Jump to content
Sign in to follow this  
thehulk18

Weird Porn Popups

Recommended Posts

Good morning all you Trusted Advisors. Usually in the morning first thing I do on PC is check the AVG results from the overnight scan. This morning when i clicked and removed the screensaver, I was greeted with a bunch of porn pictures and writing in German. They kept coming back at random times while on line. I ran MalwareBytes in safe mode and it found nothing. AVG found two Trojan Downloaders and vaulted them. I ran HJT, and right after it started scanning, this window popped up:

Posted Image

 

Then completed the scan. If I follow the directioon to get into the Hosts, there are no entries from HJT

This is the log, and thanks:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:17:23 AM, on 6/7/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\ProgramData\Weather Pulse 2.2.4.4\weatherpulse.exe

C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Olympus\ib\olycamdetect.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Users\Bob\AppData\Roaming\mjusbsp\magicJack.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\HJT\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cfnews13.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"

O4 - HKCU\..\Run: [WeatherPulse] C:\ProgramData\Weather Pulse 2.2.4.4\weatherpulse.exe

O4 - HKCU\..\Run: [iE New Window Maximizer] C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe

O4 - HKCU\..\Run: [cdloader] "C:\Users\Bob\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe

 

--

End of file - 6950 bytes

 

I also ran HJT in Safe Mode as Administrator and tried removing all the entries with the @ with the same results, i.e., they were still there on the next scan.

 

TIA

Share this post


Link to post
Share on other sites

Hulk, HJT doesn't know how to process X64 ... that's why the O23's show missing files. Your lucky you weren't able to delete those operating system files.

 

Let's flush the bad DNS cache and restore MS's original Hosts file first.

Copy and paste these lines in Note pad.

 

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

 

Save as flush.bat to your desktop. Right click on the batch file and run as Administrator. The computer will reboot itself.

 

Next clean all temporary files. Type cleanmgr in the run box, then click ok.

 

Now download DDS from one of these links:

Mirror 1 Mirror 2 Mirror 3

  • Disable any script blocking protection
  • Double click the dds icon to run the tool. (run as Administrator)
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt <---this log will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your reply.

The scan will instruct you to post Attach.txt as an attachment.

No need for that though ..... just post it's contents as you would any other log.

Share this post


Link to post
Share on other sites

Hulk, HJT doesn't know how to process X64 ... that's why the O23's show missing files. Your lucky you weren't able to delete those operating system files.

 

Let's flush the bad DNS cache and restore MS's original Hosts file first.

Copy and paste these lines in Note pad.

 

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

 

Save as flush.bat to your desktop. Right click on the batch file and run as Administrator. The computer will reboot itself.

 

Next clean all temporary files. Type cleanmgr in the run box, then click ok.

 

Now download DDS from one of these links:

Mirror 1 Mirror 2 Mirror 3

  • Disable any script blocking protection
  • Double click the dds icon to run the tool. (run as Administrator)
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt <---this log will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your reply.

The scan will instruct you to post Attach.txt as an attachment.

No need for that though ..... just post it's contents as you would any other log.

 

Jacee...good morning young lady....just getting around to this, been under the weather...a little greener in the gills than normal hulk color...lol thanks for for your patience:

 

 

DDS (Ver_10-03-17.01) - NTFSX64

Run by Bob at 3:28:51.73 on Sat 06/19/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1791.833 [GMT -4:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

C:\Windows\system32\lsm.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\lxcycoms.exe

C:\ProgramData\Weather Pulse 2.2.4.4\weatherpulse.exe

C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Olympus\ib\olycamdetect.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe

C:\Program Files (x86)\AVG\AVG9\avgemc.exe

C:\Program Files (x86)\AVG\AVG9\avgnsa.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Bob\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.cfnews13.com/

mLocal Page = c:\windows\syswow64\blank.htm

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

uRun: [WeatherPulse] c:\programdata\weather pulse 2.2.4.4\weatherpulse.exe

uRun: [iE New Window Maximizer] c:\program files (x86)\ie new window maximizer\iemaximizer.exe

uRun: [cdloader] "c:\users\bob\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Olympus ib] "c:\program files (x86)\olympus\ib\olycamdetect.exe" /Startup

mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe

mRun: [MDS_Menu] "c:\program files (x86)\olympus\ib\muitransfer\muistartmenu.exe" "c:\program files (x86)\olympus\ib" updatewithcreateonce "software\olympus\ib\1.0"

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files (x86)\belarc\advisor\system\BAVoilaX.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll

AppInit_DLLs-X64: avgrssta.dll

 

============= SERVICES / DRIVERS ===============

 

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-4-14 269320]

R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-4-14 35536]

