Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vimax ads/Windows Internet Security fraud/other minor things


  • This topic is locked This topic is locked
3 replies to this topic

#1 Jyuushuu

Jyuushuu

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 08 August 2009 - 06:46 AM

final edit: Okay, so I know how you guys always say to only run ComboFix with the permission of an expert. Well, I ran it anyways; sorry about that. Fortunately, it solved my Vimax problem, but not the Windows Internet Security thing. I can post the ComboFix log if you want me to.

Resolved issues are within the spoiler:

Spoiler


The most pressing issue I have is with this "Windows Internet Security" popup that appears every now and then. I know for a fact that the websites that I view are not suspicious, so I figured that this is some kind of spyware. I tried allowing it once, but then it led to a prompt to save a setup.exe from 'mitrodermo.com'. Luckily, I'm mildly paranoid about installing programs from websites I don't recognize, so I immediately canceled. Attached in my post is a screen capture of the aforementioned popup.

To be honest, my internet browser seems to be the only thing that is affected, and I'm not quite sure how to proceed from here.

As a last note, I viewed Attach.txt, and it says that Norton 360 is installed on my computer. However, there are no traces of any Symantec folder in C:\Program Files, except for 'C:\ProgramData\Symantec' (ProgramData is a hidden folder) and 'C:\Program Files\Common Files\Symantec Shared'. What should I do to remove all traces of Norton 360 from my computer?


Sorry if this whole post seems unfocused and looks like a whole bunch of stream-of-consciousness ramblings. Any kind of help is greatly appreciated. Thanks!


DDS (Ver_09-07-30.01) - NTFSx86
Run by DJ at 5:02:26.81 on 08/08/2009 Sat
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\DJ\Downloads\dds(2).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-9407950383-0595707626-315701747-8113\rundll32.exe
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\dj\appdata\roaming\mozilla\firefox\profiles\9lvxqz8i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-6 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-6 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-6 51792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-5 24652]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 335872]

