BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Virus Removal Help!!! automated webpage pop up
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Virus Removal Help!!! automated webpage pop up  
Forum Quick Jump
 
New Topic Post reply to : Virus Removal Help!!! automated webpage pop up Printable version of : Virus Removal Help!!! automated webpage pop up
[ << Previous Thread | Next Thread >> ]

nulmer
New Member


Date Joined Aug 2010
Total Posts : 4
 
   Posted 8/27/2010 4:09 AM (GMT +2)    Quote: Virus Removal Help!!! automated webpage pop upAlert an admin about: Virus Removal Help!!! automated webpage pop up
This pop up will simply not go away. Ive deleted anything with its name in the registry and ive deleted it with malwarebytes and ive killed it with File Assassin. it still will not go away. It goes away for a few minutes, but it looks like it has corrupted or coppied mshta.exe and that is what it keeps using, but it is just a website popup that i cannot do anything to other than click the x. here will be the page but i guess dont click on it or you might get it too.

it is in temporary internet files page. This is on a windows 7 computer so alot of the tools dont work on it.
http:\\crocus93.grey.ero0101.com/reg2.php?cid=41e08b2a93fb7795cc880ce98780f26

Please help.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 8/27/2010 4:24 AM (GMT +2)    Quote: Virus Removal Help!!! automated webpage pop upAlert an admin about: Virus Removal Help!!! automated webpage pop up
Hello nulmer and welcome to BG   smile
 
 
 
We need to get a comprehensive report of what is present in your system.
Therefore,
please follow this guide:

 Follow the instructions and copy the logs here,
in this Topic.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
 

 

Back to Top
 

nulmer
New Member


Date Joined Aug 2010
Total Posts : 4
 
   Posted 8/27/2010 6:21 AM (GMT +2)    Quote: Virus Removal Help!!! automated webpage pop upAlert an admin about: Virus Removal Help!!! automated webpage pop up
DDS (Ver_10-03-17.01) - NTFSX64
Run by Ulmer at 23:14:27.43 on Thu 08/26/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3832.1993 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\CCleaner\ccleaner.exe
C:\Windows\system32\mshta.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ulmer\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://rr.com/
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\17.0.0.136\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn toolbar\platform\4.0.0369.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files (x86)\msn toolbar\platform\4.0.0369.0\npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\17.0.0.136\coIEPlg.dll
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
mRun-x64: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background
mRun-x64: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\x64\3\EKIJ5000MUI.exe
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ulmer\appdata\roaming\mozilla\firefox\profiles\jlrj4n7n.default\
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\msn toolbar\platform\4.0.0369.0\npwinext.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\default\appdata\local\huludesktop\instances\0.9.11.1\nphdplg.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2010-5-29 230456]
R0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwa.sys [2010-8-26 27216]
R0 AvgRkx64;avgrkx64.sys;c:\windows\system32\drivers\avgrkx64.sys [2010-8-26 56008]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6a.sys [2010-8-26 29976]
R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-8-26 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-8-26 35536]
R1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-8-26 317520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-29 202752]
R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\amd\raidxpert\bin\RAIDXpertService.exe [2009-12-15 122880]
R2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-8-26 921952]
R2 avg9wd;AVG WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-8-26 308136]
R2 avgfws9;AVG Firewall;c:\program files (x86)\avg\avg9\avgfws9.exe [2010-8-26 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-26 5897808]
R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
R2 NIS;Norton Internet Security;c:\program files (x86)\norton internet security\engine\17.0.0.136\ccSvcHst.exe [2010-5-29 126392]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-5-29 6366720]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-5-29 186880]
R3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSDriver.sys [2010-8-26 132688]
R3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSFilter.sys [2010-8-26 35920]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28x.sys [2010-5-29 852256]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-5-29 346144]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-5-29 39480]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-7-23 136176]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2010-1-19 23536]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-25 1255736]

