spyware pop ups wont stop

traejaqun · 02-29-2008, 09:37 AM

Hello, my name is Trae and im having problems with my computer, spyware pop-ups wont stop, they make my computer run slower and close out my browser sometimes. I tried the combofix and it stopped for about a hour and restarted but this time its different anti spyware programs on my computer that wont let me delete them. They all tell me my computer has a infection and I need to register there program to get rid of it. Not sure what this means but this was the notepad from the combofix

ComboFix 08-02-25.3 - Owner 2002-05-04 4:09:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.215 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\SSTEM3~1
C:\Documents and Settings\Owner\Application Data\WNSXS~1
C:\Documents and Settings\Owner\My Documents\YSTEM~1
C:\Documents and Settings\Owner\My Documents\YSTEM~1\?hkntfs.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\asembl~1
C:\Program Files\Common Files\asembl~1\n?pdb.exe
C:\Program Files\Common Files\iikw
C:\Program Files\Common Files\iikw\iikwa.exe
C:\Program Files\Common Files\iikw\iikwa.lck
C:\Program Files\Common Files\iikw\iikwd\class-barrel
C:\Program Files\Common Files\iikw\iikwd\iikwc.dll
C:\Program Files\Common Files\iikw\iikwd\vocabulary
C:\Program Files\Common Files\iikw\iikwh
C:\Program Files\Common Files\iikw\iikwl.exe
C:\Program Files\Common Files\iikw\iikwl.lck
C:\Program Files\Common Files\iikw\iikwm.exe
C:\Program Files\Common Files\iikw\iikwm.lck
C:\Program Files\Common Files\iikw\iikwp.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\MTE3MTk6ODoxNg.exe
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\Online Services\nipys4444.dll
C:\Program Files\Online Services\nipys455101.dll
C:\Program Files\Online Services\nipys83122.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Router
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERIns.exe
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\Windows NT\rybimoc.dll
C:\Program Files\Windows NT\rybimoc594.dll
C:\Program Files\Windows NT\rybimoc68.dll
C:\Program Files\Windows NT\rybimoc816.dll
C:\Program Files\ystem~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b116.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\b154.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\fnts~1
C:\WINDOWS\iikw
C:\WINDOWS\iikw\iikw.dat
C:\WINDOWS\iikw\wu
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\NTE1MA\
C:\WINDOWS\NTE1MA\\asappsrv.dll
C:\WINDOWS\NTE1MA\\command.exe
C:\WINDOWS\NTE1MA\\hnHYgE.vbs
C:\WINDOWS\NTE1MA\command.exe
C:\WINDOWS\racle~1
C:\WINDOWS\racle~1\?racle\
C:\WINDOWS\racle~1\netdde.exe
C:\WINDOWS\sembly~1
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\aohiasxi.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\ddcbxxx.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\imagesrvv.sys
C:\WINDOWS\system32\eom.dll
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\eybptefa.ini
C:\WINDOWS\system32\fccaayx.dll
C:\WINDOWS\system32\fccyyxw.dll
C:\WINDOWS\system32\gebabca.dll
C:\WINDOWS\system32\gebxwxw.dll
C:\WINDOWS\system32\hgghiih.dll
C:\WINDOWS\system32\iexplorer.dll .dbt
C:\WINDOWS\system32\ixsaihoa.ini
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jjllm.ini2
C:\WINDOWS\system32\jkkjiif.dll
C:\WINDOWS\system32\jkkljji.dll
C:\WINDOWS\system32\jkklllj.dll
C:\WINDOWS\system32\jrykubwu.dll
C:\WINDOWS\system32\khfeebc.dll
C:\WINDOWS\system32\khffgda.dll
C:\WINDOWS\system32\lcsbbeok.dll
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\nnnkklk.dll
C:\WINDOWS\system32\omotnbvs.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnnnkj.dll
C:\WINDOWS\system32\qbqitrxw.dll
C:\WINDOWS\system32\rqrsspo.dll
C:\WINDOWS\system32\rqrstrr.dll
C:\WINDOWS\system32\safwldbr.dll
C:\WINDOWS\system32\ssqpnon.dll
C:\WINDOWS\system32\ssqppmj.dll
C:\WINDOWS\system32\svbntomo.ini
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\urqopmj.dll
C:\WINDOWS\system32\vvimbce.dll
C:\WINDOWS\system32\wosapymw.ini
C:\WINDOWS\system32\wvutqqn.dll
C:\WINDOWS\system32\xcfgypkt.ini
C:\WINDOWS\system32\xxywwxw.dll
C:\WINDOWS\system32\xxyxwvt.dll
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_IMAGESRVV
-------\LEGACY_MSUPDATE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_POWERMANAGER
-------\cmdService
-------\imagesrvv
-------\msupdate
-------\PowerManager

