Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, I cannot stop Internet Explorer Window Popups


  • This topic is locked This topic is locked
2 replies to this topic

#1 MNBoatMan

MNBoatMan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 21 July 2009 - 08:59 PM

My computer has been infected with a virus/malware that causes IE screens to popup. These web sites are always selling something and they appear to be random sites.

Computer: Dell workstation running Windows 2000 SP4

Here is a summary of what I have done so far.

Installed SuperAntispyware, ran scan
Uninstalled Alot, Yahoo Toolbar, Yahoo Anti-Spy, Zero Popup
Ran Norton Antivirus Scan
Installed Spybot Search and Destroy, ran scan, re-booted computer
Uninstalled Adaware SE
Installed MalwareBytes, ran scan
Re-booted into Safe Mode, ran another MalwareBytes scan
Uninstalled 3 or 4 poker site programs, re-booted

Here is my DDS log.


DDS (Ver_09-06-26.01) - NTFSx86
Run by wcmweo at 18:07:09.67 on Tue 07/21/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.2046.1251 [GMT -5:00]


============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\BRMFRSMG.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\LIUtilities\WinBackup\wbsched.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\Pplinks.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINNT\System32\SCardSvr.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Temp\DDS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://finance.google.com/finance?ie=UTF-8&hl=en&tab=we
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://smbusiness.dellnet.com/
uWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.comcast.net
mDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Media Access Startup: {25b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\media access startup\1.3.0.790\HPIEAddOn.dll
BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\internet saving optimizer\3.4.0.4340\NPIEAddOn.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [EM_EXEC] c:\progra~1\mousew~1\system\EM_EXEC.EXE
mRun: [WinBackup Scheduler] c:\program files\liutilities\winbackup\wbsched.exe
mRun: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
mRun: [SetDefPrt] c:\program files\brother\brmflpro\SetDefPrt.exe
mRun: [SSC_UserPrompt] "c:\program files\common files\symantec shared\security center\UsrPrmpt.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HPWOTOOLBOX] c:\program files\hp\hp officejet pro k850 series\toolbox\HPWOTBX.exe "-i"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [internat.exe] internat.exe
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\brothe~1.lnk - c:\program files\scansoft\paperport\popup\SmartUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\partygaming\partycasino\RunApp.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\winnt\system32\msjava.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} - hxxp://www.pqpc.com/plugin/axversion/1000/printQuick.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
DPF: {31564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmvax.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} - hxxp://fdl.msn.com/public/investor/v13/invinstl.exe
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://207.188.7.150/2168d734ae29bf137d16/netzip/RdxIE601.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab
DPF: {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_09-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://meetingcenter1.webex.com/client/latest/webex/ieatgpc.cab
DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - hxxp://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://download.yahoo.com/dl/toolbar/yiebio3.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: ?A? c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 fasttrak;fasttrak;c:\winnt\system32\drivers\Fasttrak.sys [2003-1-22 64418]
R0 mraid2k;mraid2k;c:\winnt\system32\drivers\MRAID2K.SYS [2003-1-22 17258]
R1 cdudf;cdudf;c:\winnt\system32\drivers\cdudf.sys [2003-6-27 381975]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-12-19 54968]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2002-5-8 212992]
R2 BrSerial;Brother Serial Driver;c:\winnt\system32\drivers\BrSerial.sys [2004-4-18 56660]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2008-4-15 191848]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2007-9-28 202088]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2008-4-15 169320]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\winnt\system32\drivers\LMIRfsDriver.sys [2008-8-13 47640]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2007-8-13 139888]
R2 NetAlrt;NetAlrt;c:\winnt\system32\drivers\Netalrt.sys [2002-5-7 39680]
R2 PlatAlrt;PlatAlrt;c:\winnt\system32\drivers\platalrt.sys [2002-5-7 23744]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-4-15 1251720]
R3 BrUsbMdm;Brother MFC USB FaxModem driver;c:\winnt\system32\drivers\BrUsbMdm.sys [2004-4-18 10908]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\winnt\system32\drivers\BrUsbScn.sys [2004-4-18 10908]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-1 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090721.006\NAVENG.Sys [2009-7-21 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090721.006\NavEx15.Sys [2009-7-21 875728]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-12-19 337592]
R3 usbhub20;USB Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2009-5-20 49776]
S2 gupdate1c9de156227b53e;Google Update Service (gupdate1c9de156227b53e);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\EL90XBC5.SYS [1999-10-23 61712]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-12 29744]
S3 MTK;Media Technology Kernel Driver;c:\winnt\system32\drivers\mtk.sys --> c:\winnt\system32\drivers\mtk.sys [?]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-12-19 198416]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-07-21 18:07 16,384 a------t c:\winnt\system32\Perflib_Perfdata_480.dat
2009-07-21 18:06 <DIR> --d----- c:\temp\DDS
2009-07-17 13:52 <DIR> --d----- c:\program files\Trend Micro
2009-07-17 13:51 812,344 a------- c:\temp\HJTInstall.exe
2009-07-16 16:35 169,984 a------- c:\winnt\msconfig.exe
2009-07-16 16:33 <DIR> a-d----- c:\winnt\profiles\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-16 16:33 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-16 16:32 16,409,960 a------- c:\temp\spybotsd162.exe
2009-07-07 08:24 <DIR> --d----- c:\winnt\profiles\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-07 08:24 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-07 08:24 <DIR> --d----- c:\docume~1\wcmweo\applic~1\SUPERAntiSpyware.com
2009-07-06 21:01 6,568,480 a------- c:\temp\SUPERAntiSpyware.exe
2009-06-24 18:56 1,284,592 ----h--- c:\winnt\ShellIconCache
2009-06-22 19:13 <DIR> --d----- c:\winnt\winsxs
2009-06-22 19:13 <DIR> --d----- c:\program files\MSECache
2009-06-22 19:11 28,868,320 a------- c:\temp\FileFormatConverters.exe
2009-06-22 12:07 <DIR> --d----- c:\docume~1\wcmweo\applic~1\Malwarebytes
2009-06-22 12:07 38,160 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-06-22 12:07 18,456 a------- c:\winnt\system32\drivers\mbam.sys
2009-06-22 12:07 <DIR> --d----- c:\winnt\profiles\alluse~1\applic~1\Malwarebytes
2009-06-22 12:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-22 12:04 <DIR> --d----- c:\program files\MalwareBytes