R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-4-14 317520]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 203264]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-4-14 916760]

R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-4-14 308064]

R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]

R2 wwEngineSvc;Window Washer Engine;c:\program files (x86)\webroot\washer\WasherSvc.exe [2010-5-30 598856]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-3-4 346144]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-4-14 136176]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-17 1255736]

 

=============== Created Last 30 ================

 

2010-06-16 20:53:46 27386256 ----a-w- c:\users\bob\AdbeRdr930_en_US.exe

2010-06-16 20:49:45 56141 ----a-w- c:\users\bob\SOACK_S19487.pdf

2010-05-31 00:19:59 0 d-----w- c:\users\bob\appdata\roaming\Webroot

2010-05-31 00:19:58 0 d-----w- c:\programdata\Webroot

2010-05-31 00:19:58 0 d-----w- c:\program files (x86)\Webroot

2010-05-31 00:19:58 0 d-----w- c:\program files (x86)\common files\Webroot Shared

2010-05-31 00:19:41 194888 ----a-w- c:\windows\Unwash6.exe

2010-05-29 02:37:29 22528 ----a-w- c:\users\bob\Dream Love.doc

2010-05-28 03:42:26 24672 ----a-w- c:\users\bob\me and ski - Copy.jpg

2010-05-28 02:30:13 292999 ----a-w- c:\users\bob\Bobby in the Bus.jpg

2010-05-28 02:26:30 20844 ----a-w- c:\users\bob\Me and Jim.jpg

2010-05-28 02:24:28 204202 ----a-w- c:\users\bob\Linda_Bren_holly.jpg

2010-05-28 02:22:34 159212 ----a-w- c:\users\bob\me and ski.jpg

2010-05-26 14:11:47 20697 ----a-w- c:\users\bob\livepreview.jpg

2010-05-26 04:33:21 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-05-26 04:33:21 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-25 11:14:04 153376 ----a-w- c:\windows\syswow64\javaws.exe

2010-05-25 11:14:04 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-05-25 11:14:04 145184 ----a-w- c:\windows\syswow64\java.exe

2010-05-25 11:11:54 0 d-----w- c:\programdata\Sun

2010-05-25 11:11:24 423656 ----a-w- c:\windows\syswow64\deployJava1.dll

2010-05-23 22:44:32 0 d-----w- c:\users\bob\appdata\roaming\Auslogics

2010-05-23 22:44:19 0 d-----w- c:\program files (x86)\Auslogics

2010-05-23 17:00:20 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-23 17:00:08 0 d-----w- c:\users\bob\appdata\roaming\Malwarebytes

2010-05-23 17:00:03 0 d-----w- c:\programdata\Malwarebytes

2010-05-23 17:00:02 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-05-20 11:07:11 97792 --sha-w- c:\users\bob\Thumbs.db

 

==================== Find3M ====================

 

2010-06-02 15:47:32 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2010-06-02 15:47:32 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-06 13:47:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys

2010-04-14 21:19:04 12976 ----a-w- c:\windows\system32\avgrssta.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

 

============= FINISH: 3:29:11.73 ===============

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-03-17.01)

 

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 4/14/2010 3:19:34 PM

System Uptime: 6/19/2010 3:21:00 AM (0 hours ago)

 

Motherboard: Dell Inc. | | 0F896N

Processor: AMD Sempron Processor LE-1300 | AM2 | 2300/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 298 GiB total, 198.033 GiB free.

D: is CDROM ()

G: is Removable

H: is Removable

 

==== Disabled Device Manager Items =============

 

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\6&1C1F09FC&0&1

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\6&1C1F09FC&0&1

Service:

 

==== System Restore Points ===================

 

 

==== Installed Programs ======================

 

Acrobat.com

Active@ KillDisk FREE Suite

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.3.2

Advanced SystemCare 3

AnswerWorks Runtime

Apple Application Support

Apple Software Update

AusLogics Disk Defrag

AVG Free 9.0

Belarc Advisor 8.1

CleanUp!

Corel Applications

Google Toolbar for Internet Explorer

Google Update Helper

HijackThis 2.0.2

IE New Window Maximizer 2.4

IrfanView (remove only)

Java Auto Updater

Java 6 Update 21

Malwarebytes' Anti-Malware

Microsoft Corporation

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Word Viewer 2003

Microsoft Reader

Microsoft Visual C++ 2005 Redistributable

OLYMPUS ib

QuickTime

Realtek 8136 8168 8169 Ethernet Driver

Roxio PhotoSuite 5

Visual C++ 8.0 Runtime Setup Package (x64)

Weather Pulse 2.2.4.4

Window Washer

Yahoo! Messenger

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites
Sign in to follow this  

×