Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware issue: Windows Internet Security popup


  • This topic is locked This topic is locked
3 replies to this topic

#1 lildrgn

lildrgn

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 28 March 2010 - 04:55 PM

I have had this Windows Internet Security pop up for a few days now. Scans from multiple programs (MBAM, SAS, Avast, Spybot, etc) all come back clean. I still get the pop up as well as random pop unders of my browser opening to websites. In addition, I am unable to update MBAM, SAS, Microsoft Security Essentials, Avast, etc, so in most cases, I am scanning with older defs. Also, I cannot access said products' websites; they show up as inaccessible. Here's a link to my original post: link

Here are my DDS.txt log as requested.

QUOTE
DDS (Ver_10-03-17.01) - NTFSx86
Run by Gwon at 9:15:21.46 on Sun 03/28/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1043 [GMT -7:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\WTouch\WTouchUser.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\devldr32.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gwon\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = <local>
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: {9851CD00-9BD3-4264-A424-B31211320AEC} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} - hxxp://www.blackberry.com/devicesoftware/AxLoader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gwon\applic~1\mozilla\firefox\profiles\f1yctwpg.default\
FF - prefs.js: browser.startup.homepage - hxxp://seattletimes.nwsource.com/html/home/|http://www.facebook.com/|http://gizmodo.com/|http://lifehacker.com/
FF - component: c:\documents and settings\gwon\application data\mozilla\firefox\profiles\f1yctwpg.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\gwon\application data\mozilla\firefox\profiles\f1yctwpg.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\gwon\application data\mozilla\firefox\profiles\f1yctwpg.default\extensions\{cc6a5222-162d-49b3-b2ca-28eade05a059}\components\Engine.dll
FF - component: c:\documents and settings\gwon\application data\mozilla\firefox\profiles\f1yctwpg.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\gwon\application data\mozilla\firefox\profiles\f1yctwpg.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\gwon\local settings\application data\yahoo!\browserplus\2.6.0\plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-27 207792]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-12-5 89749]
R0 ZetSFD;ZetSFD;c:\windows\system32\drivers\ZetSFD.sys [2009-5-1 12800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-12-7 162640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-4-28 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 66632]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-7 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-18 40384]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;c:\windows\system32\drivers\sfsz.sys [2009-5-1 345984]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-3-23 4497704]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-3-23 113448]
R2 Z-SANService;Z-SAN Service;c:\program files\netgear\netgear storage central manager utility\Z-SANService.exe [2009-5-1 376891]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-18 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-18 40384]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 12872]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-3-23 16168]
R3 ZetBus;Zetera Virtual Bus;c:\windows\system32\drivers\ZetBus.sys [2009-5-1 15488]
R3 ZetMPD;ZetMPD;c:\windows\system32\drivers\ZetMPD.sys [2009-5-1 5120]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2008-4-30 85760]
S2 gupdate1c99535ac28e99c;Google Update Service (gupdate1c99535ac28e99c);c:\program files\google\update\GoogleUpdate.exe [2009-2-22 133104]
S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\HP4200C.SYS [2009-3-8 9312]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-3-27 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-3-27 1141712]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-2 19677]
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [2007-12-5 176256]

