Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

Need help please. Pop-ups and advertisements come like crazy.

This is a discussion on Need help please. Pop-ups and advertisements come like crazy. within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I need help badly. Making this post alone is a hassle. I have a bad case of spyware (I assume


 
 
Thread Tools Search this Thread
Old 07-19-2007, 01:20 PM   #1
Registered Member
 
Join Date: Jul 2007
Posts: 27
OS: XP



I need help badly. Making this post alone is a hassle. I have a bad case of spyware (I assume it is). I tried using Ad-Aware, Norton, etc and they do not help my problem. I also tried the "five steps" given in this forum and it has not helped.

Every few seconds I get a "Windows Security Alert" which says windows has detected an Internet attack attempt.......Click here to download spyware remover for total protection. If you press OK or the X a link pops up.

I then get directed to this website:
http://www.ucleaner.com/freeware/2/?...=&lndid=13&p=1

If I try to exit it, another alert comes up and I have to delete it. This happens every few seconds which is a huge pain and I don't know how to remove it. Any help would be GREATLY appreciated.




Deckard's System Scanner v20070711.54
Run by rudy on 2007-07-19 at 16:07:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
80: 2007-07-19 20:07:58 UTC - RP659 - Deckard's System Scanner Restore Point
79: 2007-07-19 18:01:06 UTC - RP658 - Installed Ad-Aware 2007
78: 2007-07-19 16:25:14 UTC - RP657 - Windows Defender Checkpoint
77: 2007-07-19 16:15:07 UTC - RP656 - Windows Defender Checkpoint
76: 2007-07-19 12:57:26 UTC - RP655 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-04-20 21:17:45 UTC - RP580 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-19 16:15:51
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\FilePrint\fp_agent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\avp.exe
C:\Program Files\AceGain\LiveUpdate\aceagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Vidalia\vidalia.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\rudy\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSVPS System - {409A84F7-AF3F-4474-8A8A-0F8A1229AFE4} - C:\WINDOWS\soundplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Class - {F76F15DA-CC65-B2B5-2E4D-BDA98711D1C6} - C:\WINDOWS\system32\ipby.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [winph.exe] C:\WINDOWS\winph.exe
O4 - HKLM\..\Run: [Windows Services] smsc.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tempx] C:\WINDOWS\System32\tempx.exe
O4 - HKLM\..\Run: [sysyf32.exe] C:\WINDOWS\system32\sysyf32.exe
O4 - HKLM\..\Run: [sysnc32.exe] C:\WINDOWS\sysnc32.exe
O4 - HKLM\..\Run: [sysbq.exe] C:\WINDOWS\system32\sysbq.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [sdkzx.exe] C:\WINDOWS\system32\sdkzx.exe
O4 - HKLM\..\Run: [sdkvm32.exe] C:\WINDOWS\sdkvm32.exe
O4 - HKLM\..\Run: [sdkuh.exe] C:\WINDOWS\sdkuh.exe
O4 - HKLM\..\Run: [sdkal32.exe] C:\WINDOWS\system32\sdkal32.exe
O4 - HKLM\..\Run: [nthv.exe] C:\WINDOWS\nthv.exe
O4 - HKLM\..\Run: [msom32.exe] C:\WINDOWS\system32\msom32.exe
O4 - HKLM\..\Run: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKLM\..\Run: [msge.exe] C:\WINDOWS\system32\msge.exe
O4 - HKLM\..\Run: [msfd.exe] C:\WINDOWS\system32\msfd.exe
O4 - HKLM\..\Run: [mfcwx32.exe] C:\WINDOWS\mfcwx32.exe
O4 - HKLM\..\Run: [mfcsh.exe] C:\WINDOWS\system32\mfcsh.exe
O4 - HKLM\..\Run: [mfcfz.exe] C:\WINDOWS\mfcfz.exe
O4 - HKLM\..\Run: [javawx32.exe] C:\WINDOWS\system32\javawx32.exe
O4 - HKLM\..\Run: [javawm.exe] C:\WINDOWS\javawm.exe
O4 - HKLM\..\Run: [javawf32.exe] C:\WINDOWS\javawf32.exe
O4 - HKLM\..\Run: [javajv.exe] C:\WINDOWS\javajv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ieuv32.exe] C:\WINDOWS\ieuv32.exe
O4 - HKLM\..\Run: [iepq32.exe] C:\WINDOWS\iepq32.exe
O4 - HKLM\..\Run: [iean.exe] C:\WINDOWS\iean.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [d3zg.exe] C:\WINDOWS\system32\d3zg.exe
O4 - HKLM\..\Run: [d3vs32.exe] C:\WINDOWS\d3vs32.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [crdw32.exe] C:\WINDOWS\system32\crdw32.exe
O4 - HKLM\..\Run: [craw.exe] C:\WINDOWS\system32\craw.exe
O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitezyv32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [atljt32.exe] C:\WINDOWS\atljt32.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [appzf.exe] C:\WINDOWS\appzf.exe
O4 - HKLM\..\Run: [apinm32.exe] C:\WINDOWS\system32\apinm32.exe
O4 - HKLM\..\Run: [addsm.exe] C:\WINDOWS\addsm.exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FilePrint agent] C:\Program Files\FilePrint\fp_agent.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKLM\..\RunServices: [Windows Services] smsc.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Sonic RecordNow!] smsc.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunServices: [Windows Services] smsc.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra 'Tools' menuitem: (no name) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: NDWCab () - http://www.neededware.com/ndw4.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} () - file://C:\Program Files\Internet Explorer\mpvqiuug.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} () -
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://r2webmailny.r02.epa.gov/iNotes.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} () - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/020a9c2f3ccd3552aa23/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164483609281
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} () - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/html - - (no file)
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll (file missing)
O21 - SSODL: xvideo - {FEED5F65-778A-4815-B5E3-D99CDDAD41CE} - C:\WINDOWS\xvideo.dll
O21 - SSODL: sounddrv - {6A49E537-33DD-4E5D-92A3-79911896F251} - C:\WINDOWS\sounddrv.dll
O22 - SharedTaskScheduler: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - "C:\Program Files\Viewpoint\Common\ViewpointService.exe"