((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-26 01:04 . 2008-02-26 01:04 <DIR> d-------- C:\Program Files\MapEDC
2008-02-24 08:57 . 2008-02-24 08:57 <DIR> d-------- C:\Program Files\NoDNS
2008-02-23 13:45 . 2008-02-23 13:45 12 --a------ C:\WINDOWS\system32\di1.gif
2008-02-21 14:01 . 2008-02-21 22:31 40,960 --a------ C:\WINDOWS\system32\fadgsd.exe
2008-02-21 14:01 . 2008-02-21 22:31 40,960 --a------ C:\WINDOWS\hfdgrhjkgh.exe
2008-02-20 21:10 . 2008-02-24 21:25 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-02-20 12:30 . 2008-02-20 12:30 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-02-20 04:03 . 2008-02-20 04:03 <DIR> d-------- C:\Program Files\JavaCore
2008-02-19 21:50 . 2008-02-24 09:18 36,864 --a------ C:\WINDOWS\17PHolmes572.exe.tmp
2008-02-19 09:28 . 2008-02-19 23:42 36,864 --a------ C:\WINDOWS\system32\fwehg.exe
2008-02-19 09:28 . 2008-02-19 23:42 36,864 --a------ C:\WINDOWS\gsdfr5yhgjng.exe
2008-02-07 16:36 . 2008-02-07 16:38 <DIR> d-------- C:\Program Files\Prime95
2008-02-07 16:36 . 2008-02-07 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-02-07 13:21 . 2008-02-07 13:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2008-02-06 21:20 . 2002-05-02 23:02 1,221,050 ---hs---- C:\WINDOWS\system32\ibpdvcnh.ini
2008-02-04 10:58 . 2002-05-07 05:57 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-02-04 00:32 . 2008-02-04 00:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-02-04 00:24 . 2008-02-04 00:26 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-04 00:24 . 2008-02-04 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-03 22:32 . 2008-02-03 22:33 <DIR> d-------- C:\Program Files\Instant CD & DVD Burner
2008-02-03 14:01 . 2002-05-07 06:38 <DIR> d-------- C:\Program Files\Free Easy Burner
2008-02-03 13:34 . 2002-05-05 17:04 <DIR> d-------- C:\Program Files\TradeTouch
2008-02-03 11:33 . 2002-05-05 17:03 <DIR> d-------- C:\Program Files\Cheetah Burner
2008-02-03 11:33 . 2005-11-14 04:23 1,228,800 --a------ C:\WINDOWS\system32\FoxBurner.ocx
2008-02-02 20:24 . 2008-02-02 20:24 <DIR> d-------- C:\WINDOWS\system32\9DA0A0A5AAABABA
2008-02-02 20:24 . 2007-12-14 04:40 120,832 --a------ C:\WINDOWS\system32\A0A3A3A8ADAEAEA.exe
2008-02-02 15:44 . 2008-02-02 16:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-02 15:44 . 2008-02-02 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-31 23:11 . 2008-01-31 23:11 <DIR> d-------- C:\Program Files\Pop up Blocker Pro
2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\tip4
2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\lis6
2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\kps5
2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\hs9
2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\Temp\gTiis19
2008-01-31 22:55 . 2008-02-27 12:28 37,376 -ra------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-31 22:54 . 2008-01-31 22:54 <DIR> d-------- C:\Temp\cXzz9
2008-01-31 22:54 . 2008-02-25 04:10 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 06:30 20,480 ----a-w C:\WINDOWS\quit.exe
2008-02-04 08:24 --------- d-----w C:\Program Files\Nero
2008-02-04 06:24 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-03 21:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-01 07:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-30 15:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
2008-01-20 04:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\DivX
2008-01-19 23:00 --------- d-----w C:\Program Files\Garmin GPS Control
