Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple pop ups even when blocked i get pop up sound


  • This topic is locked This topic is locked
18 replies to this topic

#1 donnie

donnie

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 24 July 2009 - 06:53 PM

i get pop ups for pc tools, weight loss and diet programs, even when i block pop ups they come through, sometimes just the sound, also every once and a while trend micro soft pc cillin pops up and every time it does my computer locks up no mater how long i let it sit i have to cntl alt del to get out, plus hang time on my browsers are takeing 3 times longer than normal anytime i go to someplace i havent been before, any help would be greatly appreciated, ps i have 3 kids that love to play these "free" online games all the time, im sure this is one of the main culprits. they have since been banned :thumbup2:


DDS (Ver_09-06-26.01) - NTFSx86
Run by jen at 19:32:26.09 on Fri 07/24/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.207 [GMT -4:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: PC-cillin Internet Security - Spyware Protection *enabled* (Outdated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\jen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=20011&l=dis
uWindow Title = Internet Explorer provided by Dell
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Gamevance] c:\program files\gamevance\gamevance32.exe a
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jen\appdata\roaming\mozilla\firefox\profiles\qfmwm3zr.default\
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-4-15 73728]
R2 MrHealthyService;MrHealthy;c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe -service --> c:\program files\norton pc checkup\executables\mrhealthy\MrHealthy.exe -service [?]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-8-27 345432]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-8-27 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-4-15 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-8-27 566872]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-4-15 111616]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-4-15 280392]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-16 33176]

=============== Created Last 30 ================

2009-07-17 23:33 <DIR> --d----- c:\program files\AskBarDis
2009-07-17 23:33 <DIR> --d----- c:\program files\Gamevance
2009-07-16 17:10 19 a------- c:\windows\popcinfo.dat
2009-07-16 17:10 <DIR> --d----- c:\program files\PopCap Games
2009-07-16 10:23 <DIR> --d----- c:\program files\Simon and Schuster
2009-07-15 20:13 <DIR> --d----- c:\programdata\Age of Empires 3
2009-07-15 20:13 <DIR> --d----- c:\progra~2\Age of Empires 3
2009-07-15 20:12 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-07-15 12:06 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 12:06 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 12:06 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 12:06 10,240 a------- c:\windows\system32\dciman32.dll

==================== Find3M ====================

2009-07-22 21:11 100 a------- c:\users\jen\appdata\roaming\wklnhst.dat
2009-07-15 18:38 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-07-15 18:38 17,212 a------t c:\windows\system32\SIntf32.dll
2009-07-15 18:38 12,067 a------t c:\windows\system32\SIntf16.dll
2009-05-01 20:18 108,144 a------- c:\windows\system32\CmdLineExt.dll
2009-01-31 12:53 174 a--sh--- c:\program files\desktop.ini
2009-01-31 12:50 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-31 12:50 86,016 a------- c:\windows\inf\infstor.dat
2009-01-31 12:50 51,200 a------- c:\windows\inf\infpub.dat
2009-01-31 12:41 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-11-23 20:02 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-23 20:02 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-23 20:02 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 19:33:16.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:54 AM

Posted 04 August 2009 - 02:19 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 donnie

donnie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 04 August 2009 - 08:05 PM

hi, thanks for your response.

i am having problems with pop ups, also lots of words are hyperlinked, i get sound pop ups when pop up blocker is on, and the whole system runs slow

DDS (Ver_09-06-26.01) - NTFSx86
Run by jen at 20:58:53.10 on Tue 08/04/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.303 [GMT -4:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: PC-cillin Internet Security - Spyware Protection *enabled* (Outdated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\jen\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
StartupFolder: c:\users\jen\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\users\jen\appdata\roaming\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-4-15 36368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-4-15 111616]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-4-15 280392]

=============== Created Last 30 ================

2009-08-03 22:01 <DIR> --d----- c:\users\jen\appdata\roaming\Scrabble Plus
2009-08-03 22:01 <DIR> --d----- c:\programdata\Trymedia
2009-08-03 22:01 <DIR> --d----- c:\progra~2\Trymedia
2009-08-03 21:59 <DIR> --d----- c:\program files\Yahoo! Games
2009-07-26 12:32 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 12:32 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-26 12:32 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-26 12:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 12:32 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-26 10:59 286,208 a------- C:\bli2rvjb.exe
2009-07-16 17:10 19 a------- c:\windows\popcinfo.dat
2009-07-16 17:10 <DIR> --d----- c:\program files\PopCap Games
2009-07-16 10:23 <DIR> --d----- c:\program files\Simon and Schuster
2009-07-15 20:13 <DIR> --d----- c:\programdata\Age of Empires 3
2009-07-15 20:13 <DIR> --d----- c:\progra~2\Age of Empires 3
2009-07-15 20:12 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-07-15 12:06 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 12:06 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 12:06 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 12:06 10,240 a------- c:\windows\system32\dciman32.dll

