Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Infected with a virus, getting popups and speaking popups
   
BullGuard Antivirus Forum > Virus Removal > Removal Tools > Infected with a virus, getting popups and speaking popups  
Forum Quick Jump
 
New Topic Post reply to : Infected with a virus, getting popups and speaking popups Printable version of : Infected with a virus, getting popups and speaking popups
[ << Previous Thread | Next Thread >> ]

KMB1999
Trusted Member


Date Joined Jan 2009
Total Posts : 106
  		   Posted 4/5/2011 2:17 AM (GMT +3)    Quote: Infected with a virus, getting popups and speaking popupsAlert an admin about: Infected with a virus, getting popups and speaking popups
Hello.  I am still on my old system and it runs Windows XP, SP3.  I think the virus(es) came from an infected email but am not sure.  I ran malwarebytes which found nothing and then Spybot which found and supposedly got rid of 2 things that I did not recognize-1)Microsoft.windows.security.internet explorer and 2)virtumonde(Trojansc-05).  After running the scans, I restarted my computer and every website I visit, I am still getting a talking popup asking me to fill out a survey or to "click here to check my updated credit score".  I have ignored both.  Yesterday I was also getting a Norton popup page that asked if I wanted my system scanned.  There was no where to press to "x" it out but I did something that I thought got rid of it.  I probably added more viruses to the computer by whatever I did to remove it.  Any help ASAP would be appreciated.  Thanks
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12862
  		   Posted 4/5/2011 5:27 AM (GMT +3)    Quote: Infected with a virus, getting popups and speaking popupsAlert an admin about: Infected with a virus, getting popups and speaking popups
Hello    smile
 
 
 
Please download combofix:  Here
Save it to Desktop.
 
Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix.
There are details for disabling many programmes: Here
 
Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.
Usually located in c:\combofix.txt, please post it to your next reply
 
