|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
05-05-2007, 01:16 PM
|
#1 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 9
OS: xp home sp2
|
Pop ups - zedo.com outerinfo.com
We are getting constant pop-ups which I think are related to zedo.com and outerinfo.com. I went to both sites and attempted to used there "opt out" buttons with no results. The pop-ups are extremely intrusive. there really out to be a law against this sort of thing. I have completed the 5 steps and am posting my log below. Thank you in advance for your kind assistance.
Deckard's System Scanner v20070426.43 Run by Owner on 2007-05-05 at 13:37:58 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 102: 2007-05-05 18:38:05 UTC - RP383 - Deckard's System Scanner Restore Point 101: 2007-05-05 16:51:18 UTC - RP382 - Unsigned driver install 100: 2007-05-04 15:51:08 UTC - RP381 - System Checkpoint 99: 2007-05-03 15:33:30 UTC - RP380 - System Checkpoint 98: 2007-05-02 14:33:30 UTC - RP379 - System Checkpoint -- First Restore Point -- 1: 2007-02-06 03:58:56 UTC - RP282 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 1:44:53 PM, on 5/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\BRMFRSMG.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Owner\Application Data\??stem\r?ndll32.exe C:\PROGRA~1\COMMON~1\MANTEC~1\mshta.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://sitecontrol.hostway.com/pas/...s/Login.render R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/ R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {3DE2EDC1-5127-0AD4-7564-0EB26B1E85BE} - C:\WINDOWS\system32\sji.dll (file missing) O2 - BHO: (no name) - {3DE2EDC7-5121-7ADC-7560-7CB21F1B85C8} - C:\WINDOWS\system32\sji.dll (file missing) O2 - BHO: (no name) - {45E1AB69-15F3-4E75-F248-6BE33BE9A8CE} - C:\WINDOWS\system32\muv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {E43E7A3E-CEF7-915D-F1AF-C0DEB8B505C4} - C:\WINDOWS\system32\igugf.dll (file missing) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Wwdsqpu] "C:\Documents and Settings\Owner\Application Data\??stem\r?ndll32.exe" 99001122 O4 - HKCU\..\Run: [Ltho] "C:\PROGRA~1\COMMON~1\MANTEC~1\mshta.exe" -vt ndrv O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158529351750 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000245 (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- File Associations ----------------------------------------------------------- .js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe,2 .js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; > R1 core - c:\windows\system32\drivers\core.sys R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R3 AN983 (ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter) - c:\windows\system32\drivers\an983.sys <Not Verified; ADMtek Incorporated.; ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter> R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi> R3 brfilt (Brother MFC Filter Driver) - c:\windows\system32\drivers\brfilt.sys <Not Verified; Brother Industries Ltd.; Microsoft® Windows® Operating System> R3 BrUsbScn (Brother MFC USB Scanner driver) - c:\windows\system32\drivers\brusbscn.sys <Not Verified; Brother Industries Ltd.; Microsoft® Windows® Operating System> R3 E1000 (Intel(R) PRO/1000 Adapter Driver) - c:\windows\system32\drivers\e1000325.sys <Not Verified; Intel Corporation; Intel(R) PRO/1000 Adapter> R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture> R3 EVOLUSB (%EVOL_USB_SvcDesc%) - c:\windows\system32\drivers\evolusb.sys <Not Verified; Evolution Electronics Ltd.; Evolution USB MIDI Keyboard Interface> R3 mf - c:\windows\system32\drivers\mf.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> R3 mohfilt - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel Corporation; Intel(R) 537EP Modem> R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> R3 pctvvbi - c:\windows\system32\drivers\pctvvbi.sys <Not Verified; Pinnacle Systems; Pinnacle Systems Product Family> R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)> S3 61883 (61883 Unit Device) - c:\windows\system32\drivers\61883.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> S3 AR5513 (DWL-G520M Wireless 108G MIMO PCI Adapter) - c:\windows\system32\drivers\ar5513.sys (file missing) S3 Avc (AVC Device) - c:\windows\system32\drivers\avc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> S3 Bridge (MAC Bridge) - c:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> S3 BridgeMP (MAC Bridge Miniport) - c:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> S3 DuneNtsc (Pinnacle PCTV Deluxe USB (NTSC) Device) - c:\windows\system32\drivers\dunentsc.sys <Not Verified; Emuzed, Inc.; Pinnacle PCTV Deluxe USB (NTSC).