==================== Find3M ====================

2009-07-22 21:11 100 a------- c:\users\jen\appdata\roaming\wklnhst.dat
2009-07-18 12:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 12:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 05:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-15 18:38 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-07-15 18:38 17,212 a------t c:\windows\system32\SIntf32.dll
2009-07-15 18:38 12,067 a------t c:\windows\system32\SIntf16.dll
2009-01-31 12:53 174 a--sh--- c:\program files\desktop.ini
2009-01-31 12:50 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-31 12:50 86,016 a------- c:\windows\inf\infstor.dat
2009-01-31 12:50 51,200 a------- c:\windows\inf\infpub.dat
2009-01-31 12:41 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-11-23 20:02 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-23 20:02 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-23 20:02 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 20:59:54.92 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 4/15/2008 9:35:51 AM
System Uptime: 8/4/2009 1:03:32 PM (7 hours ago)

Motherboard: Dell Inc. | | 0U990C
Processor: Intel® Celeron® CPU 550 @ 2.00GHz | Microprocessor | 1995/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 62 GiB total, 33.348 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.422 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0017
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0017
Service: tunnel

==== System Restore Points ===================

RP466: 7/30/2009 3:00:39 AM - Windows Update
RP468: 7/30/2009 4:34:16 PM - Removed Age of Empires III
RP470: 7/30/2009 8:14:32 PM - Removed Age of Empires III
RP472: 7/30/2009 8:15:47 PM - Removed Age of Empires III
RP474: 7/30/2009 8:38:41 PM - Installed Age of Empires III
RP476: 7/31/2009 8:55:20 AM - Installed Age of Empires III
RP477: 7/31/2009 7:42:06 PM - Windows Update
RP478: 8/1/2009 3:00:41 AM - Windows Update
RP479: 8/3/2009 5:11:17 PM - Windows Update
RP480: 8/4/2009 10:38:25 AM - Scheduled Checkpoint

==== Installed Programs ======================

7-Zip 4.57
Acrobat.com
Adobe AIR
Adobe Reader 9.1
Adobe Shockwave Player
Age of Mythology
Barbarian Invasion
Browser Address Error Redirector
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Empire Earth
getPlus® for Adobe
Google Desktop
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
Java™ SE Runtime Environment 6
Malwarebytes' Anti-Malware
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Excel 97
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 97
Microsoft Works
Microsoft Works 2000
Modem Diagnostic Tool
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Music, Photos & Videos Launcher
Netflix Movie Viewer
NetWaiting
Octoshape add-in for Adobe Flash Player
OutlookAddinSetup
ParetoLogic Data Recovery
Pocket RAR documentation
Product Documentation Launcher
QuickSet
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SCRABBLE Plus (remove only)
Trend Micro PC-cillin Internet Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
WLZ - Deluxe Edition
XBCD 1.07
Yahoo! Install Manager

==== Event Viewer Messages From Past Week ========

8/4/2009 9:49:29 AM, Error: EventLog [6008] - The previous system shutdown at 9:47:52 AM on 8/4/2009 was unexpected.
8/4/2009 9:36:58 AM, Error: EventLog [6008] - The previous system shutdown at 9:35:05 AM on 8/4/2009 was unexpected.
8/3/2009 9:21:25 PM, Error: EventLog [6008] - The previous system shutdown at 5:18:35 PM on 8/3/2009 was unexpected.
8/3/2009 11:49:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the STacSV service.
8/1/2009 8:07:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
8/1/2009 12:59:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
8/1/2009 12:56:41 PM, Error: EventLog [6008] - The previous system shutdown at 12:54:56 PM on 8/1/2009 was unexpected.
8/1/2009 11:19:03 AM, Error: EventLog [6008] - The previous system shutdown at 11:15:18 AM on 8/1/2009 was unexpected.
8/1/2009 11:02:44 AM, Error: EventLog [6008] - The previous system shutdown at 11:01:21 AM on 8/1/2009 was unexpected.
7/31/2009 8:23:29 AM, Error: EventLog [6008] - The previous system shutdown at 10:00:14 PM on 7/30/2009 was unexpected.
7/30/2009 4:54:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the service.
7/29/2009 7:57:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
7/29/2009 2:44:06 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/29/2009 2:42:26 PM, Error: EventLog [6008] - The previous system shutdown at 2:41:29 PM on 7/29/2009 was unexpected.
7/29/2009 10:30:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/28/2009 9:06:09 AM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 05 August 2009 - 03:36 PM

Hello.

please run Malwarebytes, followed by GMER. Once those are complete, please take a new DDS run and post back with the logs.