2008-01-13 00:47 --------- d-----w C:\Program Files\AbiSuite2
2008-01-10 03:09 --------- d-----w C:\Program Files\Google
2008-01-10 00:40 --------- d-----w C:\Program Files\Azureus
2008-01-10 00:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-01-09 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-07 18:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-05 21:10 --------- d-----w C:\Program Files\VstPlugins
2008-01-05 21:10 --------- d-----w C:\Program Files\Image-Line
2008-01-05 21:02 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-01-04 04:24 --------- d-----w C:\Program Files\Ares
2008-01-02 18:46 --------- d-----w C:\Program Files\LimeWire
2008-01-02 18:45 --------- d-----w C:\Program Files\Java
2008-01-02 18:44 --------- d-----w C:\Program Files\Common Files\Java
2008-01-02 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-01-02 18:38 --------- d-----w C:\Program Files\Ulead Systems
2008-01-02 18:38 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-01-02 03:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss
2008-01-02 02:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\vlc
2008-01-02 02:38 --------- d-----w C:\Program Files\VideoLAN
2007-12-25 00:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead
2007-12-14 03:09 1,008,424 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-04 17:59 1,008,424 ----a-w C:\WINDOWS\UNRecode.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221BBF54-3327-4548-9006-84385B1A5840}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pop up Blocker Pro"="C:\Program Files\Pop up Blocker Pro\pdie.exe" [2007-01-12 14:10 1309184]
"JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [2008-02-20 04:03 144896]
"Aiuh"="C:\WINDOWS\RACLE~1\netdde.exe" [ ]
"Eecu"="C:\Program Files\Common Files\a?sembly\n?pdb.exe" [ ]
"NoDNS"="C:\Program Files\\NoDNS\\NoDNS.exe" [2008-02-24 08:57 102400]
"MapEDC"="C:\Program Files\MapEDC\MapEDC.exe" [2008-02-26 01:04 57344]
"78bc0c10"="C:\WINDOWS\system32\wmypasow.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"E4E7E7ECF1F2F2F0F"="A0A3A3A8ADAEAEA.exe" [2007-12-14 04:40 120832 C:\WINDOWS\system32\A0A3A3A8ADAEAEA.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"78bc0c10"="C:\WINDOWS\system32\wmypasow.dll" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2006-07-22 15:49 5376 C:\WINDOWS\system32\antiwpa.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\78bc0c10]
C:\WINDOWS\system32\omotnbvs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aiuh]
C:\WINDOWS\system32\ASEMBL~1\logonui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E4E7E7ECF1F2F2F0F]
--a------ 2007-12-14 04:40 120832 C:\WINDOWS\system32\A0A3A3A8ADAEAEA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eozcqadz]
C:\Documents and Settings\Owner\My Documents\?ystem\?hkntfs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-06-06 10:41 155136 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-06-06 10:45 192000 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iikw]
C:\PROGRA~1\COMMON~1\iikw\iikwm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\kvmmed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-07-01 17:23 67584 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 168848 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsaya]
C:\Documents and Settings\Owner\Application Data\W?nSxS\?ti2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
--------- 2004-11-26 11:43 90112 C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

