Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Popping up


  • This topic is locked This topic is locked
2 replies to this topic

#1 Ciodry1

Ciodry1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 09 March 2010 - 08:34 PM


DDS (Ver_09-12-01.01) - NTFSx86
Run by vernon at 17:30:22.28 on Tue 03/09/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.214 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Pbonaa.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\1174247142\ee\aolsoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AOL 9.5\waol.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tales of Pirates Online\system\game.exe
C:\Program Files\AOL 9.5\shellmon.exe
C:\Windows\system32\ctfmon.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Users\vernon\AppData\Local\Temp\Phr.exe
C:\Users\vernon\Desktop\gmer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\vernon\Downloads\dds.scr
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://my.juno.com/s/search?r=minisearch
uDefault_Page_URL = hxxp://www.msn.com
uSearch Bar = hxxp://my.juno.com/s/search?r=minisearch
mDefault_Search_URL = hxxp://my.juno.com/s/search?r=minisearch
mSearch Page = hxxp://my.juno.com/s/search?r=minisearch
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
mSearchAssistant = hxxp://my.juno.com/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\juno\SearchEnh1.dll
uURLSearchHooks: LiveTV_ Toolbar: {59385f95-c52f-4a84-b674-4a4206b17218} - c:\program files\livetv_\tbLive.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: LiveTV_ Toolbar: {59385f95-c52f-4a84-b674-4a4206b17218} - c:\program files\livetv_\tbLive.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: LiveTV_ Toolbar: {59385f95-c52f-4a84-b674-4a4206b17218} - c:\program files\livetv_\tbLive.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: flvdirect: {a14dd131-87bd-5787-2cbc-e6de9d8ba7f0} - c:\windows\system32\_-Atq-.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: JunoBar: {5854fac4-5bf0-47dd-b5a9-a5ea8cff3cf4} - c:\program files\juno\Toolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: LiveTV_ Toolbar: {59385f95-c52f-4a84-b674-4a4206b17218} - c:\program files\livetv_\tbLive.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Google Update] "c:\users\vernon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.5\AOL.EXE" -b
uRun: [TOY5KNQ8OC] c:\users\vernon\appdata\local\temp\Phr.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [HostManager] c:\program files\common files\aol\1174247142\ee\AOLSoftware.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\vernon\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: Display All Images with Full Quality - "c:\program files\juno\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\juno\qsacc\appres.dll/227"
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: juno.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vjage.com/download/vjocx-en.cab
TCP: NameServer = 93.188.164.68,93.188.161.85
TCP: {1C674314-1E11-4390-9E14-0F00E1860EDF} = 93.188.164.68,93.188.161.85
TCP: {5B19669D-DF91-4232-B508-FB4E2E98CD83} = 93.188.164.68,93.188.161.85
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\vernon\appdata\roaming\mozilla\firefox\profiles\y45fzjpt.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\extensions\{ad5981d2-a04b-54b0-a551-a374c330094f}\components\pLO5XlL-HJ.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\vernon\appdata\local\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{ad5981d2-a04b-54b0-a551-a374c330094f}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-16 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-16 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-16 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-16 242696]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-6 214664]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-2-6 21504]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-4 308064]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-8-15 552448]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-2-6 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-3-8 30192]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-6 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-6 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-6 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-6 40552]

=============== Created Last 30 ================

2010-03-09 21:19:41 0 d-----w- c:\program files\TrendMicro
2010-03-09 00:58:50 0 d-----w- c:\programdata\Sun
2010-03-09 00:54:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 22:49:12 166912 ----a-w- c:\windows\Pbonaa.exe
2010-03-06 14:33:27 0 d--h--w- c:\windows\PIF
2010-03-04 22:05:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-23 22:59:32 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 22:59:31 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 22:59:24 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 22:59:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 22:59:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 22:59:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 22:59:19 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 22:59:19 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 22:59:18 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 21:43:27 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 21:06:42 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-23 21:06:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-23 21:06:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-18 19:19:03 0 d-----w- c:\users\vernon\appdata\roaming\AVG9
2010-02-16 16:35:30 0 d--h--w- C:\$AVG
2010-02-16 16:34:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-16 16:34:52 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-16 16:34:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-16 16:34:12 0 d-----w- c:\windows\system32\drivers\Avg
2010-02-16 16:33:36 0 d-----w- c:\program files\AVG
2010-02-13 20:21:05 0 d-----w- c:\program files\Wolfenstein - Enemy Territory
2010-02-13 17:40:58 0 d-----w- c:\users\vernon\appdata\roaming\Free Download Manager
2010-02-13 17:40:52 0 d-----w- c:\programdata\FreeDownloadManager.ORG
2010-02-13 17:40:52 0 d-----w- c:\program files\Free Download Manager
2010-02-09 22:30:57 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-09 22:30:57 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-09 22:30:37 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-09 22:30:36 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-09 22:30:24 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-09 22:30:23 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-09 22:29:34 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-09 22:29:33 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-09 22:29:16 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-09 22:29:16 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-09 22:29:16 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-09 22:29:16 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-09 22:29:16 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-09 22:29:16 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-09 22:29:15 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-09 22:29:15 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-09 22:29:15 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-08 23:42:25 0 d-----w- c:\programdata\Office Genuine Advantage
2010-02-08 00:38:32 118260 ----a-w- c:\windows\system32\5qlpheULsC48-sZ.exe
2010-02-08 00:31:57 0 d-----w- c:\program files\Search Toolbar
2010-02-08 00:31:08 0 d-----w- c:\program files\FLV Direct Player
2010-02-08 00:25:11 288652 ----a-w- C:\FLVDirect.exe
2010-02-07 23:53:00 0 d-----w- c:\programdata\PopCap Games

==================== Find3M ====================

2010-01-29 20:29:44 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-01-29 20:29:37 18539 ----a-w- c:\windows\DIIUnin.dat
2010-01-29 20:28:30 94208 ----a-w- c:\windows\DIIUnin.exe
2010-01-29 20:28:30 2829 ----a-w- c:\windows\DIIUnin.pif
2010-01-29 10:46:32 1253376 ----a-w- c:\windows\system32\_-Atq-.dll
2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-06 14:36:31 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-12-06 14:36:31 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-19 08:22:02 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-19 08:22:02 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-03-30 21:20:11 23 ----a-w- c:\program files\hfkud16.sys
2009-03-18 03:28:00 2745 ----a-w- c:\program files\xpa-pokm.nfo
2009-02-12 08:42:30 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-22 20:27:16 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-22 22:14:07 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-03-09 01:28:09 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 17:34:24.63 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:07 AM

Posted 12 March 2010 - 07:43 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:07 AM

Posted 18 March 2010 - 08:18 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users