Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Audio Clips and Popups


  • This topic is locked This topic is locked
3 replies to this topic

#1 LSUTIG

LSUTIG

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 07 December 2010 - 09:43 PM

Good evening guys,

I'm new to the forum so please be gentle. I'll try describe the problem as best as I can. Couple of days ago, I started having a popup show up on random websites. It had the same design each time, but contained different information. When i would scroll over the hyper-links, they were all addresses beginning with findingre.org. Did a quick Google search and didn't find anything useful there. I've also noticed strange audio being played at random times. This will happen when I'm browsing the web, running a program such as dds, or just sitting at the desktop. It sounds like short bits of commercials. I've tried running Ad-ware, Malware Bytes, and my Symantec AV all in regular windows and safe mode but haven't had any luck. Below is my DDS log as requested.



DDS (Ver_10-12-05.01) - NTFSx86
Run by Administrator at 19:43:57.03 on Tue 12/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1963.980 [GMT -6:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\B.H.A\Common\bgsvcg.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe
C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\SalesLogix\SLXSystem.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Panasonic\WSwitch\WSwitch.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Panasonic\Hotkey Appendix\HKEYAPP.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMAsst.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://panasonic.net/pavc/toughbook/site_info/global_link.html
uInternet Connection Wizard,ShellNext = hxxp://panasonic.net/pavc/toughbook/site_info/global_link.html
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WSwitch] c:\program files\panasonic\wswitch\WSwitch.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Panasonic Hotkey Manager] c:\program files\panasonic\hotkey appendix\HKEYAPP.EXE
mRun: [PCinfo] c:\program files\panasonic\pcinfo\PcInfoUt.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [PRunOnce] c:\util\prunonce\PRunOnce.exe
mRun: [B'sCLiP] c:\progra~1\b'scli~1\win2k\BSCLIP.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMAsst.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289492324312
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289492319750
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2008-12-4 17192]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-7 64288]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 bgsvcg;B's Recorder GOLD General Service;c:\program files\b.h.a\common\bgsvcg.exe [2008-12-3 145504]
R2 BsUDF;BsUDF;c:\windows\system32\drivers\BsUDF.sys [2008-12-4 195616]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\panasonic\pcinfo\PcInfoPi.exe [2008-12-3 54592]
R2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\panasonic\pcinfo\PCInfoSV.exe [2008-12-3 189760]
R2 SalesLogix System;SalesLogix System Service;c:\program files\saleslogix\SLXSystem.exe [2010-8-18 390488]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-12-3 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-12 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-12-3 44800]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-3 110080]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101207.002\naveng.sys [2010-12-7 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101207.002\navex15.sys [2010-12-7 1371184]
R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [2008-12-3 47928]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-7 136176]
S3 FIDTPU;Fujitsu Touch Panel (USB);c:\windows\system32\drivers\FIDTPU.sys [2008-12-3 27030]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2008-12-3 87424]
S3 JVNKBTFF;JVNKBTFF;c:\docume~1\admini~1\locals~1\temp\jvnkbtff.exe --> c:\docume~1\admini~1\locals~1\temp\JVNKBTFF.exe [?]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2008-12-3 47616]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
S3 ZQXSY;ZQXSY;c:\docume~1\admini~1\locals~1\temp\zqxsy.exe --> c:\docume~1\admini~1\locals~1\temp\ZQXSY.exe [?]

