Thread: pop ups doing my head in
View Single Post
Old 05-04-2007, 10:43 AM   #7 (permalink)
jason@jason859.
Registered User
 
jason@jason859.'s Avatar
 
Join Date: Sep 2005
Posts: 41
OS: win xp


Re: pop ups doing my head in
alba thanks for your time in helping me with my pc problem it is well appreciated.
i seem to be having problem completing the panda scan it gets to 47388 files completed which is about a third of the way through and then seems to close itself down ive tried three occasions to complete the scan but its not having it sorry dont know why anyway ive attached the first combofix report for your eyes

"jay" - 07-05-03 21:11:37 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\jay\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ddcyxuv.dll
C:\WINDOWS\system32\fcccday.dll
C:\WINDOWS\system32\hggdaya.dll
C:\WINDOWS\system32\hggecde.dll
C:\WINDOWS\system32\iifeebb.dll
C:\WINDOWS\system32\jkkkhih.dll
C:\WINDOWS\system32\khfdbbx.dll
C:\WINDOWS\system32\ljjhihf.dll
C:\WINDOWS\system32\pmnmjgg.dll
C:\WINDOWS\system32\pmnomkh.dll
C:\WINDOWS\system32\pmnopqp.dll
C:\WINDOWS\system32\qomkljh.dll
C:\WINDOWS\system32\rqroopq.dll
C:\WINDOWS\system32\rqrssrq.dll
C:\WINDOWS\system32\vtusppo.dll
C:\WINDOWS\system32\vtuvstu.dll
C:\WINDOWS\system32\vtuvtqp.dll
C:\WINDOWS\system32\wvustro.dll
C:\WINDOWS\system32\wvutqom.dll
C:\WINDOWS\system32\wvuturs.dll
C:\WINDOWS\system32\yaywwxy.dll
C:\WINDOWS\system32\yayyxwt.dll
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini2
C:\WINDOWS\system32\utvwa.tmp
C:\WINDOWS\system32\awvtu.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe
C:\Program Files\screensavers.com\Wallpaper\Shrek 2 - Puss in Boots.jpg
C:\Program Files\screensavers.com\Wallpaper\Thumbs.db
C:\Program Files\Common Files\{387BC~1\UnInstall.exe
C:\DOCUME~1\jay\Desktop.\internet explorer.lnk
C:\Program Files\screensavers.com
C:\Program Files\Common Files\{387BC~1


((((((((((((((((((((((((((((((( Files Created from 2007-04-03 to 2007-05-03 ))))))))))))))))))))))))))))))))))