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

KMB1999
Trusted Member


Date Joined Jan 2009
Total Posts : 106
  		   Posted 4/5/2011 6:17 AM (GMT +3)    Quote: Infected with a virus, getting popups and speaking popupsAlert an admin about: Infected with a virus, getting popups and speaking popups
ComboFix 11-04-04.01 - KB 04/04/2011 22:46:52.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.483 [GMT -4:00]
Running from: c:\documents and settings\KB\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\KB\My Documents\DPE.DUS
.
.
((((((((((((((((((((((((( Files Created from 2011-03-05 to 2011-04-05 )))))))))))))))))))))))))))))))
.
.
2011-04-03 00:19 . 2011-04-03 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-03-29 20:37 . 2011-03-30 02:16 -------- d-----w- c:\documents and settings\KB\Local Settings\Application Data\AskToolbar
2011-03-29 20:37 . 2011-03-29 20:37 -------- d-----w- c:\program files\Ask.com
2011-03-29 20:36 . 2011-03-29 20:36 -------- d-----w- c:\program files\Play Pickle
2011-03-26 17:27 . 2011-03-26 17:27 -------- d-----w- c:\program files\Common Files\supportsoft
2011-03-20 14:51 . 2011-03-20 14:54 -------- dc----w- C:\3-20-2011
2011-03-19 13:27 . 2011-03-19 13:31 -------- dc----w- C:\3-19-2011
2011-03-15 19:32 . 2011-03-15 19:35 -------- dc----w- C:\3-15-2011
2011-03-14 14:21 . 2011-03-14 14:25 -------- dc----w- C:\3-14-2011
2011-03-07 21:36 . 2011-03-07 21:39 -------- dc----w- C:\3-7-2011
2011-03-07 13:34 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-03-07 13:34 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-03-07 13:34 . 2011-03-07 13:34 -------- d-----w- c:\windows\Logs
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2003-08-08 01:47 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-08-08 01:44 186880 ------w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2003-08-08 01:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2003-08-08 01:35 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2003-08-08 02:02 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2001-08-30 10:30 290048 ----a-w- c:\windows\system32\atmfd.dll
2009-04-01 02:47 . 2009-01-16 22:54 324976 -c--a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-01-29_05.35.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-04 14:35 . 2011-04-04 14:35 16384 c:\windows\temp\Perflib_Perfdata_400.dat
- 2001-08-30 10:30 . 2010-11-15 15:06 71614 c:\windows\system32\perfc009.dat
+ 2001-08-30 10:30 . 2011-03-23 21:00 71614 c:\windows\system32\perfc009.dat
+ 2003-08-08 01:28 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
- 2003-08-08 01:28 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
+ 2006-11-08 02:03 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 02:03 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
- 2005-07-20 15:52 . 2004-09-09 04:09 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 86016 c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll
- 2005-07-20 15:52 . 2004-09-09 04:09 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe
+ 2011-02-02 13:35 . 2011-02-02 13:35 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe
+ 2011-02-02 13:35 . 2011-02-02 13:35 79488 c:\windows\system32\Macromed\Shockwave 10\gtapi.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
- 2005-07-20 15:52 . 2004-09-09 04:05 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2003-08-08 01:23 . 2010-12-20 23:59 43520 c:\windows\system32\licmgr10.dll
- 2003-08-08 01:23 . 2010-11-06 00:26 43520 c:\windows\system32\licmgr10.dll
+ 2001-08-30 10:30 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
- 2001-08-30 10:30 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
+ 2010-05-01 22:45 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-05-01 22:45 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
- 2006-05-10 05:23 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-05-10 05:23 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 20:17 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 20:17 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2003-08-08 01:23 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2003-08-08 01:23 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-05-10 05:22 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2001-08-30 10:30 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
- 2001-08-30 10:30 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2011-02-27 19:29 . 2011-02-27 19:29 87711 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2011-02-02 13:46 . 2011-02-02 13:46 98304 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2011-02-02 13:55 . 2011-02-02 13:55 68536 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2011-02-27 19:30 . 2011-02-27 19:30 24064 c:\windows\Installer\e970ec1.msi
+ 2009-06-15 20:42 . 2011-03-10 04:02 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-06-15 20:42 . 2011-01-13 04:03 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-06-15 20:42 . 2011-01-13 04:03 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-06-15 20:42 . 2011-03-10 04:02 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-06-15 20:42 . 2011-03-10 04:02 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-06-15 20:42 . 2011-01-13 04:03 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-02-10 04:04 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-10 04:03 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-10 04:03 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-10 04:03 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-10 04:03 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2011-02-10 04:03 . 2009-12-14 07:08 33280 c:\windows\$NtUninstallKB2476687$\csrsrv.dll
+ 2011-03-01 04:02 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971029\update\spcustom.dll
+ 2011-03-01 04:02 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971029\spmsg.dll
+ 2011-02-10 04:09 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2485376\update\spcustom.dll
+ 2011-02-10 04:09 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2485376\spmsg.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2483185\update\spcustom.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2483185\spmsg.dll
+ 2011-02-10 04:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll
+ 2011-02-10 04:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 12800 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 66560 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 55296 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 43520 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 25600 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479628\update\spcustom.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479628\spmsg.dll
+ 2011-02-10 04:09 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478971\update\spcustom.dll
+ 2011-02-10 04:09 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478971\spmsg.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478960\update\spcustom.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478960\spmsg.dll
+ 2011-02-10 04:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2476687\update\spcustom.dll
+ 2011-02-10 04:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2476687\spmsg.dll
+ 2010-12-09 14:29 . 2010-12-09 14:29 33280 c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2393802\update\spcustom.dll
+ 2011-02-09 11:56 . 2010-12-09 15:15 16896 c:\windows\$hf_mig$\KB2393802\update\mpsyschk.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2393802\spmsg.dll
+ 2011-02-02 13:47 . 2011-02-02 13:47 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
- 2004-02-06 22:05 . 2010-11-06 00:26 916480 c:\windows\system32\wininet.dll
+ 2004-02-06 22:05 . 2010-12-20 23:59 916480 c:\windows\system32\wininet.dll
- 2001-08-30 10:30 . 2008-04-14 00:12 135168 c:\windows\system32\shsvcs.dll
+ 2001-08-30 10:30 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
+ 2001-08-30 10:30 . 2011-03-23 21:00 441804 c:\windows\system32\perfh009.dat
- 2001-08-30 10:30 . 2010-11-15 15:06 441804 c:\windows\system32\perfh009.dat
- 2001-08-30 10:30 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
+ 2001-08-30 10:30 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll
+ 2001-08-30 10:30 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
+ 2003-08-08 01:35 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll
- 2003-08-08 01:35 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
+ 2006-11-08 02:03 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll
- 2006-11-08 02:03 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
+ 2011-04-02 21:18 . 2011-04-02 21:18 292216 c:\windows\system32\Macromed\Shockwave 10\syminstallstub.exe
+ 2011-02-02 13:35 . 2011-02-02 13:35 136568 c:\windows\system32\Macromed\Shockwave 10\SCC.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 475136 c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 606208 c:\windows\system32\Macromed\Shockwave 10\iml32X.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 798208 c:\windows\system32\Macromed\Shockwave 10\gi.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 471040 c:\windows\system32\Macromed\Shockwave 10\Control.dll
+ 2001-08-30 10:30 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
- 2001-08-30 10:30 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
- 2001-08-30 10:30 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2001-08-30 10:30 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
+ 2003-08-08 00:48 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll
- 2003-08-08 00:48 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
+ 2003-08-08 00:48 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll
- 2003-08-08 00:48 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
- 2003-08-08 00:48 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
+ 2003-08-08 00:48 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
+ 2006-05-10 05:23 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-05-10 05:23 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-07-27 23:17 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
- 2003-08-08 01:47 . 2008-04-14 00:12 270848 c:\windows\system32\dllcache\sbe.dll
+ 2003-08-08 01:47 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
+ 2006-10-17 17:04 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 17:04 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-04-14 22:42 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
+ 2006-05-10 05:23 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:23 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-09 20:17 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-09 20:17 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-04-14 22:42 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-04-14 22:42 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
- 2010-05-01 22:45 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-05-01 22:45 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-05-10 05:22 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:22 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-10 10:53 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-10 10:53 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2006-11-07 08:27 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 08:27 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 08:26 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-07 08:26 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2003-08-08 01:44 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
- 2003-08-08 01:44 . 2008-04-14 00:11 186880 c:\windows\system32\dllcache\encdec.dll
+ 2010-04-20 05:30 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
- 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2011-02-02 13:46 . 2011-02-02 13:46 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2011-02-02 13:55 . 2011-02-02 13:55 469944 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1159620.exe
+ 2011-02-02 13:35 . 2011-02-02 13:35 136568 c:\windows\system32\Adobe\Shockwave 11\SCC.dll
+ 2011-02-02 13:48 . 2011-02-02 13:48 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2011-02-02 13:47 . 2011-02-02 13:47 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 798208 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2011-02-02 13:46 . 2011-02-02 13:46 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2011-02-02 13:55 . 2011-02-02 13:55 215992 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2011-02-02 13:47 . 2011-02-02 13:47 135168 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2010-05-04 15:37 . 2011-01-29 20:31 861120 c:\windows\Installer\SandboxieInstall32.exe
+ 2011-03-26 17:27 . 2011-03-26 17:27 422912 c:\windows\Installer\98a6a1.msi
- 2009-06-15 20:42 . 2011-01-13 04:03 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-06-15 20:42 . 2011-03-10 04:02 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-06-15 20:42 . 2011-01-13 04:03 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-06-15 20:42 . 2011-03-10 04:02 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
- 2009-06-15 20:42 . 2011-01-13 04:03 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-06-15 20:42 . 2011-03-10 04:02 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
- 2009-06-15 20:42 . 2011-01-13 04:03 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2009-06-15 20:42 . 2011-03-10 04:02 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2011-03-29 20:37 . 2011-03-29 20:37 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2011-02-10 04:03 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-10 04:04 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-10 04:04 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-10 04:03 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-10 04:03 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-10 04:03 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-10 04:04 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-10 04:04 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-10 04:04 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-10 04:04 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-10 04:04 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2011-03-01 04:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971029$\spuninst\updspapi.dll
+ 2011-03-01 04:02 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971029$\spuninst\spuninst.exe
+ 2011-03-01 04:02 . 2008-04-14 00:12 135168 c:\windows\$NtUninstallKB971029$\shsvcs.dll
+ 2011-02-10 04:08 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2485376$\spuninst\updspapi.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2485376$\spuninst\spuninst.exe
+ 2011-02-10 04:08 . 2010-10-28 13:13 290048 c:\windows\$NtUninstallKB2485376$\atmfd.dll
+ 2011-02-10 04:08 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2483185$\spuninst\updspapi.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2483185$\spuninst\spuninst.exe
+ 2011-02-10 04:08 . 2008-04-14 00:12 438272 c:\windows\$NtUninstallKB2483185$\shimgvw.dll
+ 2011-02-10 04:08 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2479628$\spuninst\updspapi.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2479628$\spuninst\spuninst.exe
+ 2011-02-10 04:09 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478971$\spuninst\updspapi.dll
+ 2011-02-10 04:09 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478971$\spuninst\spuninst.exe
+ 2011-02-10 04:09 . 2009-06-25 08:25 301568 c:\windows\$NtUninstallKB2478971$\kerberos.dll
+ 2011-02-10 04:02 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478960$\spuninst\updspapi.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478960$\spuninst\spuninst.exe
+ 2011-02-10 04:02 . 2009-06-25 08:25 730112 c:\windows\$NtUninstallKB2478960$\lsasrv.dll
+ 2011-02-10 04:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2476687$\spuninst\updspapi.dll
+ 2011-02-10 04:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2476687$\spuninst\spuninst.exe
+ 2011-02-10 04:02 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2393802$\spuninst\updspapi.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2393802$\spuninst\spuninst.exe
+ 2011-02-10 04:01 . 2009-02-09 12:10 714752 c:\windows\$NtUninstallKB2393802$\ntdll.dll
+ 2011-03-01 04:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971029\update\updspapi.dll
+ 2011-03-01 04:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971029\update\update.exe
+ 2011-03-01 04:02 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971029\spuninst.exe
+ 2009-07-27 22:13 . 2009-07-27 22:13 135168 c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
+ 2011-02-10 04:09 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2485376\update\updspapi.dll
+ 2011-02-10 04:09 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2485376\update\update.exe
+ 2011-02-10 04:09 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2485376\spuninst.exe
+ 2011-01-07 14:09 . 2011-01-07 14:09 290048 c:\windows\$hf_mig$\KB2485376\SP3QFE\atmfd.dll
+ 2011-02-10 04:08 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2483185\update\updspapi.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2483185\update\update.exe
+ 2011-02-10 04:08 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2483185\spuninst.exe
+ 2011-01-21 14:42 . 2011-01-21 14:42 439808 c:\windows\$hf_mig$\KB2483185\SP3QFE\shimgvw.dll
+ 2011-02-10 04:04 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2482017-IE8\update\updspapi.dll
+ 2011-02-10 04:04 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2482017-IE8\update\update.exe
+ 2011-02-10 04:04 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2482017-IE8\spuninst.exe
+ 2011-02-09 12:00 . 2010-12-20 23:58 919552 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 206848 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\occache.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 611840 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mstime.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 602112 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeeds.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 247808 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieproxy.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 184320 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iepeers.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 743424 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedvtool.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 387584 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedkcs32.dll
+ 2011-02-09 12:00 . 2010-12-20 12:48 173568 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ie4uinit.exe
+ 2011-02-10 04:08 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2479628\update\updspapi.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2479628\update\update.exe
+ 2011-02-10 04:08 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2479628\spuninst.exe
+ 2011-02-10 04:09 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478971\update\updspapi.dll