=============== Created Last 30 ================

2009-08-08 04:53 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-07 14:28 <DIR> --d----- c:\program files\MSXML 4.0
2009-08-07 14:23 <DIR> --d----- c:\users\dj\appdata\roaming\GetRightToGo
2009-08-07 10:33 3,495,784 a------- c:\windows\system\d3dx9_33.dll
2009-08-07 03:03 32,592 a------- c:\windows\system32\msonpmon.dll
2009-08-07 02:59 <DIR> --d----- c:\windows\PCHEALTH
2009-08-07 02:56 <DIR> --d----- c:\programdata\Microsoft Help
2009-08-07 02:12 <DIR> --d----- c:\program files\CDisplay
2009-08-07 01:10 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-06 23:22 <DIR> --d----- c:\users\dj\appdata\roaming\Malwarebytes
2009-08-06 23:19 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-06 23:19 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-06 23:19 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-06 23:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-06 23:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 17:37 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-08-06 17:37 499,712 a------- c:\windows\system32\MSVCP71.dll
2009-08-06 17:37 348,160 a------- c:\windows\system32\MSVCR71.dll
2009-08-06 17:37 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-06 17:17 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-08-06 17:17 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-06 17:17 <DIR> --d----- c:\program files\iPod
2009-08-06 17:17 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-06 17:17 <DIR> --d----- c:\program files\iTunes
2009-08-06 17:17 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-06 17:16 <DIR> --d----- c:\program files\Bonjour
2009-08-06 17:14 <DIR> --d----- c:\programdata\Apple Computer
2009-08-06 17:10 <DIR> --d----- c:\programdata\Apple
2009-08-06 17:03 <DIR> --d----- c:\program files\Guitar Pro 5
2009-08-06 15:53 <DIR> --d----- c:\users\dj\appdata\roaming\KAWAI
2009-08-06 15:52 <DIR> --d----- c:\program files\KAWAI
2009-08-06 15:52 <DIR> --d----- c:\programdata\KAWAI
2009-08-06 15:52 <DIR> --d----- c:\progra~2\KAWAI
2009-08-06 15:50 <DIR> --d----- c:\windows\Downloaded Installations
2009-08-06 15:50 <DIR> --d----- c:\programdata\Symantec
2009-08-06 15:50 <DIR> --d----- c:\progra~2\Symantec
2009-08-06 15:50 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-08-06 15:32 <DIR> --d----- c:\users\dj\appdata\roaming\PeerNetworking
2009-08-06 15:04 <DIR> --d----- c:\users\dj\{4a6cab81-4333-4d61-be7b-27742bf7504b}
2009-08-06 07:29 <DIR> --d----- c:\programdata\Last.fm
2009-08-06 07:29 <DIR> --d----- c:\progra~2\Last.fm
2009-08-06 07:29 <DIR> --d----- c:\program files\Last.fm
2009-08-06 07:24 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-06 07:21 129,784 -------- c:\windows\system32\pxafs.dll
2009-08-06 02:22 <DIR> --d----- c:\windows\system32\vi-VN
2009-08-06 02:22 <DIR> --d----- c:\windows\system32\eu-ES
2009-08-06 02:22 <DIR> --d----- c:\windows\system32\ca-ES
2009-08-06 02:19 <DIR> --d----- c:\windows\system32\SPReview
2009-08-06 02:09 928,768 a------- c:\windows\system32\scavenge.dll
2009-08-06 02:07 1,102,848 a------- c:\windows\system32\mmsys.cpl
2009-08-06 01:53 <DIR> --d----- C:\PerfLogs
2009-08-06 01:26 193,024 a------- c:\windows\system32\recdisc.exe
2009-08-06 01:26 6,656 a------- c:\windows\system32\sdspres.dll
2009-08-06 01:26 28,160 a------- c:\windows\system32\sxproxy.dll
2009-08-06 01:24 259,072 a------- c:\windows\system32\upnphost.dll
2009-08-06 00:55 327,680 a------- c:\windows\SPInstall.etl
2009-08-06 00:48 272,896 a------- c:\windows\system32\polstore.dll
2009-08-06 00:48 61,440 a------- c:\windows\system32\winipsec.dll
2009-08-06 00:47 1,820 a------- c:\windows\system32\rasctrnm.h
2009-08-06 00:46 69,632 a------- c:\windows\system32\Mpeg2Data.ax
2009-08-06 00:45 12,880 a------- c:\windows\system32\wbem\wlan.mof
2009-08-06 00:44 2,034,688 a------- c:\windows\system32\win32k.sys
2009-08-06 00:44 289,792 a------- c:\windows\system32\atmfd.dll
2009-08-06 00:44 156,672 a------- c:\windows\system32\t2embed.dll
2009-08-06 00:44 72,704 a------- c:\windows\system32\fontsub.dll
2009-08-06 00:44 34,304 a------- c:\windows\system32\atmlib.dll
2009-08-06 00:44 23,552 a------- c:\windows\system32\lpk.dll
2009-08-06 00:44 10,240 a------- c:\windows\system32\dciman32.dll
2009-08-06 00:39 <DIR> --d----- c:\windows\system32\EventProviders
2009-08-06 00:20 <DIR> --d----- c:\program files\Media Player Classic
2009-08-06 00:11 <DIR> --d----- c:\program files\CCleaner
2009-08-06 00:10 22,085,632 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-08-06 00:10 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-08-06 00:10 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-08-05 23:56 <DIR> --d----- c:\users\dj\{926eda13-f6aa-439c-8c60-2d136ffb3751}
2009-08-05 23:54 2,048 a------- c:\windows\system32\msxml3r.dll
2009-08-05 23:52 <DIR> --d----- c:\program files\uTorrent
2009-08-05 23:51 <DIR> --d----- c:\users\dj\appdata\roaming\uTorrent
2009-08-05 23:46 623,616 a------- c:\windows\system32\localspl.dll
2009-08-05 23:41 15,872 a------- c:\windows\system32\hcrstco.dll
2009-08-05 23:41 8,704 a------- c:\windows\system32\hccoin.dll
2009-08-05 23:35 6,656 a------- c:\windows\system32\kbd106n.dll
2009-08-05 23:30 9,728 a------- c:\windows\system32\lsass.exe
2009-08-05 23:30 13,780 a------- c:\windows\system32\wbem\lsasrv.mof
2009-08-05 23:27 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-08-05 23:27 828,416 a------- c:\windows\system32\wininet.dll
2009-08-05 23:27 72,704 a------- c:\windows\system32\admparse.dll
2009-08-05 23:27 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-05 23:27 48,128 a------- c:\windows\system32\mshtmler.dll
2009-08-05 23:24 37,888 a------- c:\windows\system32\printcom.dll
2009-08-05 23:24 14,848 a------- c:\windows\system32\wshrm.dll
2009-08-05 22:50 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-05 22:34 84,480 a------- c:\windows\system32\INETRES.dll
2009-08-05 22:33 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-08-05 22:32 2,048 a------- c:\windows\system32\msxml6r.dll
2009-08-05 22:31 <DIR> --d----- c:\program files\Motorola
2009-08-05 22:30 <DIR> --d----- c:\programdata\AIM
2009-08-05 22:30 <DIR> --d----- c:\progra~2\AIM
2009-08-05 22:30 <DIR> --d----- c:\program files\AIM
2009-08-05 22:23 <DIR> --d----- c:\windows\Panther
2009-08-05 22:23 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-08-05 22:23 333,257 a--shr-- C:\bootmgr
2009-08-05 22:23 <DIR> --dsh--- C:\Boot
2009-08-05 22:23 <DIR> --d----- c:\programdata\Viewpoint
2009-08-05 22:23 <DIR> --d----- c:\progra~2\Viewpoint
2009-08-05 22:23 <DIR> --d----- c:\program files\Viewpoint
2009-08-05 22:22 <DIR> --d----- c:\programdata\acccore
2009-08-05 22:22 <DIR> --d----- c:\progra~2\acccore
2009-08-05 22:22 330,752 a----r-- c:\windows\system32\drivers\NETBIOS.PDB
2009-08-05 22:22 <DIR> --d----- c:\windows\system32\OEM
2009-08-05 22:22 <DIR> --d----- c:\programdata\AOL OCP
2009-08-05 22:22 <DIR> --d----- c:\programdata\AOL
2009-08-05 22:21 <DIR> --dsh--- c:\windows\Installer
2009-08-05 22:21 <DIR> --d----- c:\program files\common files\AOL
2009-08-05 22:21 696 a---h--- C:\IPH.PH
2009-08-05 22:01 <DIR> --d----- c:\programdata\NOS
2009-08-05 21:48 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-08-05 21:48 83,456 a------- c:\windows\system32\wudriver.dll
2009-08-05 21:47 162,064 a------- c:\windows\system32\wuwebv.dll
2009-08-05 21:47 31,232 a------- c:\windows\system32\wuapp.exe
2009-08-05 21:41 <DIR> --d----- c:\users\DJ
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-07-09 12:16 39,424 a------- c:\windows\system32\drivers\usbaapl.sys