Thanks.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and Run Scan with GMER

We will use GMER to scan for rootkits.This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO..
    Posted Image
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries


~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 donnie

donnie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 05 August 2009 - 09:09 PM

hi, thanks for your response
______________________________________

Malwarebytes' Anti-Malware 1.40
Database version: 2568
Windows 6.0.6001 Service Pack 1

8/5/2009 9:16:44 PM
mbam-log-2009-08-05 (21-16-44).txt

Scan type: Quick Scan
Objects scanned: 87679
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

____________________________________

GMER 1.0.15.15011 [5bgoeo30.exe] - http://www.gmer.net
Rootkit scan 2009-08-05 22:02:27
Windows 6.0.6001 Service Pack 1


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

______________________________________________

DDS (Ver_09-06-26.01) - NTFSx86
Run by jen at 22:03:14.91 on Wed 08/05/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.214 [GMT -4:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: PC-cillin Internet Security - Spyware Protection *enabled* (Outdated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\jen\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\jen\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\users\jen\appdata\roaming\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-4-15 73728]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-8-27 345432]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-8-27 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-4-15 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-8-27 566872]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-4-15 111616]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-4-15 280392]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-16 33176]

=============== Created Last 30 ================

2009-08-05 21:01 <DIR> --d----- c:\users\jen\appdata\roaming\Malwarebytes
2009-08-03 22:01 <DIR> --d----- c:\users\jen\appdata\roaming\Scrabble Plus
2009-08-03 22:01 <DIR> --d----- c:\programdata\Trymedia
2009-08-03 22:01 <DIR> --d----- c:\progra~2\Trymedia
2009-08-03 21:59 <DIR> --d----- c:\program files\Yahoo! Games
2009-07-26 12:32 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 12:32 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-26 12:32 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-26 12:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 12:32 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-26 10:59 286,208 a------- C:\bli2rvjb.exe
2009-07-16 17:10 19 a------- c:\windows\popcinfo.dat
2009-07-16 17:10 <DIR> --d----- c:\program files\PopCap Games
2009-07-16 10:23 <DIR> --d----- c:\program files\Simon and Schuster
2009-07-15 20:13 <DIR> --d----- c:\programdata\Age of Empires 3
2009-07-15 20:13 <DIR> --d----- c:\progra~2\Age of Empires 3
2009-07-15 20:12 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-07-15 12:06 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 12:06 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 12:06 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 12:06 10,240 a------- c:\windows\system32\dciman32.dll

==================== Find3M ====================

2009-07-22 21:11 100 a------- c:\users\jen\appdata\roaming\wklnhst.dat
2009-07-18 12:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 12:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 05:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-15 18:38 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-07-15 18:38 17,212 a------t c:\windows\system32\SIntf32.dll
2009-07-15 18:38 12,067 a------t c:\windows\system32\SIntf16.dll
2009-01-31 12:53 174 a--sh--- c:\program files\desktop.ini
2009-01-31 12:50 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-31 12:50 86,016 a------- c:\windows\inf\infstor.dat
2009-01-31 12:50 51,200 a------- c:\windows\inf\infpub.dat
2009-01-31 12:41 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-11-23 20:02 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-23 20:02 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-23 20:02 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 22:03:55.18 ===============

_____________________________________________________________


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 4/15/2008 9:35:51 AM
System Uptime: 7/24/2009 9:58:32 AM (10 hours ago)

Motherboard: Dell Inc. | | 0U990C
Processor: Intel® Celeron® CPU 550 @ 2.00GHz | Microprocessor | 1995/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 62 GiB total, 30.371 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.422 GiB free.
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0017
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0017
Service: tunnel