S2 PowerManager;Power Manager;C:\WINDOWS\svchost.exe []
S3 Aldebaran;Aldebaran - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Aldebaran.sys []
S3 I97DRIVER;I97DRIVER;D:\Diagnostic\Eurosoft\QA+Win32\QA+Win32\dgs.sys []

*Newly Created Service* - POWERMANAGER
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 04:21:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NoDNS\NoDNS.exe
.
**************************************************************************
.
Completion time: 2008-02-25 4:23:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-25 12:22:59

Hope you can help!!

traejaqun · 02-29-2008, 07:03 PM

upping

traejaqun · 03-01-2008, 11:04 PM

please help

forhockey · 03-02-2008, 11:04 AM

Hi traejaqun,

You shouldn't use ComboFix without the supervision of an expert who has been trained to use this powerful tool.

Sorry for the delay in looking into your log, as we are extremely busy as you may have noticed. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Download the file & save it as its originally named, next to ComboFix.exe.

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

--------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

KILLALL::

File::
C:\WINDOWS\system32\di1.gif
C:\WINDOWS\system32\fadgsd.exe
C:\WINDOWS\hfdgrhjkgh.exe
C:\WINDOWS\17PHolmes572.exe.tmp
C:\WINDOWS\system32\fwehg.exe
C:\WINDOWS\gsdfr5yhgjng.exe
C:\WINDOWS\system32\Jamster.ico
C:\WINDOWS\system32\antiwpa.dll
C:\WINDOWS\system32\A0A3A3A8ADAEAEA.exe
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\quit.exe
Folder::
C:\WINDOWS\system32\9DA0A0A5AAABABA
C:\WINDOWS\system32\tip4
C:\WINDOWS\system32\lis6
C:\WINDOWS\system32\kps5
C:\WINDOWS\system32\hs9
C:\Temp
C:\Program Files\MapEDC
C:\Program Files\NoDNS
C:\Program Files\JavaCore
C:\Program Files\Dot1XCfg
C:\Documents and Settings\Owner\Application Data\WinTouch
C:\Program Files\Data\WinTouch
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221BBF54-3327-4548-9006-84385B1A5840}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JavaCore"=-
"Aiuh"=-
"Eecu"=-
"NoDNS"=-
"MapEDC"=-
"78bc0c10"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"E4E7E7ECF1F2F2F0F"=-
"78bc0c10"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\78bc0c10]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aiuh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E4E7E7ECF1F2F2F0F]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eozcqadz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iikw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsaya]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]

Save this as CFScript

Referring to the picture above, drag CFScript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------

Reply back with the following:

CF_RC.txt
C:\ComboFix.txt
Update on system behaviour?