==================== Find3M ====================

2009-08-08 04:52 51,200 a------- c:\windows\inf\infpub.dat
2009-08-08 04:52 86,016 a------- c:\windows\inf\infstrng.dat
2009-08-06 17:13 86,016 a------- c:\windows\inf\infstor.dat
2009-08-06 02:22 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-06 02:01 174 a--sh--- c:\program files\desktop.ini
2009-08-06 01:46 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-08-06 01:46 82,432 a------- c:\windows\system32\axaltocm.dll
2009-08-06 00:40 52,736 a------- c:\windows\apppatch\iebrshim.dll
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 5:03:56.35 ===============

Attached Files


Edited by Jyuushuu, 08 August 2009 - 11:09 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:32 AM

Posted 09 August 2009 - 05:53 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Jyuushuu

Jyuushuu
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 09 August 2009 - 07:45 PM

Awesome, thanks for the quick reply!

Strangely enough, I don't seem to be having any trouble with my computer right now, even with that Windows Internet Security thing. Edit: Actually, I've found something: my computer seems to play random sounds every now and then. I don't think it's from any of the programs I'm using, and I don't see any suspicious processes running. Just kidding, it was just an empty water bottle being moved around by my fan. Never mind then.

I can't post the log file because it's too large (I recently installed a clean version of Vista about 3-4 days ago); what should I do from here?

Edited by Jyuushuu, 09 August 2009 - 09:58 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:32 AM

Posted 10 August 2009 - 12:01 PM

Well if you formatted your hard drive before installing Vista then you'll certainly be clean now. It sounds like the steps you've taken may have resolved your problem, but I would keep a close eye on things and take notice of any unusual behavior.

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users