==== System Restore Points ===================

RP452: 7/18/2009 2:47:11 AM - Scheduled Checkpoint
RP453: 7/20/2009 12:41:02 AM - Scheduled Checkpoint
RP454: 7/20/2009 3:59:43 PM - Windows Update
RP455: 7/21/2009 1:06:18 PM - Scheduled Checkpoint
RP456: 7/22/2009 5:52:09 PM - Scheduled Checkpoint
RP457: 7/22/2009 9:25:10 PM - Windows Update
RP458: 7/23/2009 11:35:00 AM - Windows Update
RP459: 7/24/2009 1:24:47 PM - Scheduled Checkpoint

==== Installed Programs ======================

7-Zip 4.57
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Adobe Shockwave Player
Age of Empires III
Ask Toolbar
Barbarian Invasion
Browser Address Error Redirector
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Empire Earth
Fishdom
Gamevance
getPlus® for Adobe
Google Desktop
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Insaniquarium Deluxe 1.0
Intel® Matrix Storage Manager
Java™ SE Runtime Environment 6
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Excel 97
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 97
Microsoft Works
Microsoft Works 2000
Modem Diagnostic Tool
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Music, Photos & Videos Launcher
Netflix Movie Viewer
NetWaiting
Norton PC Checkup
Octoshape add-in for Adobe Flash Player
OutlookAddinSetup
ParetoLogic Data Recovery
Pocket RAR documentation
Product Documentation Launcher
QuickSet
Rome - Total War
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Trend Micro PC-cillin Internet Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
WLZ - Deluxe Edition
XBCD 1.07
Yahoo! Install Manager
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/24/2009 8:24:07 AM, Error: EventLog [6008] - The previous system shutdown at 9:32:37 PM on 7/23/2009 was unexpected.
7/22/2009 9:39:59 PM, Error: EventLog [6008] - The previous system shutdown at 9:37:33 PM on 7/22/2009 was unexpected.
7/22/2009 9:00:26 PM, Error: EventLog [6008] - The previous system shutdown at 8:58:24 PM on 7/22/2009 was unexpected.
7/22/2009 12:12:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/20/2009 8:02:36 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/20/2009 8:00:52 PM, Error: EventLog [6008] - The previous system shutdown at 7:59:47 PM on 7/20/2009 was unexpected.
7/18/2009 5:01:27 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} to the user jen-PC\jen SID (S-1-5-21-1421236258-514006735-563456232-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/17/2009 8:21:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
7/17/2009 12:18:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the slsvc service.
7/17/2009 10:17:21 AM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 06 August 2009 - 03:23 PM

Hello.

Update Java to Version 6 Update 15

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 15.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u15-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Post back with a new set of DDS logs afterwards as well.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 donnie

donnie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 06 August 2009 - 09:25 PM

hi, i unistalled Java and installed the new java, i tried to download KASPERSKY but it said java applet failed, i tried multiple times, any suggestions?

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 07 August 2009 - 11:39 AM

Hello.

Kaspersky sometimes produces that error so no need to worry too much. First let's make sure it's nothing on your side and make sure the add-on is enabled. If it still doesn't work we can always run an alternative scan. :thumbup2:

Please open Internet Explorer.

Go to Tools at the top-right corner and press it >> Then Click Internet Options >> Now go to the Advanced tab.
Click the Reset... button then click OK and exit out Internet Explore.

Re-open Internet Explore an ensure the Java add-ons are enabled.

Refer to this diagram-link below:
http://i28.photobucket.com/albums/c227/tet...ky_Java-err.gif

For Firefox:

Refer to this image below:
http://smg.photobucket.com/albums/v666/sUB...ky_Java-err.gif

Go to the Kaspersky webpage and see if it works now. If not, let me know and we will run an alternative scanner. :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 donnie

donnie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 08 August 2009 - 07:29 PM

hi, thanks for the response, i tried the reset, and made sure all Java add-ons were enabled and i still get the same message.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 09 August 2009 - 10:03 AM

hello.

Let's try this online scan instead then.

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 donnie

donnie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 09 August 2009 - 07:21 PM

ok, will do, one other thing, since i hit reset under tools i get a ton of little icons on web pages that have a little triangle, square, and circle , in yellow blue and red where i assume an image or video should be, is there a setting i need to click on to view these?

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 10 August 2009 - 05:29 PM

Hello.

I am not exactly sure what you mean, can you provide a screenshot or something so I can visually see.

I would also want to see the other logs as well.

Thanks and I apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 donnie

donnie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 10 August 2009 - 09:42 PM

hi, thanks for your response, i posted a couple screen shots for what i was talking about

Posted Image
Posted Image

i did the online ESET scan it said 0 infected 0 fixed, it didnt give me a report to post?

