|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
10-17-2009, 10:58 AM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2009
Location: Quebec
Posts: 2
OS: Windows vista
|
64bit Vista Popups!
Hi, I followed your intructions and attached all the logs necessary. What's happening to my computer right now is nothing dramatic, but I simply have popups coming up even when internet isn't open, and it's getting really annoying. I've tried removing them, but I don't even know where they come from! I think the cause may be some programs I downloaded. In the last few days, I downloaded at least 10 different video editing programs because none of them corresponded to my needs. Maybe the virus comes from one of the installations, and I hope you can tell me which one, so I can remove it!
Thank You. -Raphaëlle DDS (Ver_09-10-13.01) - NTFSx86 Run by Raf at 12:57:03,67 on 2009-10-16 Internet Explorer: 8.0.6001.18828 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3998.1499 [GMT -4:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Norton Online\Engine\1.1.5.14\ccSvcHst.exe C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\SysWOW64\DllHost.exe c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\Norton Online\Engine\1.1.5.14\ccSvcHst.exe C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\msb.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\splwow64.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Raf\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://google.ca/ mWinlogon: Userinit=userinit.exe BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\16.7.2.11\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\16.7.2.11\IPSBHO.DLL BHO: Symantec Norton Safety Minder BHO: {b8e07826-0971-4f16-b133-047b88034e89} - c:\program files (x86)\norton online\addons\norton safety minder\engine\1.1.5.15\coIEPlg.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\16.7.2.11\coIEPlg.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files (x86)\norton internet security\engine\16.7.2.11\CoIEPlg.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\pxhlpa64.sys --> c:\windows\system32\drivers\PxHlpa64.sys [?] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1007020.00b\symefa64.sys --> c:\windows\system32\drivers\nisx64\1007020.00b\SYMEFA64.SYS [?] R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\nisx64\1007020.00b\bhdrvx64.sys --> c:\windows\system32\drivers\nisx64\1007020.00b\BHDrvx64.sys [?] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1007020.00b\cchpx64.sys --> c:\windows\system32\drivers\nisx64\1007020.00b\ccHPx64.sys [?] R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090916.003\IDSviA64.sys [2009-9-16 466480] R2 NOF;Norton Online;c:\program files (x86)\norton online\engine\1.1.5.14\ccSvcHst.exe [2009-10-8 117640] R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-9-12 117640] R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\caxhwazl.sys --> c:\windows\system32\drivers\CAXHWAZL.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-12 132656] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\intchdmi.sys --> c:\windows\system32\drivers\IntcHdmi.sys [?] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nisx64\1007020.00b\symndisv.sys --> c:\windows\system32\drivers\nisx64\1007020.00b\SYMNDISV.SYS [?] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-12 93184] S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw3v64.sys --> c:\windows\system32\drivers\NETw3v64.sys [?] S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968] S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\nsmx64\0101050.00f\symrdr.sys --> c:\windows\system32\drivers\nsmx64\0101050.00f\SymRdr.SYS [?] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys --> c:\windows\system32\drivers\usbaapl64.sys [?] S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys --> c:\windows\system32\drivers\yk60x64.sys [?] S4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-23 193840] S4 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2009-4-23 365952] ============== File Associations =============== JSEFile=c:\windows\syswow64\WScript.exe "%1" %* =============== Created Last 30 ================ 2009-10-15 22:01 <DIR> --d----- c:\users\raf\AdobeLicensingFilesBackup 2009-10-15 08:31 <DIR> --d----- c:\users\raf\MovieMaker 2009-10-15 08:00 165,888 a------- c:\windows\msb.exe 2009-10-15 02:28 <DIR> --d----- c:\users\raf\Adobe 2009-10-14 22:35 428,544 a------- c:\windows\system32\EncDec.dll 2009-10-14 22:35 217,088 a------- c:\windows\system32\psisrndr.ax 2009-10-14 22:35 293,376 a------- c:\windows\system32\psisdecd.dll 2009-10-14 22:35 177,664 a------- c:\windows\system32\mpg2splt.ax 2009-10-14 22:35 80,896 a------- c:\windows\system32\MSNP.ax 2009-10-14 22:33 213,504 a------- c:\windows\system32\msv1_0.dll 2009-10-14 22:33 61,440 a------- c:\windows\system32\msasn1.dll 2009-10-14 21:50 <DIR> --d----- c:\program files (x86)\MagicISO 2009-10-14 21:22 <DIR> --d----- c:\users\raf\appdata\roaming\Astroburn Lite 2009-10-14 21:22 <DIR> --d----- c:\programdata\Astroburn Lite 2009-10-14 21:22 <DIR> --d----- c:\progra~3\Astroburn Lite 2009-10-13 23:20 <DIR> --d----- c:\programdata\FLEXnet 2009-10-13 23:16 <DIR> --d----- c:\program files (x86)\common files\Sonic Shared 2009-10-13 23:16 <DIR> --d----- c:\program files (x86)\common files\PX Storage Engine 2009-10-13 22:59 <DIR> --d----- c:\program files (x86)\common files\Macrovision Shared 2009-10-13 22:58 151,040 a------- c:\windows\msa.exe 2009-10-13 08:58 <DIR> --d----- c:\program files (x86)\Vstplugins 2009-10-13 08:58 <DIR> --d----- c:\programdata\Sony 2009-10-13 08:57 <DIR> --d----- c:\program files (x86)\Sony 2009-10-13 08:56 <DIR> --d----- c:\program files (x86)\Sony Setup 2009-10-12 23:19 <DIR> --d----- c:\users\raf\appdata\roaming\Serif 2009-10-12 23:14 <DIR> --d----- c:\program files (x86)\Serif 2009-10-12 22:57 <DIR> --d----- c:\programdata\DAEMON Tools Lite 2009-10-12 22:57 <DIR> --d----- c:\progra~3\DAEMON Tools Lite 2009-10-12 22:52 <DIR> --d----- c:\users\raf\appdata\roaming\DAEMON Tools Lite 2009-10-12 20:20 <DIR> --d----- c:\program files (x86)\Movie Maker 2.6 2009-10-11 20:24 <DIR> --d----- c:\program files (x86)\Your Uninstaller 2008 2009-10-11 16:48 <DIR> --d--r-- c:\program files (x86)\Norton Support 2009-10-11 15:23 266,240 a------- c:\windows\system32\vbalTreeView6.ocx 2009-10-11 15:23 1,351,392 a------- c:\windows\system32\comctl32.ocx 2009-10-11 15:23 417,792 a------- c:\windows\system32\vbalCmdBar6.ocx 2009-10-11 15:23 262,144 a------- c:\windows\system32\lst_v.ocx 2009-10-11 15:23 212,240 a------- c:\windows\system32\RICHTX32.OCX 2009-10-11 15:23 188,928 a------- c:\windows\system32\vbuzip10.DLL 2009-10-11 15:23 167,683 a------- c:\windows\system32\COMCT232.OCX 2009-10-11 15:23 159,744 a------- c:\windows\system32\wt_menu.dll 2009-10-11 15:23 115,920 a------- c:\windows\system32\MSINET.ocx 2009-10-11 15:23 94,208 a------- c:\windows\system32\img_lst.ocx 2009-10-11 15:23 40,960 a------- c:\windows\system32\ssubtmr6.dll 2009-10-11 15:23 <DIR> --d----- c:\program files (x86)\Smarty Uninstaller Pro 2009-10-11 15:05 <DIR> --d----- c:\program files (x86)\Trend Micro 2009-10-09 21:11 <DIR> --d----- c:\programdata\muvee Technologies 2009-10-06 13:24 87,552 a------- c:\windows\system32\wudriver.dll 2009-10-06 13:23 171,608 a------- c:\windows\system32\wuwebv.dll 2009-10-06 13:23 33,792 a------- c:\windows\system32\wuapp.exe 2009-10-05 19:24 <DIR> --d----- c:\programdata\AVS4YOU 2009-10-05 19:24 <DIR> --d----- c:\progra~3\AVS4YOU 2009-10-05 19:24 <DIR> --d----- c:\users\raf\appdata\roaming\AVS4YOU 2009-10-05 19:22 <DIR> --d----- c:\program files (x86)\common files\AVSMedia 2009-10-05 19:22 974,848 a------- c:\windows\system32\mfc70.dll 2009-10-05 19:22 487,424 a------- c:\windows\system32\msvcp70.dll 2009-10-05 19:22 344,064 a------- c:\windows\system32\msvcr70.dll 2009-10-05 19:22 24,576 a------- c:\windows\system32\msxml3a.dll 2009-10-02 10:28 <DIR> --d----- c:\users\raf\appdata\roaming\Blitware 