02-29-2008, 09:37 AM	#1 (permalink)
traejaqun Registered User Join Date: Feb 2008 Posts: 3 OS: xp	spyware pop ups wont stop Hello, my name is Trae and im having problems with my computer, spyware pop-ups wont stop, they make my computer run slower and close out my browser sometimes. I tried the combofix and it stopped for about a hour and restarted but this time its different anti spyware programs on my computer that wont let me delete them. They all tell me my computer has a infection and I need to register there program to get rid of it. Not sure what this means but this was the notepad from the combofix ComboFix 08-02-25.3 - Owner 2002-05-04 4:09:40.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.215 [GMT -7:00] Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Owner\Application Data\SSTEM3~1 C:\Documents and Settings\Owner\Application Data\WNSXS~1 C:\Documents and Settings\Owner\My Documents\YSTEM~1 C:\Documents and Settings\Owner\My Documents\YSTEM~1\?hkntfs.exe C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk C:\Program Files\Common Files\asembl~1 C:\Program Files\Common Files\asembl~1\n?pdb.exe C:\Program Files\Common Files\iikw C:\Program Files\Common Files\iikw\iikwa.exe C:\Program Files\Common Files\iikw\iikwa.lck C:\Program Files\Common Files\iikw\iikwd\class-barrel C:\Program Files\Common Files\iikw\iikwd\iikwc.dll C:\Program Files\Common Files\iikw\iikwd\vocabulary C:\Program Files\Common Files\iikw\iikwh C:\Program Files\Common Files\iikw\iikwl.exe C:\Program Files\Common Files\iikw\iikwl.lck C:\Program Files\Common Files\iikw\iikwm.exe C:\Program Files\Common Files\iikw\iikwm.lck C:\Program Files\Common Files\iikw\iikwp.exe C:\Program Files\Common Files\Yazzle1281OinAdmin.exe C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe C:\Program Files\inetget2 C:\Program Files\inetget2\MTE3MTk6ODoxNg.exe C:\Program Files\Insider C:\Program Files\Insider\Insider.exe C:\Program Files\Insider\UnInstall.exe C:\Program Files\Online Services\nipys4444.dll C:\Program Files\Online Services\nipys455101.dll C:\Program Files\Online Services\nipys83122.dll C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\FF.dll C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\Program Files\outerinfo\Terms.rtf C:\Program Files\Router C:\Program Files\Temporary C:\Program Files\Temporary\InsiDERIns.exe C:\Program Files\Temporary\kernInst.exe C:\Program Files\Windows NT\rybimoc.dll C:\Program Files\Windows NT\rybimoc594.dll C:\Program Files\Windows NT\rybimoc68.dll C:\Program Files\Windows NT\rybimoc816.dll C:\Program Files\ystem~1 C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\temp\tn3 C:\WINDOWS\b103.exe C:\WINDOWS\b104.exe C:\WINDOWS\b111.exe C:\WINDOWS\b116.exe C:\WINDOWS\b122.exe C:\WINDOWS\b138.exe C:\WINDOWS\b147.exe C:\WINDOWS\b149.exe C:\WINDOWS\b151.exe C:\WINDOWS\b152.exe C:\WINDOWS\b153.exe C:\WINDOWS\b154.exe C:\WINDOWS\cookies.ini C:\WINDOWS\fnts~1 C:\WINDOWS\iikw C:\WINDOWS\iikw\iikw.dat C:\WINDOWS\iikw\wu C:\WINDOWS\mrofinu1000106.exe C:\WINDOWS\mrofinu572.exe C:\WINDOWS\NTE1MA\ C:\WINDOWS\NTE1MA\\asappsrv.dll C:\WINDOWS\NTE1MA\\command.exe C:\WINDOWS\NTE1MA\\hnHYgE.vbs C:\WINDOWS\NTE1MA\command.exe C:\WINDOWS\racle~1 C:\WINDOWS\racle~1\?racle\ C:\WINDOWS\racle~1\netdde.exe C:\WINDOWS\sembly~1 C:\WINDOWS\svchost.exe C:\WINDOWS\system32\aohiasxi.dll C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\system32\conf.dat C:\WINDOWS\system32\ddcbxxx.dll C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\imagesrvv.sys C:\WINDOWS\system32\eom.dll C:\WINDOWS\system32\explorer.exe C:\WINDOWS\system32\eybptefa.ini C:\WINDOWS\system32\fccaayx.dll C:\WINDOWS\system32\fccyyxw.dll C:\WINDOWS\system32\gebabca.dll C:\WINDOWS\system32\gebxwxw.dll C:\WINDOWS\system32\hgghiih.dll C:\WINDOWS\system32\iexplorer.dll .dbt C:\WINDOWS\system32\ixsaihoa.ini C:\WINDOWS\system32\jjllm.ini C:\WINDOWS\system32\jjllm.ini2 C:\WINDOWS\system32\jkkjiif.dll C:\WINDOWS\system32\jkkljji.dll C:\WINDOWS\system32\jkklllj.dll C:\WINDOWS\system32\jrykubwu.dll C:\WINDOWS\system32\khfeebc.dll C:\WINDOWS\system32\khffgda.dll C:\WINDOWS\system32\lcsbbeok.dll C:\WINDOWS\system32\mlljj.dll C:\WINDOWS\system32\nGpxx01 C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe C:\WINDOWS\system32\nnnkklk.dll C:\WINDOWS\system32\omotnbvs.dll C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pmnnnkj.dll C:\WINDOWS\system32\qbqitrxw.dll C:\WINDOWS\system32\rqrsspo.dll C:\WINDOWS\system32\rqrstrr.dll C:\WINDOWS\system32\safwldbr.dll C:\WINDOWS\system32\ssqpnon.dll C:\WINDOWS\system32\ssqppmj.dll C:\WINDOWS\system32\svbntomo.ini C:\WINDOWS\system32\tsuninst.exe C:\WINDOWS\system32\urqopmj.dll C:\WINDOWS\system32\vvimbce.dll C:\WINDOWS\system32\wosapymw.ini C:\WINDOWS\system32\wvutqqn.dll C:\WINDOWS\system32\xcfgypkt.ini C:\WINDOWS\system32\xxywwxw.dll C:\WINDOWS\system32\xxyxwvt.dll C:\WINDOWS\tk58.exe C:\WINDOWS\TTC-4444.