+ 2011-02-10 04:09 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478971\update\update.exe
+ 2011-02-10 04:09 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478971\spuninst.exe
+ 2010-12-22 12:32 . 2010-12-22 12:32 301568 c:\windows\$hf_mig$\KB2478971\SP3QFE\kerberos.dll
+ 2011-02-10 04:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478960\update\updspapi.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478960\update\update.exe
+ 2011-02-10 04:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478960\spuninst.exe
+ 2010-12-20 17:24 . 2010-12-20 17:24 730112 c:\windows\$hf_mig$\KB2478960\SP3QFE\lsasrv.dll
+ 2011-02-10 04:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2476687\update\updspapi.dll
+ 2011-02-10 04:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2476687\update\update.exe
+ 2011-02-10 04:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2476687\spuninst.exe
+ 2011-02-10 04:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2393802\update\updspapi.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2393802\update\update.exe
+ 2011-02-10 04:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2393802\spuninst.exe
+ 2011-02-09 11:56 . 2010-12-09 15:15 718336 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
+ 2001-08-30 10:30 . 2010-12-31 13:10 1854976 c:\windows\system32\win32k.sys
- 2004-01-21 21:20 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll
+ 2004-01-21 21:20 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll
+ 2004-07-21 14:59 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
- 2004-07-21 14:59 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2001-08-30 10:30 . 2010-12-09 13:38 2192768 c:\windows\system32\ntoskrnl.exe
+ 2001-08-17 13:48 . 2010-12-09 13:07 2069376 c:\windows\system32\ntkrnlpa.exe
+ 2004-07-07 22:37 . 2010-12-20 23:59 5961216 c:\windows\system32\mshtml.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 2224816 c:\windows\system32\Macromed\Shockwave 10\gt.exe
+ 2011-02-02 13:35 . 2011-02-02 13:35 1495040 c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll
- 2006-10-17 16:57 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll
+ 2006-10-17 16:57 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
- 2003-08-06 23:59 . 2010-12-16 11:47 1711256 c:\windows\system32\FNTCACHE.DAT
+ 2003-08-06 23:59 . 2011-02-10 04:27 1711256 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-15 01:36 . 2010-12-31 13:10 1854976 c:\windows\system32\dllcache\win32k.sys
- 2006-05-10 05:23 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-10 05:23 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2009-04-14 22:42 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-14 22:42 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-14 22:42 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-05-19 15:08 . 2010-12-20 23:59 5961216 c:\windows\system32\dllcache\mshtml.dll
+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2007-05-09 20:17 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-09 20:17 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-02-02 13:39 . 2011-02-02 13:39 1019904 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 2224816 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2011-02-02 13:41 . 2011-02-02 13:41 1802240 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2011-03-26 17:27 . 2011-03-26 17:27 3024384 c:\windows\Installer\98a69d.msi
+ 2011-03-29 20:37 . 2011-03-29 20:37 2086912 c:\windows\Installer\6ce95a5.msi
+ 2011-02-16 18:54 . 2011-02-16 18:54 4992000 c:\windows\Installer\2e46f113.msp
+ 2011-01-11 22:52 . 2011-01-11 22:52 3360768 c:\windows\Installer\2cc09c93.msp
+ 2009-06-15 20:42 . 2011-03-10 04:02 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-06-15 20:42 . 2011-01-13 04:03 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-02-10 04:03 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-10 04:03 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-10 04:04 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2009-04-14 22:42 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-04-14 22:42 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-14 22:42 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-02-10 04:08 . 2010-07-27 06:30 8462336 c:\windows\$NtUninstallKB2483185$\shell32.dll
+ 2011-02-10 04:08 . 2010-10-26 13:25 1853312 c:\windows\$NtUninstallKB2479628$\win32k.sys
+ 2011-02-10 04:01 . 2010-04-28 02:25 2189952 c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
+ 2011-02-10 04:01 . 2010-04-27 13:05 2024448 c:\windows\$NtUninstallKB2393802$\ntkrpamp.exe
+ 2011-02-10 04:01 . 2010-04-27 13:05 2066816 c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
+ 2011-02-10 04:01 . 2010-04-27 13:59 2146304 c:\windows\$NtUninstallKB2393802$\ntkrnlmp.exe
+ 2009-07-27 22:13 . 2009-07-27 22:13 8462848 c:\windows\$hf_mig$\KB971029\SP3QFE\shell32.dll
+ 2011-01-21 14:42 . 2011-01-21 14:42 8463360 c:\windows\$hf_mig$\KB2483185\SP3QFE\shell32.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 1211904 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\urlmon.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 5962240 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 1992192 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iertutil.dll
+ 2010-12-31 13:14 . 2010-12-31 13:14 1864064 c:\windows\$hf_mig$\KB2479628\SP3QFE\win32k.sys
+ 2011-02-09 11:56 . 2010-12-09 13:43 2192768 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
+ 2011-02-09 11:56 . 2010-12-09 13:09 2027008 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrpamp.exe
+ 2010-12-09 23:39 . 2010-12-09 23:39 2069376 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
+ 2011-02-09 11:56 . 2010-12-09 13:47 2148864 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlmp.exe
+ 2005-05-11 03:01 . 2011-03-10 04:03 37943240 c:\windows\system32\MRT.exe
+ 2006-11-08 02:03 . 2010-12-21 10:29 11080704 c:\windows\system32\ieframe.dll
- 2006-11-08 02:03 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll
- 2007-05-09 20:17 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-09 20:17 . 2010-12-21 10:29 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-02-10 04:04 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 11082752 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieframe.dll
.
Back to Top
 

