Thread: Constant Pop ups
View Single Post
Old 11-11-2008, 08:02 AM   #1 (permalink)
delongboy
Registered User
 
Join Date: Nov 2008
Posts: 4
OS: xp pro


Constant Pop ups
Have been getting constant popups that usually go to one of 3 sites.
hxxp://automobilewdew.com/?a=duendeslow
hxxp://www.appcraver.com/
hxxp://www.registrydefender.com/l/indexsg.asp?utm_source=CD458&kwd=
Have run spybot, adaware and avast. avast found 2 viruses
Name: A0007128.exe
Original Location: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP112
Virus: Win32:Trojan-gen {Other}

Name: ~.exe
Original Location: C:\WINDOWS\system32
Virus: Win32:Trojan-gen {Other}

moved both to chest.

logs follow:


DDS (Version 1.0) - NTFSx86
Run by kshereba at 9:04:31.00 on Tue 11/11/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.319 [GMT -5:00]

=============== Created Last 30 ================

2008-11-11 08:51 250 a------- c:\windows\gmer.ini
2008-11-11 08:11 <DIR> --d----- c:\program files\Trend Micro
2008-11-10 07:54 25,088 a------- c:\windows\system32\__c004E90D.dat
2008-11-10 07:54 25,088 a------- c:\windows\system32\__c00F9A3C.dat
2008-10-30 12:56 <DIR> --d----- c:\docume~1\kpenrose\applic~1\.purple
2008-10-29 09:49 <DIR> --d----- c:\program files\Lavasoft
2008-10-29 09:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-10-29 09:24 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-10-29 09:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-10-29 08:04 25,088 a------- c:\windows\system32\__c0017D31.dat
2008-10-24 10:02 <DIR> --d----- c:\program files\EditPlus 2
2008-10-24 08:49 754 a------- c:\windows\WORDPAD.INI
2008-10-21 13:05 <DIR> --d----- c:\docume~1\kpenrose\applic~1\GetRightToGo

================== Find3M ==================

2008-11-10 09:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-11-10 09:38 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-10-15 11:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-03 12:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-09-18 11:48 <DIR> --d----- c:\program files\View22
2008-09-16 13:10 <DIR> --d----- c:\program files\MSECache
2008-09-15 06:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-09-15 06:57 1,846,016 -------- c:\windows\system32\dllcache\win32k.sys
2008-08-28 05:04 333,056 -------- c:\windows\system32\dllcache\srv.sys
2008-08-27 03:24 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-08-25 03:38 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 03:37 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 00:56 635,848 -------- c:\windows\system32\dllcache\iexplore.exe
2008-08-23 00:54 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-08-14 04:57 2,185,984 a------- c:\windows\system32\ntoskrnl.exe
2008-08-14 04:57 2,185,984 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 04:55 2,142,720 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-08-14 04:51 138,368 -------- c:\windows\system32\dllcache\afd.sys
2008-08-14 04:18 2,020,864 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-08-14 04:18 2,062,976 a------- c:\windows\system32\ntkrnlpa.exe
2008-08-14 04:18 2,062,976 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-04-15 13:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SupportSoft
2008-04-15 09:59 <DIR> --d----- c:\docume~1\kpenrose\applic~1\Dell
2008-04-10 13:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Dell
2004-08-11 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI

============== Psuedo HJT Report ===============

uStart Page = hxxp://stinger.saucontech.com/pscaringi/
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080410
uSearch Bar =
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\kpenrose\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: AtiExtEvent -Ati2evxx.dll
Notify: __c004E90D -c:\windows\system32\__c004E90D.dat
SSODL: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ==============

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys

============= FINISH: 9:04:42.37 ===============
Attached Files
File Type: txt Gmer.txt (23.1 KB, 2 views)
File Type: txt Attach.txt (22.1 KB, 1 views)
delongboy is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here