Thread: Insne amount of pop-up windows
View Single Post
Old 05-05-2007, 05:31 PM   #12 (permalink)
izblilc1
Registered User
 
Join Date: Apr 2005
Posts: 71
OS: xp


Re: Insne amount of pop-up windows
"Home" - 2007-05-05 16:23:23 Service Pack 2
ComboFix 07-05.06.1.V - Running from: ""


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\cplpanga.dll
C:\WINDOWS\system32\edelkptg.dll
C:\WINDOWS\system32\rbdlhmtx.dll
C:\WINDOWS\system32\tiydrtrw.dll
C:\WINDOWS\system32\tsqybnkh.dll
C:\WINDOWS\system32\agnaplpc.ini
C:\WINDOWS\system32\hknbyqst.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-05 ))))))))))))))))))))))))))))))))))


2007-05-04 19:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-04 14:42 49,152 --a------ C:\WINDOWS\nircmd.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-03 16:16:18 -------- d-----w C:\Program Files\Notebook Maximizer
2007-05-03 16:15:51 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-03 16:13:36 -------- d-----w C:\Program Files\In-Fisherman
2007-03-17 19:26:08 -------- d-----w C:\Program Files\LimeWire
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx"
"{0F3BF9FC-71E5-4F37-9249-ADA8D8D09E6e}"="C:\WINDOWS\system32\euuntsjg.dll" [x]
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{93F46EC9-50B7-45B0-985A-2E6C4A0B6909}"="C:\WINDOWS\AppPatch\smvcdobc.dll"
"{D651AFF4-9590-424d-BD1E-8E33E090DFB3}"="C:\WINDOWS\system32\fruxgbsd.dll" [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\smvcdobc

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^logitech desktop messenger.lnk
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^microsoft office.lnk
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^monitor.lnk
C:\PROGRA~1\SanDisk\SANDIS~1\SDMONI~1.EXE -r

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^ramasst.lnk
C:\WINDOWS\system32\RAMASST.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\agrsmmsg
AGRSMMSG.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim
C:\Program Files\AIM\aim.exe -cnetwait.odl

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim6


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apoint
C:\Program Files\Apoint2K\Apoint.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atipta
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ceekey
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ceepower
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezbutton
C:\Program Files\EzButton\EzButton.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\faxcenterserver4_in_1
"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostmanager
C:\Program Files\Common Files\AOL\1151165066\ee\AOLSoftware.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hotkeyscmds
C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray
C:\WINDOWS\system32\igfxtray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iphsend
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldm
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lexmark 4200 series
"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechsoftwareupdate
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechvideorepair
C:\Program Files\Logitech\Video\ISStart.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechvideotray
C:\Program Files\Logitech\Video\LogiTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ltmoh
C:\Program Files\ltmoh\Ltmoh.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lvcomsx
C:\WINDOWS\system32\LVCOMSX.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndstray.exe
NDSTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\notebook maximizer
C:\Program Files\Notebook Maximizer\maximizer_startup.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\padtouch
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pinger
c:\toshiba\ivp\ism\pinger.exe /run

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smoothview
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sonic recordnow!
C:\Program Files\AIM\aim.exe -cnetwait.odl

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toscdspd
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpnf
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webcamrt.exe


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zoominghook
c:\WINDOWS\System32\ZoomingHook.exe


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*




********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-05 16:27:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-05 16:27:46
C:\ComboFix-quarantined-files.txt ... 2007-05-05 16:27





ALSO, I realized that Im now running firefox as my internet, but the popups keep coming up in internet explorer.
izblilc1 is offline