KMB1999
Trusted Member


Date Joined Jan 2009
Total Posts : 106
  		   Posted 4/5/2011 6:18 AM (GMT +3)    Quote: Infected with a virus, getting popups and speaking popupsAlert an admin about: Infected with a virus, getting popups and speaking popups
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02F0243C-2E71-4a1a-A790-6C30888119D0}]
2011-03-29 20:36 168960 ----a-w- c:\program files\Play Pickle\pptl.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9}]
2011-03-29 20:36 253952 ----a-w- c:\program files\Play Pickle\playpicklelib32.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 02:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2009-07-01 81920]
"SacReminder"="c:\documents and settings\All Users\Application Data\OfficeGuardian\reminder\SacReminder.exe" [2009-06-02 825152]
"SansaDispatch"="c:\documents and settings\KB\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-12-10 79872]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-01-12 405736]
"Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2009-08-16 167936]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"SmileboxTray"="c:\documents and settings\KB\Application Data\Smilebox\SmileboxTray.exe" [2011-03-25 313160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-31 180269]
"PROMon.exe"="PROMon.exe" [2002-04-18 73728]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 66048]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-07 65536]
"CTHelper"="CTHELPER.EXE" [2002-07-02 24576]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-19 684032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"QAGENT"="c:\program files\QUICKENW\QAGENT.EXE" [2001-08-01 94208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2010-10-07 106496]
"Play Pickle"="c:\program files\Play Pickle\playpickle32.exe" [2011-03-29 242688]
.
c:\documents and settings\KB\Start Menu\Programs\Startup\
DeskFlag.lnk - c:\program files\Tiger Technologies\DeskFlag\deskflag.exe [2001-10-10 184320]
PowerReg Scheduler.exe [2007-8-11 256000]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 7.0 Tray Icon.lnk - c:\program files\America Online 7.0a\aoltray.exe [2003-8-11 32838]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-6 24633]
Verizon Online Support Center.lnk - c:\program files\Verizon Online\bin\matcli.exe [2004-12-11 204800]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"eBayToolbar"=c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"Microsoft Works Portfolio"=c:\program files\Microsoft Works\WksSb.exe /AllUsers
"MMTray"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe"
"osCheck"="c:\program files\Norton 360\osCheck.exe"
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
"WorksFUD"=c:\program files\Microsoft Works\wkfud.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9212:TCP"= 9212:TCP:SkyCaddie Desktop
"9210:UDP"= 9210:UDP:SkyCaddie Desktop
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/13/2010 1:13 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/13/2010 1:13 PM 17744]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [8/7/2003 12:08 PM 34712]
S1 enum13944;enum13944;c:\windows\system32\drivers\enum13944.sys --> c:\windows\system32\drivers\enum13944.sys [?]
S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 03:33]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 03:33]
.
2011-04-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 02:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aol.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {BCD5A227-8720-497B-AF5F-4403E94342E3} - hxxps://netservices.verizon.net/portal/verizon/passwdchg/activex/DSLControl.cab
DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - hxxp://download.verizon.net/sfp/Cabs/max_update/cVOLUpdate_1-0-0.cab
FF - ProfilePath - c:\documents and settings\KB\Application Data\Mozilla\Firefox\Profiles\t5m4x3bz.default\
FF - prefs.js: browser.startup.homepage - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~2\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-04 22:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\KB\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?"?0?"? ?c?e?l?l?s?p?a?c?i?n?g?=?"?0?"? ?c?l?a?s?s?=?"?t?e?x?t?"?>? ?<?t?r?>?<?t?d?>?C
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-04-04 23:09:42
ComboFix-quarantined-files.txt 2011-04-05 03:09
ComboFix2.txt 2011-01-29 05:39
ComboFix3.txt 2010-09-20 04:20
ComboFix4.txt 2010-05-25 17:19
.
Pre-Run: 16,953,376,768 bytes free
Post-Run: 16,993,501,184 bytes free
.
- - End Of File - - A08E61E43661F9644798C05A00D2CF06
Back to Top
 