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CMDSERVICE -------\LEGACY_IMAGESRVV -------\LEGACY_MSUPDATE -------\LEGACY_NETWORK_MONITOR -------\LEGACY_POWERMANAGER -------\cmdService -------\imagesrvv -------\msupdate -------\PowerManager ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))) . 2008-02-26 01:04 . 2008-02-26 01:04 <DIR> d-------- C:\Program Files\MapEDC 2008-02-24 08:57 . 2008-02-24 08:57 <DIR> d-------- C:\Program Files\NoDNS 2008-02-23 13:45 . 2008-02-23 13:45 12 --a------ C:\WINDOWS\system32\di1.gif 2008-02-21 14:01 . 2008-02-21 22:31 40,960 --a------ C:\WINDOWS\system32\fadgsd.exe 2008-02-21 14:01 . 2008-02-21 22:31 40,960 --a------ C:\WINDOWS\hfdgrhjkgh.exe 2008-02-20 21:10 . 2008-02-24 21:25 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico 2008-02-20 12:30 . 2008-02-20 12:30 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2008-02-20 04:03 . 2008-02-20 04:03 <DIR> d-------- C:\Program Files\JavaCore 2008-02-19 21:50 . 2008-02-24 09:18 36,864 --a------ C:\WINDOWS\17PHolmes572.exe.tmp 2008-02-19 09:28 . 2008-02-19 23:42 36,864 --a------ C:\WINDOWS\system32\fwehg.exe 2008-02-19 09:28 . 2008-02-19 23:42 36,864 --a------ C:\WINDOWS\gsdfr5yhgjng.exe 2008-02-07 16:36 . 2008-02-07 16:38 <DIR> d-------- C:\Program Files\Prime95 2008-02-07 16:36 . 2008-02-07 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad 2008-02-07 13:21 . 2008-02-07 13:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Webroot 2008-02-06 21:20 . 2002-05-02 23:02 1,221,050 ---hs---- C:\WINDOWS\system32\ibpdvcnh.ini 2008-02-04 10:58 . 2002-05-07 05:57 4,286 --a------ C:\WINDOWS\system32\Jamster.ico 2008-02-04 00:32 . 2008-02-04 00:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nero 2008-02-04 00:24 . 2008-02-04 00:26 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-02-04 00:24 . 2008-02-04 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-02-03 22:32 . 2008-02-03 22:33 <DIR> d-------- C:\Program Files\Instant CD & DVD Burner 2008-02-03 14:01 . 2002-05-07 06:38 <DIR> d-------- C:\Program Files\Free Easy Burner 2008-02-03 13:34 . 2002-05-05 17:04 <DIR> d-------- C:\Program Files\TradeTouch 2008-02-03 11:33 . 2002-05-05 17:03 <DIR> d-------- C:\Program Files\Cheetah Burner 2008-02-03 11:33 . 2005-11-14 04:23 1,228,800 --a------ C:\WINDOWS\system32\FoxBurner.ocx 2008-02-02 20:24 . 2008-02-02 20:24 <DIR> d-------- C:\WINDOWS\system32\9DA0A0A5AAABABA 2008-02-02 20:24 . 2007-12-14 04:40 120,832 --a------ C:\WINDOWS\system32\A0A3A3A8ADAEAEA.exe 2008-02-02 15:44 . 2008-02-02 16:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-02 15:44 . 2008-02-02 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-31 23:11 . 2008-01-31 23:11 <DIR> d-------- C:\Program Files\Pop up Blocker Pro 2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\tip4 2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\lis6 2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\kps5 2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\hs9 2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\Temp\gTiis19 2008-01-31 22:55 . 2008-02-27 12:28 37,376 -ra------ C:\WINDOWS\mrofinu572.exe.tmp 2008-01-31 22:54 . 2008-01-31 22:54 <DIR> d-------- C:\Temp\cXzz9 2008-01-31 22:54 . 2008-02-25 04:10 <DIR> d-------- C:\Temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-22 06:30 20,480 ----a-w C:\WINDOWS\quit.exe 2008-02-04 08:24 --------- d-----w C:\Program Files\Nero 2008-02-04 06:24 --------- d-----w C:\Program Files\Common Files\Ahead 2008-02-03 21:32 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-01 07:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire 2008-01-30 15:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks 2008-01-20 04:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\DivX 2008-01-19 23:00 --------- d-----w C:\Program Files\Garmin GPS Control 2008-01-13 00:47 --------- d-----w C:\Program Files\AbiSuite2 2008-01-10 03:09 --------- d-----w C:\Program Files\Google 2008-01-10 00:40 --------- d-----w C:\Program Files\Azureus 2008-01-10 00:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus 2008-01-09 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2008-01-07 18:54 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-05 21:10 --------- d-----w C:\Program Files\VstPlugins 2008-01-05 21:10 --------- d-----w C:\Program Files\Image-Line 2008-01-05 21:02 --------- d-----w C:\Program Files\ASIO4ALL v2 2008-01-04 04:24 --------- d-----w C:\Program Files\Ares 2008-01-02 18:46 --------- d-----w C:\Program Files\LimeWire 2008-01-02 18:45 --------- d-----w C:\Program Files\Java 2008-01-02 18:44 --------- d-----w C:\Program Files\Common Files\Java 2008-01-02 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-01-02 18:38 --------- d-----w C:\Program Files\Ulead Systems 2008-01-02 18:38 --------- d-----w C:\Program Files\Common Files\Ulead Systems 2008-01-02 03:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss 2008-01-02 02:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\vlc 2008-01-02 02:38 --------- d-----w C:\Program Files\VideoLAN 2007-12-25 00:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead 2007-12-14 03:09 1,008,424 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-12-04 17:59 1,008,424 ----a-w C:\WINDOWS\UNRecode.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221BBF54-3327-4548-9006-84385B1A5840}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pop up Blocker Pro"="C:\Program Files\Pop up Blocker Pro\pdie.exe" [2007-01-12 14:10 1309184] "JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [2008-02-20 04:03 144896] "Aiuh"="C:\WINDOWS\RACLE~1\netdde.exe" [ ] "Eecu"="C:\Program Files\Common Files\a?sembly\n?pdb.exe" [ ] "NoDNS"="C:\Program Files\\NoDNS\\NoDNS.exe" [2008-02-24 08:57 102400] "MapEDC"="C:\Program Files\MapEDC\MapEDC.exe" [2008-02-26 01:04 57344] "78bc0c10"="C:\WINDOWS\system32\wmypasow.dll" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "E4E7E7ECF1F2F2F0F"="A0A3A3A8ADAEAEA.exe" [2007-12-14 04:40 120832 C:\WINDOWS\system32\A0A3A3A8ADAEAEA.exe] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "78bc0c10"="C:\WINDOWS\system32\wmypasow.dll" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa] antiwpa.dll 2006-07-22 15:49 5376 C:\WINDOWS\system32\antiwpa.dll [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\78bc0c10] C:\WINDOWS\system32\omotnbvs.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aiuh] C:\WINDOWS\system32\ASEMBL~1\logonui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E4E7E7ECF1F2F2F0F] --a------ 2007-12-14 04:40 120832 C:\WINDOWS\system32\A0A3A3A8ADAEAEA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eozcqadz] C:\Documents and Settings\Owner\My Documents\?ystem\?hkntfs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2004-06-06 10:41 155136 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2004-06-06 10:45 192000 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iikw] C:\PROGRA~1\COMMON~1\iikw\iikwm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider] C:\Program Files\Insider\Insider.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] C:\WINDOWS\mrofinu572.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w] C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\kvmmed.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2004-07-01 17:23 67584 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 04:00 168848 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsaya] C:\Documents and Settings\Owner\Application Data\W?nSxS\?ti2evxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2] --------- 2004-11-26 11:43 90112 C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch] C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= S2 PowerManager;Power Manager;C:\WINDOWS\svchost.exe [] S3 Aldebaran;Aldebaran - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Aldebaran.sys [] S3 I97DRIVER;I97DRIVER;D:\Diagnostic\Eurosoft\QA+Win32\QA+Win32\dgs.sys [] Newly Created Service - POWERMANAGER . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-25 04:21:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\NoDNS\NoDNS.exe . ************************************************************************ . Completion time: 2008-02-25 4:23:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-25 12:22:59 Hope you can help!!

02-29-2008, 07:03 PM	#2 (permalink)
traejaqun Registered User Join Date: Feb 2008 Posts: 3 OS: xp	Re: spyware pop ups wont stop upping

03-01-2008, 11:04 PM	#3 (permalink)
traejaqun Registered User Join Date: Feb 2008 Posts: 3 OS: xp	Re: spyware pop ups wont stop please help