==================== Find3M ====================

2009-06-15 23:48 165,136 a------- c:\winnt\system32\t2embed.dll
2009-06-15 23:48 165,136 a------- c:\winnt\system32\dllcache\t2embed.dll
2009-06-15 23:48 81,168 a------- c:\winnt\system32\fontsub.dll
2009-06-15 23:48 81,168 a------- c:\winnt\system32\dllcache\fontsub.dll
2009-06-02 19:23 1,225,728 -------- c:\winnt\system32\quartz.dll
2009-06-02 19:23 1,225,728 -------- c:\winnt\system32\dllcache\quartz.dll
2009-05-07 01:41 263,440 -------- c:\winnt\system32\LOCALSPL.DLL
2009-05-07 01:41 263,440 -------- c:\winnt\system32\dllcache\localspl.dll
2009-05-01 11:28 462,336 -------- c:\winnt\system32\dllcache\URLMON.DLL
2009-04-30 11:05 28,868,320 a------- c:\program files\FileFormatConverters.exe
2009-04-24 04:54 95,504 -------- c:\winnt\system32\WIN32SPL.DLL
2009-04-24 04:54 95,504 -------- c:\winnt\system32\dllcache\win32spl.dll
2008-11-27 18:55 201,376 ac------ c:\program files\GoogleToolbarInstaller_download_signed.exe
2006-10-16 14:20 6,733 -------- c:\documents and settings\wcmweo\audit.dat
2006-08-23 20:43 1,040,872 ac------ c:\program files\gdiplus_dnld.exe
2006-08-23 20:34 5,763,072 ac------ c:\program files\WindowsDefender.msi
2003-06-21 11:23 707 -c------ c:\program files\INSTALL.LOG
2003-01-22 17:08 21,952 -c--h--- c:\program files\FOLDER.HTT
2003-01-22 17:08 271 -c--h--- c:\program files\DESKTOP.INI
2002-07-24 13:00 32,528 ac------ c:\winnt\inf\WBFIRDMA.SYS

============= FINISH: 18:07:39.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:31 PM

Posted 01 August 2009 - 06:39 AM

Hello MNBoatMan,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:31 PM

Posted 25 August 2009 - 08:52 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users