Thread: Pop-ups keep coming !!!
View Single Post
Old 01-24-2008, 03:27 PM   #11 (permalink)
tetonbob
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,237
OS: 2000 Pro; XP Pro; XP Home


Re: Pop-ups keep coming !!!
ComboFix is updated frequently. Please delete your current version, and get a new copy from one of the links below, and save it to your desktop.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O17 - HKLM\System\CCS\Services\Tcpip\..\{DB8DFA09-B585-4007-9F28-0BB0EA5A1428}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

Close HijackThis now.

---------------------------------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
http://www.techsupportforum.com/security-center/hijackthis-log-help/212711-pop-ups-keep-coming.html

Killall::

File::
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\cs.dat
C:\-593915343

Folder::
C:\Program Files\SpyKillerPro
C:\Program Files\DioCleanerPro
C:\WINDOWS\system32\edcA17
C:\temp\Ryuan1

Driver::
ndisaluo
ntio922
SpyKillerProFilter

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489C5DDD-AB4C-48EC-B397-505BABF9B4BD}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"quartz"=-
"dmime"=-
"anti_troj"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mmnext06"=-
"anti_troj"=-
"vmlib"=-
"cssrss.exe"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{24E31EA9-FCE2-404F-BD80-20543565D946}"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Collect::
C:\WINDOWS\system32\Drivers\ndisaluo.sys
C:\WINDOWS\system32\Drivers\ntio922.sys
C:\cwulua.exe
C:\rkasjwm.exe
C:\WINDOWS\system32\dxdss.sys
C:\bjjburnk.exe
C:\WINDOWS\system32\msftp.dll
C:\DOCUME~1\Kallen's\LOCALS~1\Temp\~~install.dll
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline