Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop ups


  • This topic is locked This topic is locked
2 replies to this topic

#1 scottandkarenl

scottandkarenl

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 09 November 2010 - 09:26 PM

Good Day! We have an annoying pop up we don't know how to get rid of it. Also a my heritage attached itself to our browser. Ran windows in safe mode and it didn't pop up, but the my heritage was still there.


DDS (Ver_10-11-09.01) - NTFS_AMD64
Run by Sclonry at 19:07:19.80 on Tue 11/09/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4057.2358 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\Gamevance\gamevance32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\lxdicoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Sclonry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DNYFTI0E\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.myheritage.com
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
mStart Page = hxxp://search.myheritage.com
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=C:\Users\Sclonry\AppData\Roaming\Control Components\ccmain.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll
BHO: ALOT Toolbar BHO: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - C:\Program Files (x86)\alot\bin\alot.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - C:\Program Files (x86)\Gamevance\gvtl.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: CMySite Class: {d62ec836-bf1e-4cac-81be-fb9179835d8e} - C:\Program Files (x86)\Family Toolbar\mhxpcomi.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [lxdimon.exe] "C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdimon.exe"
mRun: [lxdiamon] "C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdiamon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
mRun: [Gamevance] "C:\Program Files (x86)\Gamevance\gamevance32.exe" a
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Sclonry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files (x86)\Family Toolbar\mhxpcomi.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
mRun-x64: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Sclonry\AppData\Roaming\Mozilla\Firefox\Profiles\f2oi1qwf.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GAM1&o=15491&locale=en_US&apn_uid=BFE9FCA6-5E2A-4DFB-9900-0611DE25B3D1&apn_ptnrs=HE&apn_sauid=&apn_dtid=YYYYYYYYUS&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Sclonry\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll
FF - component: C:\Users\Sclonry\AppData\Roaming\Mozilla\Firefox\Profiles\f2oi1qwf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: C:\Users\Sclonry\AppData\Roaming\Mozilla\Firefox\Profiles\f2oi1qwf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: C:\Users\Sclonry\AppData\Roaming\Mozilla\Firefox\Profiles\f2oi1qwf.default\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}\components\mhxpcom.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Sclonry\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Sclonry\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Sclonry\AppData\Roaming\Mozilla\Firefox\Profiles\f2oi1qwf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - trueC:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-12-26 53488]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe [2008-12-26 86016]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe -service --> C:\Windows\system32\lxdicoms.exe -service [?]
R2 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2010-11-8 42576]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2009-11-29 61280]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;C:\Windows\System32\drivers\OA009Ufd.sys [2008-12-26 168864]
R3 OA009Vid;Creative Camera OA009 Function Driver;C:\Windows\System32\drivers\OA009Vid.sys [2008-12-26 307456]
R3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-2-4 917768]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-12-26 392192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-10 93184]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-11-10 00:14:04 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-11-10 00:14:04 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2010-11-09 20:35:55 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B57EB5C6-3B45-4394-807C-1C5C94E3EB2B}\mpengine.dll
2010-11-08 21:10:04 42576 ----a-w- C:\Windows\System32\drivers\tmpreflt.sys
2010-11-08 21:10:04 309840 ----a-w- C:\Windows\System32\drivers\tmxpflt.sys
2010-11-08 21:10:04 1988176 ----a-w- C:\Windows\System32\drivers\vsapint.sys
2010-11-07 01:43:53 -------- d-----w- C:\Users\Sclonry\AppData\Roaming\Reallusion
2010-11-01 17:08:23 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-29 04:04:47 -------- d-----w- C:\PROGRA~3\McAfee Security Scan
2010-10-29 04:04:44 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2010-10-28 16:17:50 -------- d-----r- C:\Program Files (x86)\Skype
2010-10-27 17:49:34 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2010-10-27 17:49:34 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2010-10-27 17:49:34 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2010-10-27 17:49:33 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2010-10-18 20:41:13 316416 ----a-w- C:\Windows\System32\msshsq.dll
2010-10-18 20:41:13 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
2010-10-18 17:16:09 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-18 17:16:09 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-18 17:16:03 1923584 ----a-w- C:\Windows\System32\ole32.dll
2010-10-18 17:16:02 408064 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-18 17:16:02 1315840 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-18 17:16:01 339968 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-18 17:14:54 171008 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-18 17:14:54 168960 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-18 17:14:52 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-10-18 17:14:52 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-10-18 17:14:13 2751488 ----a-w- C:\Windows\System32\win32k.sys
2010-10-18 17:14:07 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-18 17:14:07 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-18 17:14:02 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-18 17:14:02 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-18 17:05:53 461824 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-18 17:05:52 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-18 17:05:52 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-18 17:05:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-18 17:05:45 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-18 17:05:45 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-10-18 17:05:45 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-10-18 17:05:45 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-10-18 17:05:00 274432 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-18 17:04:59 343040 ----a-w- C:\Windows\System32\schannel.dll
2010-10-18 17:04:53 866816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-18 17:04:53 1090048 ----a-w- C:\Windows\System32\wmpmde.dll

==================== Find3M ====================

2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-08-26 16:21:44 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-08-26 16:21:44 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2010-08-26 16:21:43 281600 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2010-08-26 16:01:35 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2010-08-26 16:01:33 459776 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2010-08-26 16:01:32 541696 ----a-w- C:\Windows\apppatch\AcLayers.dll
2010-08-26 16:01:32 2153984 ----a-w- C:\Windows\apppatch\AcGenral.dll
2010-08-17 14:04:48 267776 ----a-w- C:\Windows\System32\spoolsv.exe

============= FINISH: 19:08:14.04 ===============

BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:47 PM

Posted 17 November 2010 - 02:14 PM

Hi scottandkarenl, and welcome to Bleeping Computer.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:47 PM

Posted 02 December 2010 - 07:18 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users