=============== Created Last 30 ================

2010-08-27 03:01:50 0 d-----w- c:\program files (x86)\Trend Micro
2010-08-27 02:39:42 0 d-----w- c:\program files (x86)\CCleaner
2010-08-27 01:05:01 0 d-----w- c:\windows\pss
2010-08-27 00:05:30 0 d-----w- c:\users\ulmer\appdata\roaming\Malwarebytes
2010-08-27 00:05:22 0 d-----w- c:\programdata\Malwarebytes
2010-08-27 00:05:21 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-27 00:05:21 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-26 23:17:49 27216 ----a-w- c:\windows\system32\drivers\AVGIDSwa.sys
2010-08-26 23:17:49 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-08-26 23:17:48 56008 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2010-08-26 23:17:42 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-08-26 23:17:36 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-08-26 23:17:35 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-08-26 23:17:34 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-26 23:16:06 29976 ----a-w- c:\windows\system32\drivers\avgfwd6a.sys
2010-08-26 23:15:06 0 d-----w- c:\program files (x86)\AVG
2010-08-26 23:14:45 0 d-----w- c:\programdata\avg9
2010-08-26 23:03:20 0 d-----w- c:\programdata\SecTaskMan
2010-08-26 23:03:15 0 d-----w- c:\program files (x86)\Security Task Manager
2010-08-24 23:09:53 0 d-----w- c:\program files\WinRAR
2010-08-24 22:51:40 0 d-----w- c:\programdata\MSScanAppDataDir
2010-08-24 22:51:40 0 d-----w- c:\programdata\kds_kodak
2010-08-23 15:18:13 376 ----a-w- c:\windows\ODBC.INI
2010-08-23 15:17:26 0 d-----w- c:\program files (x86)\Microsoft ActiveSync
2010-08-22 03:08:21 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-08-22 03:07:23 0 d-----r- c:\program files (x86)\Skype
2010-08-22 03:07:21 0 d-----w- c:\programdata\Skype
2010-08-12 20:13:07 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 20:13:07 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 20:13:07 340992 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 20:13:07 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-12 20:13:07 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-12 20:13:03 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 20:13:02 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 20:13:02 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-08-12 20:13:02 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-08-12 20:13:00 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-08-11 23:40:32 0 d-----w- c:\users\ulmer\appdata\roaming\Windows Live Writer
2010-08-10 21:58:11 0 ----a-w- c:\users\ulmer\appdata\roaming\wklnhst.dat
2010-08-08 00:42:56 0 d-----w- c:\programdata\Eastman Kodak Company
2010-08-08 00:40:15 0 d-----w- c:\windows\syswow64\kodak
2010-08-08 00:39:21 0 d-----w- c:\windows\syswow64\spool
2010-08-08 00:37:52 0 d-----w- c:\program files (x86)\Kodak
2010-08-08 00:36:18 0 d-----w- c:\users\ulmer\appdata\roaming\Temp
2010-08-08 00:34:21 0 d-----w- c:\programdata\Kodak
2010-08-02 18:26:19 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-30 17:00:30 0 d-----w- c:\programdata\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
2010-07-30 17:00:10 0 d-----w- c:\users\ulmer\appdata\roaming\hpqLog
2010-07-30 16:59:40 0 d-----w- c:\users\ulmer\appdata\roaming\WinBatch
2010-07-30 15:59:38 0 d-----w- c:\users\ulmer\appdata\roaming\HP Support Assistant
2010-07-29 17:45:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== Find3M ====================

2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-23 20:33:07 0 --sha-r- c:\windows\system32\drivers\103C_HP_53316J G D_p6510y_Y53316J G D_0U_QMXX021_EMXX02105CS DPS_4A_I2A92_SFOXCONN_V1.01_6.03_T100412_WU3-0_L409_M3832_J750_7AMD_8F53_92.80_#100723_N10EC8168;18143090_(WW635AA#ABA)_X_CD3_Z_2_G10029710.MRK
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-22 08:36:38 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-06-22 08:36:37 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-06-22 08:36:36 145184 ----a-w- c:\windows\syswow64\java.exe
2010-06-22 08:36:29 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-05-29 23:30:43 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-29 23:30:43 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-05-29 23:30:26 960512 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-29 23:30:26 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-05-29 23:30:17 46592 ----a-w- c:\windows\system32\msasn1.dll
2010-05-29 23:30:17 34816 ----a-w- c:\windows\syswow64\msasn1.dll
2010-05-29 23:29:51 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2010-05-29 23:29:51 1320960 ----a-w- c:\windows\syswow64\CertEnroll.dll
2010-05-29 23:29:51 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2010-05-29 23:29:51 12625408 ----a-w- c:\windows\syswow64\wmploc.DLL
2010-05-29 23:29:51 11406336 ----a-w- c:\windows\syswow64\wmp.dll
2010-05-29 23:28:55 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-05-29 23:28:55 148480 ----a-w- c:\windows\system32\t2embed.dll
2010-05-29 23:28:55 108544 ----a-w- c:\windows\syswow64\t2embed.dll
2010-05-29 23:28:55 100864 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:14:43.47 ===============
Back to Top
 

nulmer
New Member


Date Joined Aug 2010
Total Posts : 4
 
   Posted 8/27/2010 6:26 AM (GMT +2)    Quote: Virus Removal Help!!! automated webpage pop upAlert an admin about: Virus Removal Help!!! automated webpage pop up
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/23/2010 4:32:48 PM
System Uptime: 8/26/2010 7:47:24 PM (4 hours ago)

Motherboard: FOXCONN | | 2A92
Processor: AMD Athlon(tm) II X4 630 Processor | CPU 1 | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 687 GiB total, 617.827 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.416 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP16: 8/2/2010 11:30:26 PM - Windows Update
RP17: 8/5/2010 2:53:31 PM - Windows Update
RP18: 8/9/2010 12:50:35 PM - Windows Update
RP19: 8/12/2010 4:21:01 PM - Windows Update
RP20: 8/13/2010 3:00:20 AM - Windows Update
RP21: 8/13/2010 4:24:01 PM - Windows Update
RP22: 8/16/2010 4:54:26 PM - Windows Update
RP23: 8/19/2010 2:14:46 PM - Windows Update
RP24: 8/23/2010 11:16:35 AM - Installed Microsoft Office Standard Edition 2003
RP25: 8/23/2010 11:19:35 AM - Windows Update
RP26: 8/24/2010 8:50:45 AM - Windows Update
RP27: 8/24/2010 7:08:54 PM - Removed Skype Toolbars
RP28: 8/26/2010 7:07:15 PM - Move file to quarantine: {5C255C8A-E604-49b4-9D64-90988571CECB}
RP29: 8/26/2010 7:14:38 PM - Installed AVG 9.0

==== Installed Programs ======================

ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
aiofw
aioscnnr
AMD USB Filter Driver
Apple Application Support
Apple Software Update
AVG 9.0
Be!!!eled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
center
Chuzzle Deluxe
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
DVD Menu Pack for HP MediaSmart Video
Escape Rosecliff Island
Faerie Solitaire
FATE
Google Earth
Google Update Helper
HijackThis 2.0.2
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Hulu Desktop
Java Auto Updater
Java(TM) 6 Update 21
!!!el Quest 3
!!!el Quest Solitaire 2
Junk Mail filter update
KODAK AiO Home Center
ksDIP
LabelPrint
LightScribe System Software
LimeWire 5.5.10
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox (3.6.8)
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The New York Fortune
Norton Internet Security
Norton Online Backup
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PreReq
QuickTime
RAIDXpert
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Security Task Manager 1.7h
Skype™ 4.2
TextTwist 2
Virtual Families
Virtual Villagers - The Secret City
Visual C++ 8.0 Runtime Setup Package (x64)
Wheel of Fortune 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma's Revenge

==== Event Viewer Messages From Past Week ========

8/26/2010 7:46:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.
8/22/2010 8:32:20 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PAM that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9895D3E4-0B35-4537-BCEA-E9E5AF61382B}. The master browser is stopping or an election is being forced.

==== End Of File ===========================
Back to Top
 

nulmer
New Member


Date Joined Aug 2010
Total Posts : 4
 
   Posted 8/27/2010 7:25 AM (GMT +2)    Quote: Virus Removal Help!!! automated webpage pop upAlert an admin about: Virus Removal Help!!! automated webpage pop up
I dare say, system restore did the job. Its gone.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 8/27/2010 12:05 PM (GMT +2)    Quote: Virus Removal Help!!! automated webpage pop upAlert an admin about: Virus Removal Help!!! automated webpage pop up
Great   smile
 
 
Your problems are solved then ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
 

 

Back to Top
 

nulmer
New Member


Date Joined Aug 2010
Total Posts : 4
 
   Posted 8/28/2010 8:48 AM (GMT +2)    Quote: Virus Removal Help!!! automated webpage pop upAlert an admin about: Virus Removal Help!!! automated webpage pop up
yes. you can delete this post if it would save room.
Back to Top
 
New Topic Post reply to : Virus Removal Help!!! automated webpage pop up Printable version of : Virus Removal Help!!! automated webpage pop up
 
Forum Information
Currently it is Friday, November 28, 2014 12:51 PM (GMT +2)
There are a total of 60,787 posts in 13,356 threads.
In the last 3 days there were 6 new threads and 11 reply posts. View Active Threads
Who's Online
This forum has 36871 registered members. Please welcome our newest member, JeromePugh14.
11 Guest(s), 1 Registered Member(s) are currently online.  Details
never54
5 Latest Threads
Amazon infected download (5)11/28/2014 10:51:06 AM (never54)
Stilhaus Kitchens Reviews (0)11/28/2014 6:22:41 AM (forumbaru)
Is there a future for the Forum? (7)11/27/2014 3:26:01 PM (Dickens)
"Backup" did not complete due to error 102 (0)11/26/2014 11:29:09 PM (newfree)
New user having problems (2)11/26/2014 9:28:17 PM (Diski)