DDS (Ver_09-06-26.01) - NTFSx86
Run by jen at 22:31:47.21 on Mon 08/10/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.116 [GMT -4:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: PC-cillin Internet Security - Spyware Protection *enabled* (Outdated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\mspaint.exe
C:\Users\jen\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\jen\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\users\jen\appdata\roaming\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-4-15 36368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-4-15 111616]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-4-15 280392]

=============== Created Last 30 ================

2009-08-09 20:17 <DIR> --d----- c:\program files\ESET
2009-08-09 00:38 65,536 a------- c:\windows\TADSUINS.EXE
2009-08-09 00:38 <DIR> --d----- c:\program files\TADS
2009-08-06 21:38 <DIR> --d----- c:\program files\Sun
2009-08-06 21:37 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-05 21:01 <DIR> --d----- c:\users\jen\appdata\roaming\Malwarebytes
2009-08-03 22:01 <DIR> --d----- c:\programdata\Trymedia
2009-08-03 22:01 <DIR> --d----- c:\progra~2\Trymedia
2009-07-26 12:32 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 12:32 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-26 12:32 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-26 12:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 12:32 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-26 10:59 286,208 a------- C:\bli2rvjb.exe
2009-07-16 17:10 19 a------- c:\windows\popcinfo.dat
2009-07-16 17:10 <DIR> --d----- c:\program files\PopCap Games
2009-07-16 10:23 <DIR> --d----- c:\program files\Simon and Schuster
2009-07-15 20:13 <DIR> --d----- c:\programdata\Age of Empires 3
2009-07-15 20:13 <DIR> --d----- c:\progra~2\Age of Empires 3
2009-07-15 20:12 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-07-15 12:06 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 12:06 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 12:06 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 12:06 10,240 a------- c:\windows\system32\dciman32.dll

==================== Find3M ====================

2009-07-22 21:11 100 a------- c:\users\jen\appdata\roaming\wklnhst.dat
2009-07-18 12:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 12:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 05:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-15 18:38 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-07-15 18:38 17,212 a------t c:\windows\system32\SIntf32.dll
2009-07-15 18:38 12,067 a------t c:\windows\system32\SIntf16.dll
2009-01-31 12:53 174 a--sh--- c:\program files\desktop.ini
2009-01-31 12:50 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-31 12:50 86,016 a------- c:\windows\inf\infstor.dat
2009-01-31 12:50 51,200 a------- c:\windows\inf\infpub.dat
2009-01-31 12:41 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-11-23 20:02 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-23 20:02 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-23 20:02 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 22:33:49.22 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 4/15/2008 9:35:51 AM
System Uptime: 8/9/2009 8:49:26 AM (38 hours ago)

Motherboard: Dell Inc. | | 0U990C
Processor: Intel® Celeron® CPU 550 @ 2.00GHz | Microprocessor | 1995/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 62 GiB total, 34.163 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.422 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0017
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0017
Service: tunnel

==== System Restore Points ===================


==== Installed Programs ======================

7-Zip 4.57
Acrobat.com
Adobe AIR
Adobe Reader 9.1
Adobe Shockwave Player
Age of Mythology
Barbarian Invasion
Browser Address Error Redirector
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Empire Earth
ESET Online Scanner v3
getPlus® for Adobe
Google Desktop
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTML TADS Player Kit
Intel® Matrix Storage Manager
Java DB 10.4.2.1
Java™ 6 Update 15
Java™ SE Development Kit 6 Update 15
Malwarebytes' Anti-Malware
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Excel 97
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 97
Microsoft Works
Microsoft Works 2000
Modem Diagnostic Tool
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Music, Photos & Videos Launcher
Netflix Movie Viewer
NetWaiting
Octoshape add-in for Adobe Flash Player
OutlookAddinSetup
ParetoLogic Data Recovery
Pocket RAR documentation
Product Documentation Launcher
QuickSet
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Trend Micro PC-cillin Internet Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
WLZ - Deluxe Edition
XBCD 1.07
Yahoo! Install Manager

==== End Of File ===========================

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 11 August 2009 - 04:23 PM

Hello.

One thing, I want you to check. Please scan this file using an online scanner.

Submit File to Online Scanner

There is a file that I would like you to check out for me using VirusTotal/VirSCAN
  • Open VirusTotal Online Scanner or VirSCAN. If one site is busy or down, try the other
  • At the top of the page you'll see a box. Paste in the following line(s) (do one line at a time).
  • C:\bli2rvjb.exe
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
  • If more than one file was listed, repeat for each of them.
Let me know what problems or issues you still have?