KMB1999
Trusted Member


Date Joined Jan 2009
Total Posts : 106
  		   Posted 4/7/2011 5:37 PM (GMT +3)    Quote: Infected with a virus, getting popups and speaking popupsAlert an admin about: Infected with a virus, getting popups and speaking popups
The log file is above. The talking pop-ups have stopped. Would combofix have solved this problem or do I need to run something else to make sure the system is clean?

Thanks!!
Back to Top
 

KMB1999
Trusted Member


Date Joined Jan 2009
Total Posts : 106
  		   Posted 4/17/2011 11:54 PM (GMT +3)    Quote: Infected with a virus, getting popups and speaking popupsAlert an admin about: Infected with a virus, getting popups and speaking popups
Am still getting silent popups-one asked my to enter information for my credit report. Of course, I did not do it. Do I need to run ComboFix again? Thanks for your help!
Back to Top
 

JeanAHough
New Member


Date Joined Jun 2011
Total Posts : 4
  		   Posted 7/6/2011 12:36 AM (GMT +3)    Quote: Infected with a virus, getting popups and speaking popupsAlert an admin about: Infected with a virus, getting popups and speaking popups
Hi KMB1999,

Try to follow these steps:

d3dx9_31.dll
This is because you are missing a file.
Step 1. You can download www.d3dx9.net/download-missing-d3dx9_31-dll/ here.
Step 2. Paste this file into your system32 and system folder. Also put it in your syswow
Step 3. Navigate to your System32(32Bit OS) or SyWOW64(64Bit OS) Folder.
Note: The location of System32 or SyWOW64 is
C:Windows\System32 (If you are using 32Bit Windows)
C:\Windows\SysWOW64 (if you are using 64Bit Windows)
Step 4.Paste the d3dx9_31.dll into this folder.
Step 5.Run the game. It might work now.
Back to Top
 
New Topic Post reply to : Infected with a virus, getting popups and speaking popups Printable version of : Infected with a virus, getting popups and speaking popups
 
Forum Information
Currently it is Friday, May 24, 2013 11:57 PM (GMT +3)
There are a total of 59,537 posts in 13,142 threads.
In the last 3 days there were 3 new threads and 16 reply posts. View Active Threads
Who's Online
This forum has 34621 registered members. Please welcome our newest member, ACSIUS.
28 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Cannot clean/ delete the internet cache/ temp folder from Chrome (9)5/24/2013 4:58:43 PM (Eddy Vl)
Empty tmp folders (45)5/24/2013 8:11:43 AM (Andreea-Luciana Ostache)
Modem restart (1)5/24/2013 8:03:07 AM (Andreea-Luciana Ostache)
Bullguard IS 2014 beta (6)5/24/2013 7:32:14 AM (survivor)
BullGuard Premium Protection (0)5/23/2013 1:37:21 PM (Nedim)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard Internet Security