=============== Created Last 30 ================

2010-12-08 00:14:36 -------- d-----w- C:\ComboFix
2010-12-07 23:54:35 -------- d-----w- c:\documents and settings\administrator\DoctorWeb
2010-12-07 23:18:26 -------- d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2010-12-07 16:29:43 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-07 15:35:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-07 15:35:40 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-07 15:35:34 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Sunbelt Software
2010-12-07 15:34:15 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Temp
2010-12-07 15:34:09 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Google
2010-12-07 15:34:05 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-07 15:33:48 -------- d-----w- c:\program files\Lavasoft
2010-12-07 03:28:17 -------- d-----w- c:\windows\pss
2010-12-06 21:12:19 -------- d-sha-r- C:\cmdcons
2010-12-06 21:06:49 98816 ----a-w- c:\windows\sed.exe
2010-12-06 21:06:49 89088 ----a-w- c:\windows\MBR.exe
2010-12-06 21:06:49 256512 ----a-w- c:\windows\PEV.exe
2010-12-06 21:06:49 161792 ----a-w- c:\windows\SWREG.exe
2010-12-06 19:17:33 82944 ----a-w- c:\windows\system32\drivers\sst6ED.sys
2010-12-06 19:17:33 0 ----a-w- c:\windows\system32\drivers\sst6ED.tmp
2010-12-06 19:16:33 53248 ----a-w- c:\windows\system32\drivers\sst6D5.sys
2010-12-06 19:16:33 0 ----a-w- c:\windows\system32\drivers\sst6D5.tmp
2010-11-30 18:29:27 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-11-30 18:12:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 18:12:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-30 18:12:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 18:12:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-16 04:37:55 -------- d-----w- c:\program files\JL_Cmder
2010-11-16 04:35:38 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-11-16 04:35:38 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-12 19:22:38 -------- d-----w- c:\docume~1\admini~1\applic~1\Office Genuine Advantage
2010-11-12 19:20:24 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\SalesLogix
2010-11-12 19:04:55 -------- d-----w- c:\program files\common files\Nokia Intellisync
2010-11-12 17:56:49 154576 ----a-w- c:\windows\system32\dbclient.dll
2010-11-12 17:56:47 -------- d-----w- c:\docume~1\admini~1\applic~1\Saleslogix
2010-11-12 17:55:03 -------- d-----w- c:\program files\common files\Sage
2010-11-12 17:55:02 -------- d-----w- c:\program files\SalesLogix
2010-11-12 17:55:02 -------- d-----w- c:\program files\Business Objects
2010-11-12 17:55:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\SalesLogix
2010-11-12 17:55:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sage
2010-11-12 17:33:10 -------- d-----w- C:\HP Universal Print Driver PCL6 v5.1.1.8283
2010-11-12 15:26:19 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Symantec
2010-11-12 15:25:48 48816 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-12 15:25:48 109744 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-12 15:25:19 -------- d-----w- c:\program files\Symantec
2010-11-12 15:25:11 -------- d-----w- c:\program files\Symantec AntiVirus
2010-11-12 15:25:11 -------- d-----w- c:\program files\common files\Symantec Shared
2010-11-12 15:25:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-11-12 15:20:27 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-11-12 15:20:06 -------- d-----w- c:\windows\SHELLNEW
2010-11-12 15:19:53 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Microsoft Help
2010-11-11 18:13:10 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla
2010-11-11 18:11:32 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-11-11 18:11:32 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-11-11 18:11:31 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2010-11-11 17:56:00 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
2010-11-11 17:55:33 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-11-11 17:53:34 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2010-11-11 17:41:19 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-11-11 17:41:08 -------- d-----w- c:\windows\ie8updates
2010-11-11 17:41:02 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-11 17:41:02 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-11 17:41:02 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-11 17:41:02 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-11 17:41:02 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-11-11 17:41:02 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-11 17:41:02 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-11-11 17:40:44 -------- dc-h--w- c:\windows\ie8
2010-11-11 17:37:02 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-11 17:37:02 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-11 17:36:24 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-11 17:24:00 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-11 17:23:47 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-11 17:23:42 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-11-11 17:23:42 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-11-11 17:23:42 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-11-11 17:23:42 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-11 17:23:42 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-11-11 17:23:42 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-11-11 17:23:42 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-11-11 17:23:42 117760 ------w- c:\windows\system32\prntvpt.dll
2010-11-11 17:23:41 -------- d-----w- C:\827ef212bf98adc8b707f4
2010-11-11 17:09:46 -------- d-----w- c:\windows\system32\scripting
2010-11-11 17:09:46 -------- d-----w- c:\windows\l2schemas
2010-11-11 17:09:45 -------- d-----w- c:\windows\system32\en
2010-11-11 17:09:45 -------- d-----w- c:\windows\system32\bits
2010-11-11 17:07:53 -------- d-----w- c:\windows\network diagnostic
2010-11-11 17:02:59 20992 ------w- c:\windows\system32\faxpatch.exe
2010-11-11 16:43:02 -------- d-----w- c:\windows\ServicePackFiles
2010-11-11 16:40:44 -------- d-----w- c:\program files\Windows Media Connect 2
2010-11-11 16:39:59 -------- d-----w- c:\windows\system32\LogFiles
2010-11-11 16:37:22 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-11 16:37:13 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-11 16:36:31 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-11 16:32:25 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-11 16:32:25 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-11 16:32:23 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-11 16:31:21 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-11 16:31:18 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-11 16:31:18 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-11 16:30:17 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-11-11 16:30:10 -------- d-----w- c:\windows\system32\PreInstall
2010-11-11 16:26:50 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-11 16:26:50 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-11-11 16:19:00 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-11-11 16:19:00 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-11-11 16:19:00 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-11-11 16:19:00 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-11-11 16:18:59 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-11-11 16:18:24 -------- d-sh--w- c:\documents and settings\administrator\UserData
2010-11-11 16:15:52 274 ----a-w- c:\windows\srcpath.reg

==================== Find3M ====================

2010-09-18 18:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 14:16:29 81920 ------w- c:\windows\system32\ieencode.dll

============= FINISH: 19:50:15.56 ===============

Any help at all would be greatly appreciated. If you have any requests or suggests please let me know. I'll do my best. Thanks in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:02 AM

Posted 14 December 2010 - 11:31 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:02 AM

Posted 17 December 2010 - 11:24 PM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:02 AM

Posted 21 December 2010 - 12:31 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users