Thread: Popup ads starting to show on my laptop
View Single Post
Old 07-25-2007, 10:12 PM   #13 (permalink)
Husko
Registered User
 
Join Date: Jul 2007
Posts: 86
OS: WinXP


Re: Popup ads starting to show on my laptop
I can feel we it on the run just by the computer is running currently.


"husko" - 2007-07-26 0:05:00 [GMT -4:00] - ComboFix 07-07-24.5 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Husko\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\epplqtrm.dll


((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))


2007-07-25 19:54 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-25 19:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-25 19:26 <DIR> d-------- C:\VundoFix Backups
2007-07-25 08:52 <DIR> d-------- C:\Deckard
2007-07-25 01:24 8,576 --a------ C:\WINDOWS\system32\drivers\fkskekiimsws.sys
2007-07-25 01:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-25 00:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Spyware
2007-07-05 20:15 <DIR> d-------- C:\CloneDVDTemp
2007-07-05 20:11 <DIR> d-------- C:\DOCUME~1\Husko\APPLIC~1\SlySoft
2007-07-05 20:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
2007-07-05 20:06 <DIR> d-------- C:\Program Files\CloneDVD2
2007-07-05 20:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-07-05 17:59 <DIR> d-------- C:\Program Files\AnyDVD
2007-07-05 17:30 <DIR> d-------- C:\DOCUME~1\Husko\APPLIC~1\Elaborate Bytes
2007-07-05 16:58 <DIR> d-------- C:\temp\dvdbackup
2007-07-05 16:51 <DIR> d-------- C:\DVDburner


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-26 03:50:21 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-07-25 23:36:08 -------- d-----w C:\Program Files\Online Services
2007-07-25 06:08:18 -------- d-----w C:\Program Files\iTunes
2007-07-25 06:04:28 -------- d-----w C:\Program Files\Apoint
2007-07-25 06:04:24 -------- d-----w C:\Program Files\AIM
2007-07-25 05:11:38 -------- d-----w C:\Program Files\Viewpoint
2007-06-27 21:31:45 -------- d-----w C:\Program Files\Starcraft
2007-06-22 13:54:49 99,904 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-06-20 21:08:56 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-11 13:45]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 18:21]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 02:21]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 16:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-06 01:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Bluetooth.lnk - C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe [2005-09-19 17:02:54]
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2000-09-17 22:04:00]

R1 ElbyCDIO;ElbyCDIO Driver;C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
R1 SbcpHid;SbcpHid;\??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R2 BASFND;BASFND;\??\C:\WINDOWS\system32\Drivers\BASFND.sys
R2 BNPagent;Client Security Agent;"C:\Program Files\Bradford Networks\Client Security Agent\bnpagent.exe"
R2 BTSERIAL;Bluetooth Serial Driver;\??\C:\WINDOWS\system32\drivers\btserial.sys
R2 BTSLBCSP;Bluetooth Port Client Driver;\??\C:\WINDOWS\system32\drivers\btslbcsp.sys
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
R2 NAVAPEL;NAVAPEL;\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
R3 AnyDVD;AnyDVD;C:\WINDOWS\system32\Drivers\AnyDVD.sys
R3 Appdrv;Appdrv;\??\C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys
R3 ElbyDelay;ElbyDelay;C:\WINDOWS\system32\Drivers\ElbyDelay.sys
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 NAVAP;NAVAP;\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys
R3 Pcouffin;Low level access layer for CD devices;C:\WINDOWS\system32\Drivers\Pcouffin.sys
S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 BTWDNDIS;Bluetooth LAN Access Server;C:\WINDOWS\system32\DRIVERS\btwdndis.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys


Contents of the 'Scheduled Tasks' folder
2007-07-25 04:40:32 C:\WINDOWS\tasks\Pareto UNS.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-26 0028
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-26 0:07:08
C:\ComboFix-quarantined-files.txt ... 2007-07-26 00:06
C:\ComboFix2.txt ... 2007-07-25 23:51
C:\ComboFix3.txt ... 2007-07-25 22:49

--- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:09, on 2007-07-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bradford Networks\Client Security Agent\bnpagent.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/segmentation...97&service=AIM
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = susqu.edu
O17 - HKLM\Software\..\Telephony: DomainName = susqu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = susqu.edu
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Client Security Agent (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Client Security Agent\bnpagent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 5643 bytes
Husko is offline