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 PnkBstrA - c:\windows\system32\pnkbstra.exe (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-07-19 15:47:25 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-07-19 15:46:01 362 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-07-13 20:00:30 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - rudy.job


-- Files created between 2007-06-19 and 2007-07-19 -----------------------------

2007-07-19 16:09:11 0 d-------- C:\WINDOWS\privacy_danger
2007-07-19 15:56:39 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-19 15:56:37 0 d-------- C:\WINDOWS\LastGood
2007-07-19 14:01:21 0 d-------- C:\Program Files\Lavasoft
2007-07-19 14:01:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-07-19 08:53:48 0 d-------- C:\Program Files\Windows Defender
2007-07-18 18:31:52 11776 --a------ C:\WINDOWS\mgrs.exe
2007-07-17 14:23:24 20992 --a------ C:\WINDOWS\avp.exe <Not Verified; MskSoftStudy Corp.; Anti-Virus Project (AVP) spyware removal module>
2007-07-17 14:19:52 147456 --a------ C:\WINDOWS\xvideo.dll <Not Verified; ; IEXPLORE>
2007-07-17 14:19:52 208896 --a------ C:\WINDOWS\soundplugin.dll <Not Verified; ; BhoNew Module>
2007-07-17 14:19:52 163840 --a------ C:\WINDOWS\sounddrv.dll
2007-07-04 22:45:57 0 d-------- C:\WINDOWS\system32\LogFiles
2007-06-24 12:45:38 0 d-------- C:\Program Files\Cache
2007-06-24 12:43:55 26112 --a------ C:\WINDOWS\system32\fp_pm.dll <Not Verified; ; FilePrint>
2007-06-24 12:43:49 624128 --a------ C:\WINDOWS\system32\PDFCreatorPilot2.dll <Not Verified; Two Pilots, Inc; PDF Creator Pilot>
2007-06-24 12:43:49 0 d-------- C:\Program Files\FilePrint