2009-09-19 23:27 56 a---h--- c:\programdata\ezsidmv.dat 2009-09-19 23:27 56 a---h--- c:\progra~3\ezsidmv.dat 2009-09-19 23:23 <DIR> --d----- c:\programdata\Skype 2009-09-16 17:27 <DIR> --d----- c:\programdata\IM 2009-09-16 17:27 <DIR> --d----- c:\progra~3\IM 2009-09-16 17:27 <DIR> --d----- c:\programdata\IncrediMail 2009-09-16 17:27 <DIR> --d----- c:\progra~3\IncrediMail ==================== Find3M ==================== 2009-09-13 23:25 86,016 a------- c:\windows\inf\infstor.dat 2009-09-13 23:25 51,200 a------- c:\windows\inf\infpub.dat 2009-09-13 23:25 86,016 a------- c:\windows\inf\infstrng.dat 2009-09-13 13:16 130,795 a------- c:\windows\hpoins18.dat 2009-09-13 12:09 411,368 a------- c:\windows\system32\deploytk.dll 2009-09-11 21:17 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE932219S_E509717-122_4A_I3612_SWistron_V09.60_F.3C_T090623_WV3-1_L409_M3999_J250_7Intel_867A_92.10_#090812_N10EC8136;168C002A_(NW143UA#ABC)_XMOBILE_CN10_Z_2F.3C.MRK 2009-09-10 11:48 93,552 a------- c:\windows\help\oem\scripts\RegRestore.exe 2009-09-10 11:48 12,288 a------- c:\windows\help\oem\scripts\BackgroundCopyManager1_5.dll 2009-09-10 11:48 9,728 a------- c:\windows\help\oem\scripts\BackgroundCopyManager.DLL 2009-08-28 08:50 331,776 a------- c:\windows\apppatch\apppatch64\AcLayers.dll 2009-08-28 08:50 281,600 a------- c:\windows\apppatch\apppatch64\AcGenral.dll 2009-08-28 08:50 100,352 a------- c:\windows\apppatch\apppatch64\acspecfc.dll 2009-08-28 08:39 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll 2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-28 06:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-27 01:22 916,480 a------- c:\windows\system32\wininet.dll 2009-08-27 01:17 109,056 a------- c:\windows\system32\iesysprep.dll 2009-08-27 01:17 71,680 a------- c:\windows\system32\iesetup.dll 2009-08-26 23:42 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL 2009-08-14 12:29 104,960 a------- c:\windows\system32\netiohlp.dll 2009-08-14 12:29 17,920 a------- c:\windows\system32\netevent.dll 2009-08-14 10:16 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-08-14 10:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-08-14 10:16 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-08-14 10:16 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-08-14 10:16 19,968 a------- c:\windows\system32\ARP.EXE 2009-08-14 10:16 10,240 a------- c:\windows\system32\finger.exe 2009-08-14 10:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-08-12 10:49 1,053,232 a------- c:\windows\system32\MFC71u.dll 2009-08-12 10:49 505,392 a------- c:\windows\system32\msvcp71.dll 2009-08-12 10:49 353,840 a------- c:\windows\system32\msvcr71.dll 2009-08-12 10:49 1,066,544 a------- c:\windows\system32\MFC71.dll 2009-08-11 20:51 17,160 a------- c:\windows\help\oem\scripts\HC_RegistrationRecovery.exe 2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll 2009-04-23 19:41 665,600 a------- c:\windows\inf\drvindex.dat 2009-04-23 19:19 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat 2009-04-23 19:19 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat 2009-04-23 19:19 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat 2009-04-23 19:19 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat 2008-01-20 23:21 174 a--sh--- c:\program files (x86)\desktop.ini 2006-11-02 11:14 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 11:14 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 11:14 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 11:14 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 06:52 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 06:52 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 06:52 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 06:52 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 12:57:56,23 =============== Last edited by amateur; 10-17-2009 at 11:35 AM. Reason: DDS.txt pasted in |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
| Thread Tools | |
|
|
