|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
Thread Tools |
06-28-2008, 01:33 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 1
OS: Vista
|
Consant pop ups
I believe as i was sufing around last night, I went to an unknown web site and after that, I have gotten many constant pop ups since then, just random sites (some say zoombli)and there is no pattern to what pops up. I ran the decker system scanner and am posting the "main" and will attach the extra to this post also. I have Norton and ad-aware on this system and Notron found a "AntivVirus 2008 detected by auto-protect" and removed it about 12:30 last night. I also started the panda system but stopped when i realized i should have used the decker. Thank you for you help in advance.
Gayle Deckard's System Scanner v20071014.68 Run by Gayle on 2008-06-28 14:48:43 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 29: 2008-06-28 16:00:36 UTC - RP329 - Installed Ad-Aware 28: 2008-06-28 12:11:50 UTC - RP328 - Windows Defender Checkpoint 27: 2008-06-28 07:00:31 UTC - RP326 - Windows Update 26: 2008-06-28 00:07:48 UTC - RP325 - Windows Defender Checkpoint 25: 2008-06-27 07:00:25 UTC - RP323 - Windows Update -- First Restore Point -- 1: 2008-06-15 07:00:22 UTC - RP299 - Windows Update Backed up registry hives. Performed disk cleanup. Percentage of Memory in Use: 79% (more than 75%). Total Physical Memory: 958 MiB (1024 MiB recommended). -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-28 14:51:28 Platform: Windows Vista (6.00.6000) MSIE: Internet Explorer (7.00.6000.16386) Boot mode: Normal Running processes: C:\WINDOWS\System32\dwm.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\VTTimer.exe C:\Program Files\Lexmark 3400 Series\lxcymon.exe C:\Program Files\Lexmark 3400 Series\ezprint.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\WindowsMobile\wmdSync.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AWS\WeatherBug\Weather.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe C:\WINDOWS\System32\taskeng.exe C:\WINDOWS\System32\mobsync.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\Macromed\Flash\FlashUtil9f.exe C:\WINDOWS\System32\taskeng.exe C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe C:\Users\Gayle\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Gayle\AppData\Local\Temp\fCrqopMe.dll,c O4 - HKCU\..\Run: [c82fe65b] rundll32.exe "C:\Users\Gayle\AppData\Local\Temp\iafncsna.dll",b O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE') O4 - Global Startup: ExpressPLNRnote.lnk = C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O15 - Trusted Zone: https://blackboard.ohiou.edu (HKCU) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxcy_device - Unknown owner - C:\WINDOWS\System32\lxcycoms.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 9051 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S3 viagfx - c:\windows\system32\drivers\vtmini.sys <Not Verified; Copyright (C) VIA/S3 Graphics Co, Ltd.; UniChrome(Pro) IGP Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-27 20:05:37 454 --a------ C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - Gayle.job -- Files created between 2008-05-28 and 2008-06-28 ----------------------------- 2008-06-28 14:30:40 0 d-------- C:\Program Files\Panda Security 2008-06-28 12:01:09 0 d-------- C:\Users\All Users\Lavasoft 2008-06-28 12:00:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-27 20:07:04 0 d-------- C:\Users\All Users\ADSL Software Ltd -- Find3M Report --------------------------------------------------------------- 2008-06-28 12:01:11 0 d-------- C:\Program Files\Lavasoft 2008-06-28 12:00:11 0 d-------- C:\Program Files\Common Files 2008-06-27 20:21:14 0 d-------- C:\Program Files\Symantec 2008-06-19 11:07:30 0 d-------- C:\Program Files\lx_cats 2008-05-26 21:28:01 286720 -----n--- C:\Windows\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows> 2008-05-26 21:28:00 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2008-05-16 17:15:04 0 d-------- C:\Users\Gayle\AppData\Roaming\LimeWire 2008-04-09 22:35:10 174 --ahs---- C:\Program Files\desktop.ini 2008-04-09 20:13:02 0 --a------ C:\Windows\nsreg.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/16/2007 11:02 PM] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [07/15/2004 05:07 AM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/25/2006 01:08 AM] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [10/27/2006 03:18 AM] "VTTimer"="VTTimer.exe" [09/27/2007 02:01 PM C:\WINDOWS\System32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [09/27/2007 02:01 PM C:\WINDOWS\System32\VTTrayp.exe] "lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [01/11/2007 02:57 PM] "EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [11/29/2006 12:57 PM] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [11/29/2006 12:57 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/28/2007 02:27 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM] "LXCYCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [11/21/2006 01:27 PM] "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] "SoundMan"="SOUNDMAN.EXE" [03/09/2007 05:28 PM C:\WINDOWS\SOUNDMAN.EXE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM] "Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [08/29/2007 11:55 AM] "antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" [] "cmds"="C:\Users\Gayle\AppData\Local\Temp\fCrqopMe.dll,c" [] "c82fe65b"="C:\Users\Gayle\AppData\Local\Temp\iafncsna.dll,b" [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ ExpressPLNRnote.lnk - C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe [1/16/2006 4:28:06 PM] Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [12/22/2006 4:43:22 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum LocalServiceNoNetwork PLA DPS BFE mpssvc WindowsMobile wcescomm rapimgr LocalServiceRestricted WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01a6b8e0-97b9-11dc-9c7a-000000000010}] AutoRun\command- L:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-06-28 14:54:11 ------------ |
|
     |
| Thread Tools | |
|
|