-- Find3M Report ---------------------------------------------------------------

2007-07-19 16:11:02 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-19 15:43:36 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2007-07-19 15:43:36 288 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2007-07-19 14:01:14 0 d-------- C:\Documents and Settings\rudy\Application Data\Lavasoft
2007-07-19 14:00:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-19 12:17:23 0 d-------- C:\Documents and Settings\rudy\Application Data\Skype
2007-07-18 19:23:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-17 19:13:40 0 d-------- C:\Documents and Settings\rudy\Application Data\MSN6
2007-07-17 18:25:34 0 d-------- C:\Documents and Settings\rudy\Application Data\AVG7
2007-07-17 14:46:58 0 d-------- C:\Program Files\AltoMP3 Gold
2007-07-17 14:37:04 0 d-------- C:\Program Files\Winamp
2007-07-05 21:05:57 0 d-------- C:\Documents and Settings\rudy\Application Data\Tor
2007-06-17 09:26:21 0 d-------- C:\Program Files\TestGen
2007-06-13 15:27:56 0 d-------- C:\Program Files\DC++
2007-05-12 14:10:58 4839 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{409A84F7-AF3F-4474-8A8A-0F8A1229AFE4} C:\WINDOWS\soundplugin.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{A7327C09-B521-4EDB-8509-7D2660C9EC98} C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{F76F15DA-CC65-B2B5-2E4D-BDA98711D1C6} C:\WINDOWS\system32\ipby.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"winph.exe"="C:\\WINDOWS\\winph.exe"
"Windows Services"="smsc.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"tempx"="C:\\WINDOWS\\System32\\tempx.exe"
"sysyf32.exe"="C:\\WINDOWS\\system32\\sysyf32.exe"
"sysnc32.exe"="C:\\WINDOWS\\sysnc32.exe"
"sysbq.exe"="C:\\WINDOWS\\system32\\sysbq.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"sdkzx.exe"="C:\\WINDOWS\\system32\\sdkzx.exe"
"sdkvm32.exe"="C:\\WINDOWS\\sdkvm32.exe"
"sdkuh.exe"="C:\\WINDOWS\\sdkuh.exe"
"sdkal32.exe"="C:\\WINDOWS\\system32\\sdkal32.exe"
"nthv.exe"="C:\\WINDOWS\\nthv.exe"
"msom32.exe"="C:\\WINDOWS\\system32\\msom32.exe"
"MSN MMISSENGER"="mssmmspgr.exe"
"msge.exe"="C:\\WINDOWS\\system32\\msge.exe"
"msfd.exe"="C:\\WINDOWS\\system32\\msfd.exe"
"mfcwx32.exe"="C:\\WINDOWS\\mfcwx32.exe"
"mfcsh.exe"="C:\\WINDOWS\\system32\\mfcsh.exe"
"mfcfz.exe"="C:\\WINDOWS\\mfcfz.exe"
"javawx32.exe"="C:\\WINDOWS\\system32\\javawx32.exe"
"javawm.exe"="C:\\WINDOWS\\javawm.exe"
"javawf32.exe"="C:\\WINDOWS\\javawf32.exe"
"javajv.exe"="C:\\WINDOWS\\javajv.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ieuv32.exe"="C:\\WINDOWS\\ieuv32.exe"
"iepq32.exe"="C:\\WINDOWS\\iepq32.exe"
"iean.exe"="C:\\WINDOWS\\iean.exe"
"EPSON Stylus Photo R200 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2H1.EXE /P30 \"EPSON Stylus Photo R200 Series\" /O6 \"USB001\" /M \"Stylus Photo R200\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"DeadAIM"="rundll32.exe \"C:\\Program Files\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"d3zg.exe"="C:\\WINDOWS\\system32\\d3zg.exe"
"d3vs32.exe"="C:\\WINDOWS\\d3vs32.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTHelper"="CTHELPER.EXE"
"CTDVDDet"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"crdw32.exe"="C:\\WINDOWS\\system32\\crdw32.exe"
"craw.exe"="C:\\WINDOWS\\system32\\craw.exe"
"checkrun"="c:\\windows\\system32\\elitezyv32.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"atljt32.exe"="C:\\WINDOWS\\atljt32.exe"
"AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
"appzf.exe"="C:\\WINDOWS\\appzf.exe"
"apinm32.exe"="C:\\WINDOWS\\system32\\apinm32.exe"
"addsm.exe"="C:\\WINDOWS\\addsm.exe"
"AceGain LiveUpdate"="C:\\Program Files\\AceGain\\LiveUpdate\\LiveUpdate.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"FilePrint agent"="C:\\Program Files\\FilePrint\\fp_agent.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
"avp"="C:\\WINDOWS\\avp.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Vidalia"="\"C:\\Program Files\\Vidalia\\vidalia.exe\""
"Sonic RecordNow!"="smsc.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"SB Audigy 2 Startup Menu"=" /L:ENG"
"ProxyWay"="C:\\Program Files\\ProxyWay\\proxyway.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"Windows Services"="smsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"MSN MMISSENGER"="mssmmspgr.exe"
"Windows Services"="smsc.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"="C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Program Files\\VideosCodec\\isamonitor.exe"
"pmsngr.exe"="C:\\Program Files\\VideosCodec\\pmsngr.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"wotpp"="C:\\WINDOWS\\System32\\wotpp.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.gojira.20m.com/snap.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ file:///C:\WINDOWS\privacy_danger\index.htm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"hydrodictyon"="{b166be07-30a4-4d38-b781-44528a630706}"
"xvideo"="{FEED5F65-778A-4815-B5E3-D99CDDAD41CE}"
"sounddrv"="{6A49E537-33DD-4E5D-92A3-79911896F251}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-07-19 at 16:16:44 ---------