--

Regarding performance, there could be several reasons for it being slow.

See if anything of the below tips help.

Download and Run StartupLite

This program will identify startup entries that are unnecessary to be started at bootup. This will help free some memory.
  • Download StartupLite.exe by MalwareBytes to your desktop.
  • Double click on StartUpLite.exe to run it. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • A list of unecessary startup entries will be compiled.
  • Take a read at the description of each and for most of them you probably won't need it please make sure there is a checkmark next to Disable.
  • Leave all the items as Disabled and click Continue.
  • Restart your computer once it's done.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 donnie

donnie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 11 August 2009 - 10:26 PM

bli2rvjb is the random file name assigned to GMER when i down loaded it, but should i be concerned with the Win32.Banker thing?

Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.08.11 -
AhnLab-V3 5.0.0.2 2009.08.11 -
AntiVir 7.9.1.0 2009.08.11 -
Antiy-AVL 2.0.3.7 2009.08.11 -
Authentium 5.1.2.4 2009.08.11 -
Avast 4.8.1335.0 2009.08.10 -
AVG 8.5.0.406 2009.08.11 -
BitDefender 7.2 2009.08.11 -
CAT-QuickHeal 10.00 2009.08.11 -
ClamAV 0.94.1 2009.08.11 -
Comodo 1945 2009.08.11 -
DrWeb 5.0.0.12182 2009.08.11 -
eSafe 7.0.17.0 2009.08.11 Win32.Banker
eTrust-Vet 31.6.6672 2009.08.11 -
F-Prot 4.4.4.56 2009.08.10 -
F-Secure 8.0.14470.0 2009.08.11 -
Fortinet 3.120.0.0 2009.08.11 -
GData 19 2009.08.11 -
Ikarus T3.1.1.64.0 2009.08.11 -
Jiangmin 11.0.800 2009.08.11 -
K7AntiVirus 7.10.816 2009.08.11 -
Kaspersky 7.0.0.125 2009.08.11 -
McAfee 5706 2009.08.11 -
McAfee+Artemis 5706 2009.08.11 -
McAfee-GW-Edition 6.8.5 2009.08.11 -
Microsoft 1.4903 2009.08.11 -
NOD32 4326 2009.08.11 -
Norman 6.01.09 2009.08.11 -
nProtect 2009.1.8.0 2009.08.11 -
Panda 10.0.0.14 2009.08.11 -
PCTools 4.4.2.0 2009.08.11 -
Prevx 3.0 2009.08.11 -
Rising 21.42.14.00 2009.08.11 -
Sophos 4.44.0 2009.08.11 -
Sunbelt 3.2.1858.2 2009.08.11 -
Symantec 1.4.4.12 2009.08.11 -
TheHacker 6.3.4.3.380 2009.08.11 -
TrendMicro 8.950.0.1094 2009.08.11 -
VBA32 3.12.10.9 2009.08.10 -
ViRobot 2009.8.11.1879 2009.08.11 -
VirusBuster 4.6.5.0 2009.08.11 -
Additional information
File size: 286208 bytes
MD5 : 0e62eb795ce9210a550b45a220c4ab80
SHA1 : 970aab2e68a36c1d5cae557dc92b14402ddfd97d
SHA256: 9e9dfcc49218c7f1cebcef7ff6f34c61849771e4185da09bc70f3624a9fe4ccc
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xB03F0
timedatestamp.....: 0x49F73740 (Tue Apr 28 19:05:04 2009)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x6B000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x6C000 0x45000 0x44600 7.94 364704ef38b115033ea0a3942bf63f8e
.rsrc 0xB1000 0x2000 0x1400 3.37 b39c8e4211fb9fdbb49eaac68fe4c240

( 1 imports )

> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess

( 0 exports )

TrID : File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md...50b45a220c4ab80
ssdeep: 6144:5IcUyNcg5L4bl+2ClFDfXiZonetjW8zxXmIkpAcuzrPw2JkP2lcE:5IPsc5bl+2e0GqjW8VW9AtPcuz
PEiD : UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch
packers (F-Prot): UPX
CWSandbox: http://research.sunbelt-software.com/partn...50b45a220c4ab80
RDS : NSRL Reference Data Set


i havnt had any pop ups, the only other problem i have now is the little icons with the triangle square and circle




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users