=============== Created Last 30 ================

2010-03-28 15:31:07 20 ----a-w- c:\documents and settings\gwon\defogger_reenable
2010-03-28 04:35:53 0 d-----w- c:\docume~1\gwon\applic~1\uTorrent
2010-03-28 04:08:45 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 04:08:42 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-28 04:08:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-28 02:01:11 0 d-sha-r- C:\autorun.inf
2010-03-28 01:24:35 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-03-28 01:24:35 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-28 01:24:15 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-28 01:24:15 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-03-28 01:24:15 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-03-28 01:24:15 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-28 01:24:08 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-03-28 01:24:08 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-28 01:23:43 0 d-----w- c:\program files\common files\PC Tools
2010-03-28 01:23:42 0 d-----w- c:\program files\Spyware Doctor
2010-03-28 01:23:42 0 d-----w- c:\docume~1\gwon\applic~1\PC Tools
2010-03-28 01:23:42 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-03-27 23:31:05 0 d-----w- c:\documents and settings\gwon\DoctorWeb
2010-03-26 21:06:18 0 d-----w- c:\windows\system32\NtmsData
2010-03-25 23:12:44 0 d-----w- c:\program files\Scott's Gmail Alert
2010-03-25 06:49:20 0 d-----w- c:\program files\common files\Scanner
2010-03-25 06:49:15 0 d-----w- c:\program files\CA Yahoo! Anti-Spy
2010-03-23 16:40:06 0 d-----w- c:\docume~1\gwon\applic~1\WTablet
2010-03-23 16:40:01 0 d-----w- c:\docume~1\gwon\applic~1\WTouch
2010-03-23 16:39:59 245032 ----a-w- c:\windows\system32\Touch_Tablet.dll
2010-03-23 16:39:59 0 d-----w- c:\program files\WTouch
2010-03-23 16:39:55 0 d-----w- c:\program files\TabletPlugins
2010-03-23 16:39:53 6393640 ----a-w- c:\windows\system32\PenTablet.cpl
2010-03-23 16:39:53 1595175 ----a-w- c:\windows\system32\PenTablet.znc
2010-03-23 16:39:44 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-03-23 16:39:36 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-03-23 16:39:31 16168 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2010-03-23 16:39:31 0 d-----w- c:\windows\system32\WTablet
2010-03-23 16:39:29 284160 ----a-w- c:\windows\system32\Wintab32.dll
2010-03-23 16:39:28 4497704 ----a-w- c:\windows\system32\Pen_Tablet.exe
2010-03-23 16:39:28 416040 ----a-w- c:\windows\system32\Pen_Tablet.dll
2010-03-23 16:39:26 0 d-----w- c:\program files\Tablet
2010-03-22 23:47:33 0 d-----w- c:\program files\VideoLAN
2010-03-22 18:41:40 218 ----a-w- c:\documents and settings\gwon\.recently-used.xbel
2010-03-20 17:21:57 0 d-----w- c:\program files\BreezeSys
2010-03-18 19:05:51 0 d-----w- c:\docume~1\gwon\applic~1\HDRsoft
2010-03-18 19:01:42 0 d-----w- c:\program files\PhotomatixPro3
2010-03-14 07:11:16 0 d-----w- c:\program files\AVIedit
2010-03-11 07:15:09 0 d-----w- c:\program files\Send to SmugMug
2010-03-09 07:15:38 0 d-----r- c:\program files\Skype
2010-03-07 02:00:35 0 d-----w- c:\program files\DVDVideoSoft
2010-03-07 02:00:35 0 d-----w- c:\program files\common files\DVDVideoSoft
2010-03-01 21:13:51 0 d-----w- c:\docume~1\gwon\applic~1\Flickroom.7A385545159204287F941528E627F38AD4ECB7C0.1
2010-03-01 21:13:39 0 d-----w- c:\program files\Flickroom
2010-03-01 19:21:08 84992 ----a-w- c:\windows\system32\Flickr.scr
2010-03-01 19:21:08 695642 ----a-w- c:\windows\unins000.exe
2010-03-01 19:21:08 266240 ----a-w- c:\windows\system32\log4net.dll
2010-03-01 19:21:08 167936 ----a-w- c:\windows\system32\FlickrNet.dll
2010-03-01 19:21:07 1758 ----a-w- c:\windows\unins000.dat
2010-02-28 00:55:45 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cab810c1b78da0.mof
2010-02-26 19:08:09 0 d-----w- c:\program files\Imagenomic
2010-02-26 18:11:10 0 d-----w- c:\program files\Pro Imaging Powertoys

==================== Find3M ====================

2010-03-13 01:02:38 261632 ----a-w- c:\windows\PEV.exe
2010-01-27 18:34:14 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-16 03:55:02 54672 ----a-w- c:\windows\fonts\CACCAMEL.TTF
2009-04-08 20:51:20 3954432 ----a-w- c:\program files\common files\lpuninstall.exe
2002-07-27 00:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE

============= FINISH: 9:15:59.57 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 lildrgn

lildrgn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 29 March 2010 - 12:01 PM

Well, I'm not sure what my logs mean, but after getting an updated version of MBAM-RULES.exe, MBAM told me I had trojan.DNSchanger on my system. After removing and rebooting and rescanning, 2 instances remained.

I did some Googling and saw a post somewhere indicating that I should check the DNS entries on my router. So I did. And I saw 2 entries that I don't recall putting in. I clicked those off and to have the DNS automatically assigned, saved, then rebooted the computer.

Lo and behold, I could update MBAM through itself. I could access www.malwarebytes.org, etc., when I couldn't before. And I have not had any pop ups since!

I'm curious to see what the above logs show, but I think my problem is solved (crosses fingers!).

Thanks for your help Bleeping Computer! You are always my first choice when I have a serious problem!

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 02 April 2010 - 01:31 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-GMER log
-Description of any remaining problems you may still have.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 09 April 2010 - 09:05 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users