__________________
MajinShenron is offline  
Old 07-19-2007, 02:32 PM   #2
Management Team, Security Center
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,480
OS: N/A



1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

__________________

sUBs is offline  
Old 07-20-2007, 12:25 PM   #3
Registered Member
 
Join Date: Jul 2007
Posts: 27
OS: XP



Alright, after I ran it and restarted the computer, it seems the worst has gone by. Was that program actually helping? I thought it was only going to record a log? Well, when I restarted the only problems I have now is, my computer says it found a new hardware called "Video controller." I don't even know what that is. And there was an attempt to change my homepage when I opened firefox. My desktop is back to normal and I am not receiving those annoying alerts and spyware (as of now). Here is the log:









"rudy" - 2007-07-20 15:12:37 - ComboFix 07-07-20.7 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\dat.txt


((((((((((((((((((((((((( Files Created from 2007-06-20 to 2007-07-20 )))))))))))))))))))))))))))))))


2007-07-20 10:49 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 16:07 <DIR> d-------- C:\Deckard
2007-07-19 15:56 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-19 14:01 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-19 14:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-19 08:53 <DIR> d-------- C:\Program Files\Windows Defender
2007-07-04 22:47 22,584 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-07-04 22:46 99,904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-07-04 22:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-24 12:45 <DIR> d-------- C:\Program Files\Cache
2007-06-24 12:43 624,128 --a------ C:\WINDOWS\system32\PDFCreatorPilot2.dll
2007-06-24 12:43 26,112 --a------ C:\WINDOWS\system32\fp_pm.dll
2007-06-24 12:43 <DIR> d-------- C:\Program Files\FilePrint


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-20 03:41:37 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2007-07-20 03:41:37 288 ----a-w C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2007-07-19 20:11:02 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-19 18:01:14 -------- d-----w C:\DOCUME~1\rudy\APPLIC~1\Lavasoft
2007-07-19 18:00:39 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-19 16:17:23 -------- d-----w C:\DOCUME~1\rudy\APPLIC~1\Skype
2007-07-18 23:23:30 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-17 23:13:40 -------- d-----w C:\DOCUME~1\rudy\APPLIC~1\MSN6
2007-07-17 18:46:58 -------- d-----w C:\Program Files\AltoMP3 Gold
2007-07-17 18:37:04 -------- d-----w C:\Program Files\Winamp
2007-07-06 01:05:57 -------- d-----w C:\DOCUME~1\rudy\APPLIC~1\Tor
2007-06-17 13:26:21 -------- d-----w C:\Program Files\TestGen
2007-06-13 19:27:56 -------- d-----w C:\Program Files\DC++
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 18:10:58 4,839 ----a-w C:\WINDOWS\mozver.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{409A84F7-AF3F-4474-8A8A-0F8A1229AFE4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F76F15DA-CC65-B2B5-2E4D-BDA98711D1C6}]
C:\WINDOWS\system32\ipby.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Services"="smsc.exe" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 13:45]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2005-05-06 02:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-02 19:48]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-15 15:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"MSN MMISSENGER"="mssmmspgr.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2003-02-24 16:11]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18]
"CTHelper"="CTHELPER.EXE" [2003-02-20 18:45 C:\WINDOWS\system32\CTHELPER.EXE]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-19 23:28]
"AsioReg"="REGSVR32.exe" [2004-08-04 03:56 C:\WINDOWS\system32\regsvr32.exe]
"AceGain LiveUpdate"="C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe" [2003-12-31 22:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-06 15:38]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-24 20:26]
"FilePrint agent"="C:\Program Files\FilePrint\fp_agent.exe" [2007-01-11 17:38]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="C:\Program Files\Vidalia\vidalia.exe" [2006-06-11 17:00]
"Sonic RecordNow!"="smsc.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-06 18:53]
"SB Audigy 2 Startup Menu"=" /L:ENG" []
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 11:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"Windows Services"=smsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"MSN MMISSENGER"=mssmmspgr.exe
"Windows Services"=smsc.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\rudy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06]
Corel Registration.lnk - C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe [2005-11-14 11:43:10]
Privoxy.lnk - C:\Program Files\Privoxy\privoxy.exe [2004-03-05 06:47:30]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-11-23 14:55:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"=C:\Program Files\VideosCodec\isamonitor.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"wotpp"=C:\WINDOWS\System32\wotpp.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706}"= C:\WINDOWS\system32\gqagksr.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