2007-05-03 10:53 <DIR> d-------- C:\Deckard
2007-05-02 12:23 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-30 11:51 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\STOPzilla!
2007-04-30 11:50 <DIR> d-------- C:\Program Files\STOPzilla!
2007-04-27 14:51 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-04-27 14:28 <DIR> dr-h----- C:\DOCUME~1\jay\APPLIC~1\SecuROM
2007-04-26 15:58 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-04-23 22:20 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-23 21:57 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-23 21:57 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-19 23:19 <DIR> d-------- C:\Program Files\DVD Shrink
2007-04-19 23:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-04-19 13:07 <DIR> d--hs---- C:\found.000
2007-04-15 12:14 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-15 12:13 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-15 12:13 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-04-13 21:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-13 21:12 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\Lavasoft
2007-04-11 19:26 189,952 --a------ C:\DOCUME~1\jay\us.exe
2007-04-11 19:10 189,952 --a------ C:\WINDOWS\us.exe
2007-04-11 19:10 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-08 18:30 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-04-08 18:29 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-04-08 18:29 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-04-08 18:29 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-08 18:29 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-04-04 03:05 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\Command & Conquer 3 Tiberium Wars Demo
2007-04-04 03:04 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-03 21:15 384 --a------ C:\WINDOWS\system32\dvcstatebkp-{00000001-00000000-0000000a-00001102-00000004-20021102}.dat
2007-05-03 21:15 384 --a------ C:\WINDOWS\system32\dvcstate-{00000001-00000000-0000000a-00001102-00000004-20021102}.dat
2007-05-03 12:48 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\dvdcss
2007-05-03 12:47 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\copytodvd
2007-05-03 10:24 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\mailwasherpro
2007-05-02 12:39 -------- d-------- C:\Program Files\emule
2007-05-02 00:50 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\usenext
2007-04-29 08:54 -------- d-------- C:\Program Files\championship manager 2007
2007-04-29 07:08 -------- d---s---- C:\Program Files\xfire
2007-04-29 07:08 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\xfire
2007-04-29 05:19 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\utorrent
2007-04-29 04:29 -------- d-------- C:\Program Files\winamp
2007-04-27 14:19 -------- d-------- C:\Program Files\electronic arts
2007-04-26 17:39 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-23 22:07 23392 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-18 13:41 -------- d-------- C:\Program Files\dvdsanta
2007-04-12 13:11 -------- d-------- C:\Program Files\msn messenger
2007-04-11 10:34 -------- d-------- C:\Program Files\usenext
2007-04-08 18:44 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-04-08 18:14 -------- d-------- C:\Program Files\thq
2007-04-02 14:28 -------- d--h----- C:\Program Files\installshield installation information
2007-04-02 14:28 -------- d-------- C:\Program Files\codemasters
2007-03-27 17:16 2309944 --a------ C:\WINDOWS\legends_1280x1024.scr
2007-03-27 17:16 -------- d-------- C:\Program Files\legends_1280x1024
2007-03-24 13:45 81920 --a------ C:\WINDOWS\system32\w32n50.dll
2007-03-24 13:45 17134 --a------ C:\WINDOWS\system32\pcandis5.sys
2007-03-22 21:05 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-03-20 01:52 -------- d-------- C:\Program Files\multi_media
2007-03-19 14:17 -------- d-------- C:\Program Files\motorola
2007-03-19 13:42 -------- d-------- C:\Program Files\mobile phonetools
2007-03-19 13:15 -------- d-------- C:\Program Files\liveupdate
2007-03-15 02:58 315392 --a------ C:\WINDOWS\system32\atidemgx.dll
2007-03-15 02:57 267776 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-03-15 02:57 1986560 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-03-15 02:55 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-15 02:50 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-03-15 02:50 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2007-03-15 02:50 122880 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-03-15 02:50 114688 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-03-15 02:49 114688 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-03-15 02:48 450560 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-03-15 02:47 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2007-03-15 02:40 2820544 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-03-15 02:29 1315712 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-03-15 02:19 5402624 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-03-15 02:16 258048 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-03-15 02:14 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-03-15 02:10 356352 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-03-06 23:04 143676 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-02-20 15:54 3082 --a------ C:\WINDOWS\system32\affv9869p2now.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\oybguief.dll [x]
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} C:\PROGRA~1\orange3\orange3.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
{E3215F20-3212-11D6-9F8B-00D0B743919D} C:\WINDOWS\system32\StopzillaBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CTxfiHlp"="CTXFIHLP.EXE"
"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"MediaFace Integration"="C:\\Program Files\\Fellowes\\MediaFACE 4.0\\SetHook.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Install5G"="F:\\Install.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.arsenal.com/images/wallpa...12007_1280.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurpno

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Fujitsu Dial-Up PPP Connection.lnk]
"path"="C:\\Documents and Settings\\jay\\Start Menu\\Programs\\Startup\\Fujitsu Dial-Up PPP Connection.lnk"
"backup"="C:\\WINDOWS\\pss\\Fujitsu Dial-Up PPP Connection.lnkStartup"
"location"="Startup"
"command"=" "
"item"="Fujitsu Dial-Up PPP Connection"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouchUSB\\Dragdiag.exe\" /icon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-03 21:21:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-03 21:22:16 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-03 21:22
Attached Files
File Type: txt ComboFix.txt (14.6 KB, 5 views)
Last edited by tetonbob; 05-04-2007 at 06:36 PM.
jason@jason859. is offline