-01-08 16:29 69,686 a------- c:\windows\txxw4563.exe
2009-01-08 16:29 85,293 a------- c:\windows\system32\cont_adsoftinc-remove.exe
2009-01-08 16:29 32,768 a------- c:\windows\sdrtb6863.exe
2009-01-08 16:29 95,232 a------- c:\windows\upfkk4101.exe
2009-01-08 16:29 47,578 a------- c:\windows\system32\eofkshrvytkmksjfo.exe
2009-01-08 16:29 200,483 a------- c:\windows\scblw4356.exe
2009-01-06 10:50 687,104 a------- c:\windows\system32\nsmE7.dll
2009-01-05 15:55 230,424 a------- C:\img2-001.raw
2009-01-05 15:50 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-01-05 15:50 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-01-05 15:48 1,966,696 a------- c:\windows\system32\drivers\VX3000.sys
2009-01-05 15:48 709,992 a------- c:\windows\vVX3000.exe
2009-01-05 15:48 476,520 a------- c:\windows\vVX3000.dll
2009-01-05 15:48 202,088 a------- c:\windows\system32\LCCoin14.dll
2009-01-05 15:48 185,704 a------- c:\windows\system32\cVX3000.dll
2009-01-05 15:48 111,976 a------- c:\windows\VX3000.dll
2009-01-05 15:48 15,498 a------- c:\windows\VX3000.ini
2009-01-05 15:48 13,023 a------- c:\windows\VX3000.src
2009-01-05 15:43 <DIR> --d----- c:\program files\Microsoft LifeCam
2009-01-04 16:17 21,446 a------- c:\windows\system32\sf.ico
2009-01-04 16:17 13,942 a------- c:\windows\system32\m3.ico
2009-01-04 16:17 13,942 a------- c:\windows\system32\c.ico
2009-01-04 16:17 11,062 a------- c:\windows\system32\p.ico
2009-01-04 16:17 7,662 a------- c:\windows\system32\m.ico
2009-01-04 16:17 4,286 a------- c:\windows\system32\s.ico
2009-01-04 16:17 3,095 a------- c:\windows\ios.dat
2009-01-04 12:09 <DIR> --d----- c:\program files\Norton 360
2009-01-04 12:08 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-04 12:08 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-04 12:08 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-04 12:08 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-04 10:31 <DIR> --d----- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-01-03 23:48 <DIR> --d----- c:\program files\iPod
2009-01-03 23:48 <DIR> --d----- c:\program files\iTunes
2009-01-03 20:00 <DIR> --d----- c:\program files\Nero
2009-01-03 19:10 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-01-03 19:10 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-01-03 19:10 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-01-03 19:10 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-01-03 19:10 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-01-03 19:10 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-01-03 19:10 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2009-01-03 15:47 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-01-03 15:46 <DIR> --d----- c:\docume~1\shane\applic~1\uniblue
2009-01-03 15:45 <DIR> --d----- c:\program files\Uniblue
2009-01-03 15:40 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-03 15:35 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-03 15:22 <DIR> --d-hr-- C:\AHCache
2009-01-02 17:11 389,120 a------- c:\windows\system32\CF9115.exe
2009-01-02 17:10 389,120 a------- c:\windows\system32\CF8903.exe
2009-01-02 17:10 6,736 a------- c:\windows\system32\drivers\PROCEXP90.SYS
2009-01-02 13:59 <DIR> --d----- c:\windows\Full Speed
2009-01-02 13:59 <DIR> --d----- c:\program files\Full Speed
2009-01-02 01:39 36,864 a------- c:\windows\winhost_app.dll
2008-12-30 23:09 <DIR> --d----- c:\program files\Bonjour
2008-12-26 07:42 <DIR> --d-h--- c:\windows\PIF
2008-12-26 05:49 <DIR> --d----- C:\LiveVid
2008-12-26 05:47 105,808 -------- c:\windows\system32\drivers\ICAM5D2.sys
2008-12-26 05:47 102,912 -------- c:\windows\system32\Scale_en.dll
2008-12-26 05:47 28,672 -------- c:\windows\system32\Icam5UNI.lrc
2008-12-26 05:47 12,771 -------- c:\windows\system32\Icam5UNI.hlp
2008-12-26 05:42 <DIR> --d----- c:\temp\cs110_XP
2008-12-16 10:18 389,120 a------- c:\windows\system32\htepknhacqpfmksqy.dll

==================== Find3M ====================

2009-01-04 00:26 104,552 a------- c:\docume~1\shane\applic~1\GDIPFONTCACHEV1.DAT
2008-11-16 12:53 2,828 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-11-16 12:50 8 ---shr-- c:\docume~1\alluse~1\applic~1\41BDA0D71D.sys
2008-11-15 16:44 13,664 -------- c:\windows\system32\ealregsnapshot1.reg
2008-10-25 23:19 29,480 -------- c:\windows\system32\msxml3a.dll
2008-10-23 06:36 286,720 -------- c:\windows\system32\gdi32.dll
2008-10-16 14:38 826,368 -------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 -------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 -------- c:\windows\system32\muweb.dll
2008-09-09 20:50 24 a------- c:\documents and settings\shane\jagex_runescape_preferences.dat
2008-09-08 21:34 774,144 a------- c:\program files\RngInterstitial.dll
2008-06-01 00:10 32,768 a------- c:\windows\inf\UpdateUSB.exe
2008-05-10 17:15 69 a------- c:\docume~1\shane\applic~1\LSV6.dat
2007-12-31 13:08 47,360 a------- c:\docume~1\shane\applic~1\pcouffin.sys
2007-12-25 13:51 22,328 a------- c:\docume~1\shane\applic~1\PnkBstrK.sys
2005-03-31 22:17 40,960 a------- c:\program files\Uninstall_CDS.exe
2003-06-13 09:34 50,176 a------- c:\documents and settings\shane\onuninst.dll

============= FINISH: 19:14:36.40 ===============

Attached Files


Edited by Orange Blossom, 09 January 2009 - 10:11 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:31 AM

Posted 24 January 2009 - 06:34 PM

Hello shanegarr,

Posted Image

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:31 AM

Posted 07 February 2009 - 11:11 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users