023 - ctac32k - System32\drivers\ctac32k.sys
023 - ctaud2k - system32\drivers\ctaud2k.sys
023 - ctdvda2k - System32\drivers\ctdvda2k.sys
023 - ctprxy2k - System32\drivers\ctprxy2k.sys
023 - ctsfm2k - System32\drivers\ctsfm2k.sys
023 - eectrl - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
023 - emupia - System32\drivers\emupia2k.sys
023 - omci - \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
023 - ossrv - system32\drivers\ctoss2k.sys
023 - pciframhshua - C:\WINDOWS\System32\drivers\beep.sys
023 - pfmodnt - \??\C:\WINDOWS\System32\drivers\PfModNT.sys
023 - scsiport - %SystemRoot%\system32\drivers\scsiport.sys
023 - spbbcdrv - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
023 - symndis - \SystemRoot\System32\Drivers\SYMNDIS.SYS
023 - windefend - "C:\Program Files\Windows Defender\MsMpEng.exe"


Contents of the 'Scheduled Tasks' folder
2007-07-20 13:46:42 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-07-14 00:00:30 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - rudy.job
2007-07-20 15:48:19 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-20 15:17:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-20 15:19:00
C:\ComboFix-quarantined-files.txt ... 2007-07-20 15:18

--- E O F ---
__________________
MajinShenron is offline  
Old 07-20-2007, 01:02 PM   #4
Management Team, Security Center
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,480
OS: N/A



C:\Program Files\Cache <-- Take a quick peek into that folder & tell me what's inside. Was it something you installed?


------------


Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{409A84F7-AF3F-4474-8A8A-0F8A1229AFE4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F76F15DA-CC65-B2B5-2E4D-BDA98711D1C6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Services"=-
"MSN MMISSENGER"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"Windows Services"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"MSN MMISSENGER"=-
"Windows Services"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"wotpp"=-
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706}"=-
Save this as fix.reg Choose to "Save type as - All Files"
It should look like this:
Double click on fix.reg & allow it to merge into the registry

---------------


Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. We only require a report from it.
    It does not provide an option to clean/disinfect.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
* If you're downloading torrents in the background, please disconnect all of them.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



---------------


Download http://download.bleepingcomputer.com...HiJackThis.exe

1. If it gives you an intro screen, just choose - Do a system scan and save a logfile.

2. If you don't get the intro screen, just hit [Scan] and then click on Save log.

3. Post the HiJackThis.log file


--------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

sUBs is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
NSIS Media pop ups - adware?
I keep getting browser windows popping up with advertisements, the window is titled "NSIS Media", which I suspect to be adware. I've ran Spybot and Adaware several times with neither have cured it. HijackThis log file is below Logfile of HijackThis v1.99.1 Scan saved at 16:20:30, on 07/06/2006...
brduk Inactive Malware Help Topics 4 06-11-2006 12:04 PM
Pop ups and slow computer
My computers pop up blocker can not block some advertisements that are popping up. I have also noticed that my computer is running very slow. It is probably adware and malware and all that stuff. Please help!
jeffrey30 Inactive Malware Help Topics 5 04-17-2005 07:36 AM
Need Help??? Pop upsNot sure if this is right area for post
Any help would be greatly appreciate. I apologize in advance if this is the wrong catergory to make this post but here is my problem. I keep receiving pop ups and can't seem to get rid of them. It just started about 3 days ago. I have run Adware, Spybot, and Microsoft's Antispy ware BETA 1 and...
btall0611 Resolved HJT Threads 8 01-23-2005 01:42 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 04:35 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts