Thread: Several popups, issues running reports... please help
View Single Post
Old 11-28-2008, 07:29 PM   #10 (permalink)
sonyaflower
Registered User
 
Join Date: Jan 2006
Location: Wisconsin
Posts: 25
OS: Windows XP Home Edition


Send a message via MSN to sonyaflower
Re: Several popups, issues running reports... please help
Hi Ried,

The computer was used very litter over this past dead time. I've been on the computer the last couple days and there have been ZERO pop-ups.

I had to install a new version of ComboFix, and I hope this gives us the right information we're looking for:

ComboFix 08-11-10.01 - Steve 2008-11-10 23:14:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.112 [GMT -6:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ppcbooster
c:\program files\ppcbooster\ppcbooster-uninst.exe
c:\program files\ppcbooster\ppcbooster.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-09 07:15 . 2008-11-10 12:17 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-09 07:15 . 2008-11-10 12:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 07:08 . 2008-11-09 07:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-09 07:07 . 2008-11-10 12:14 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-09 07:07 . 2008-11-10 12:14 <DIR> d-------- c:\documents and settings\Steve\Application Data\SUPERAntiSpyware.com
2008-11-09 06:53 . 2008-11-09 06:53 <DIR> d-------- c:\program files\Trend Micro
2008-11-08 10:38 . 2008-11-08 10:48 250 --a------ c:\windows\gmer.ini
2008-10-25 17:10 . 2008-10-25 17:11 <DIR> d-------- c:\documents and settings\Cody\Music
2008-10-23 15:31 . 2008-10-15 10:34 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-22 23:31 . 2008-10-22 23:31 262,144 --a------ C:\ntuser.dat
2008-10-22 23:30 . 2008-10-25 14:26 <DIR> d-------- c:\documents and settings\Steve\Application Data\Yahoo!
2008-10-22 23:30 . 2008-10-22 23:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-20 17:07 . 2008-10-21 12:42 <DIR> d-------- c:\documents and settings\Steve\Application Data\MxBoost
2008-10-20 17:05 . 2008-10-27 20:01 <DIR> d-------- c:\program files\Maxthon2
2008-10-15 14:55 . 2008-08-14 04:11 2,189,184 --------- c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-15 14:55 . 2008-08-14 04:09 2,145,280 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-15 14:55 . 2008-08-14 03:33 2,066,048 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-15 14:55 . 2008-08-14 03:33 2,023,936 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-15 14:54 . 2008-09-08 04:41 333,824 --------- c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-10-15 14:50 . 2008-09-15 06:12 1,846,400 --------- c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-10-13 20:24 . 2008-10-13 20:24 <DIR> d-------- c:\documents and settings\Steve\Application Data\.wyzo
2008-10-13 20:17 . 2008-10-13 20:17 70,603 --a------ c:\windows\vntb9283.exe
2008-10-13 20:15 . 2008-11-03 21:22 77,913 --a------ c:\windows\SYSTEM32\qvvetjtfuikuh.exe
2008-10-13 20:15 . 2008-10-13 20:17 70,603 --a------ c:\windows\dwtb2837.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 05:19 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-11 04:27 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-10 18:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-30 16:47 25,182 ----a-w c:\documents and settings\Steve\Application Data\wklnhst.dat
2008-10-25 23:15 --------- d-----w c:\program files\LimeWire
2008-10-25 23:07 --------- d-----w c:\documents and settings\Steve\Application Data\LimeWire
2008-10-23 05:31 --------- d-----w c:\program files\Yahoo!
2008-10-16 02:22 --------- d-----w c:\program files\PopCap Games
2008-10-16 02:22 --------- d-----w c:\program files\Hero Editor
2008-09-14 03:11 --------- d-----w c:\program files\HOTALBUMMyBOX
2008-06-18 13:36 95,928 -c--a-w c:\documents and settings\Steve\Application Data\GDIPFONTCACHEV1.DAT
2007-07-20 02:57 1,012 -c--a-w c:\documents and settings\Cody\Application Data\wklnhst.dat
2006-12-20 05:51 142 -c--a-w c:\documents and settings\Ryan\Application Data\wklnhst.dat
2003-08-29 18:12 61,440 -c--a-w c:\windows\INF\i386\Viz7300.dll
2003-08-29 18:12 17,376 -c--a-w c:\windows\INF\i386\Gt680x.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 04:46 160496 --a------ c:\program files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"PhotoShow Deluxe Media Manager"="c:\progra~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe" [2005-05-19 176128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-05-20 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-20 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ymetray"="c:\program files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" [2006-10-03 6104568]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-09-23 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 36864]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2003-11-20 106496]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2006-10-31 20752]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2007-02-09 789120]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\SYSTEM32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
MediaChecker.lnk - c:\program files\HOTALBUMMyBOX\MediaChecker.exe [2007-02-13 915096]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Ulead Photo Express 4.0 SE Calendar Checker .lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2005-07-19 69632]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2006-10-03 54776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2008-03-03 15172]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 GT680xNT;Visioneer OneTouch 7300 Driver;c:\windows\system32\drivers\gt680x.sys [2003-08-29 17376]
S2 Ca536av;DV 5100M(Video);c:\windows\system32\Drivers\Ca536av.sys [ ]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;c:\windows\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USBCamera;DV 5100M(Still);c:\windows\system32\Drivers\Bulk536.sys [ ]

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-11 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-10-28 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Steve.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 19:19]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\rwz6juxw.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\VideoEgg\Loader\2364\npvideoegg-loader.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 23:20:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\BinHub\PopularSites.xml.bin 11054 bytes
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\BinHub\Redirectors.xml.bin 88705 bytes
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\BinHub\Resources.xml.bin 556 bytes
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\BinHub\SafeList.xml.bin 709905 bytes
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\BinHub\SearchServices.xml.bin 22840 bytes
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\BinHub\Throttle.xml.bin 454 bytes
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\BinHub\TrustedDomains.xml.bin 265388 bytes
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\BinHub\URLAnalysis.xml.bin 985009 bytes
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\BinHub\Identifiers.xml.bin 3427635 bytes
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\BinHub\Indicators.xml.bin 77358 bytes

scan completed successfully
hidden files: 10

**************************************************************************
.
Completion time: 2008-11-10 23:27:42
ComboFix-quarantined-files.txt 2008-11-11 05:27:20

Pre-Run: 53,666,988,032 bytes free
Post-Run: 53,831,909,376 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

182 --- E O F --- 2008-10-24 03:50:47
sonyaflower is offline