> S3 FINEPIX_PCC (FinePix Digital Camera 020523) - c:\windows\system32\drivers\v4cb0115.sys <Not Verified; FUJI PHOTO FILM CO.,LTD.; USB PC Camera> S3 MSDV (Microsoft DV Camera and VCR) - c:\windows\system32\drivers\msdv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; > S2 COM+ Messages - "c:\windows\system32\svchosts.exe" -e te-110-12-0000245 (file missing) S2 UnoInstallerService (Uno Installer) - c:\program files\m-audio uno\unoinst.exe (file missing) S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home> -- Scheduled Tasks ------------------------------------------------------------- 2007-04-29 17:48:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-04-05 and 2007-05-05 ----------------------------- 2007-05-05 13:09:28 21312 --a------ C:\WINDOWS\choice.exe 2007-05-05 13:05:52 0 d-------- C:\ie-spyad2 2007-05-05 12:57:33 0 d-------- C:\Program Files\SpywareBlaster 2007-05-05 12:04:12 0 d-------- C:\Program Files\InterMute 2007-05-02 08:32:00 72320 --a------ C:\WINDOWS\system32\drivers\core.sys 2007-04-26 09:49:43 85504 -----n--- C:\WINDOWS\system32\evolusbn.dll <Not Verified; Evolution Electronics Ltd.; Evolution USB MIDI Keyboard Interface> 2007-04-26 09:49:43 21984 --a------ C:\WINDOWS\system32\drivers\evolusb.sys <Not Verified; Evolution Electronics Ltd.; Evolution USB MIDI Keyboard Interface> 2007-04-26 09:34:38 0 d-------- C:\Program Files\SmartMusic 2007-04-26 09:34:27 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE> 2007-04-26 09:33:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-26 09:33:30 0 d-------- C:\Psfonts 2007-04-26 09:33:11 0 d-------- C:\Program Files\Finale 2003 2007-04-26 09:32:36 59264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-04-26 09:31:50 0 d-------- C:\Program Files\M-Audio Uno 2007-04-22 11:47:25 0 d-------- C:\Documents and Settings\p sundlof\Application Data\Snapfish 2007-04-22 11:47:22 1829 --a------ C:\WINDOWS\mozver.dat 2007-04-18 10:35:17 0 d-------- C:\Program Files\iPod 2007-04-18 10:35:14 0 d-------- C:\Program Files\iTunes 2007-04-18 10:27:19 0 d-------- C:\Documents and Settings\p sundlof\Application Data\iCloner 2007-04-18 09:49:18 0 d-------- C:\Documents and Settings\p sundlof\Application Data\CopyTrans 2007-04-11 18:19:24 69632 --a------ C:\WINDOWS\system32\lfgif13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32> 2007-04-11 18:19:23 462848 --a------ C:\WINDOWS\system32\ltkrn13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32> 2007-04-11 18:19:23 450560 --a------ C:\WINDOWS\system32\ltimg13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32> 2007-04-11 18:19:23 163840 --a------ C:\WINDOWS\system32\ltfil13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32> 2007-04-11 18:19:23 206336 --a------ C:\WINDOWS\system32\ltefx13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32> 2007-04-11 18:19:23 299008 --a------ C:\WINDOWS\system32\ltdis13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32> 2007-04-11 18:19:23 401408 --a------ C:\WINDOWS\system32\lfcmp13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32> 2007-04-11 18:19:23 57344 --a------ C:\WINDOWS\system32\lfbmp13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32> 2007-04-11 18:00:45 0 dr------- C:\Documents and Settings\p sundlof\Application Data\Brother 2007-04-07 14:08:42 0 d-------- C:\Program Files\webHancer -- Find3M Report --------------------------------------------------------------- 2007-05-05 13:20:39 0 d-------- C:\Program Files\Common Files\AOL 2007-05-05 13:20:03 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-00000001-00001102-00000004-20041102}.dat 2007-05-05 13:20:03 384 --a------ C:\WINDOWS\system32\DVCState-{00000003-00000000-00000001-00001102-00000004-20041102}.dat 2007-05-05 12:45:05 0 d-------- C:\Program Files\Common Files\aolshare 2007-05-05 11:50:24 0 d-------- C:\Program Files\Common Files\??mantec 2007-05-05 11:44:01 0 d-------- C:\Program Files\Common Files\{5047DE6A-0C78-1033-0421-040305220001} 2007-04-26 09:32:16 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-04-18 10:34:28 0 d-------- C:\Program Files\QuickTime 2007-04-18 10:33:11 0 d-------- C:\Program Files\Apple Software Update 2007-03-22 22:56:41 2 --a------ C:\WINDOWS\system32\wnstssv32.exe 2007-03-22 22:56:40 0 d-------- C:\Documents and Settings\Owner\Application Data\??stem 2007-03-22 09:29:49 0 d-------- C:\Program Files\Common Files\{5047DE6A-0C77-1033-0421-040305220001} 2007-03-19 13:30:06 60928 --a------ C:\WINDOWS\system32\muv.dll 2007-03-18 09:27:17 0 d---s---- C:\Documents and Settings\Owner\Application Data\M?crosoft 2007-03-13 00  08 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla2007-03-10 15:02:33 0 d-------- C:\Program Files\Quicken 2007-03-10 15:02:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Intuit 2007-02-24 16:53:19 2 --a------ C:\WINDOWS\system32\wnststr.exe -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx {3DE2EDC1-5127-0AD4-7564-0EB26B1E85BE} C:\WINDOWS\system32\sji.dll [x] {3DE2EDC7-5121-7ADC-7560-7CB21F1B85C8} C:\WINDOWS\system32\sji.dll [x] {45E1AB69-15F3-4E75-F248-6BE33BE9A8CE} C:\WINDOWS\system32\muv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll {E43E7A3E-CEF7-915D-F1AF-C0DEB8B505C4} C:\WINDOWS\system32\igugf.dll [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Wwdsqpu"="\"C:\\Documents and Settings\\Owner\\Application Data\\??stem\\r?ndll32.exe\" 99001122" "Ltho"="\"C:\\PROGRA~1\\COMMON~1\\MANTEC~1\\mshta.exe\" -vt ndrv" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SetDefaultMidi"="MIDIDEF.EXE" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Acrobat Assistant.lnk" "backup"="C:\\WINDOWS\\pss\\Acrobat Assistant.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Distillr\\AcroTray.exe " "item"="Acrobat Assistant" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.exe.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk" "backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check" "item"="America Online 9.0 Tray Icon" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link REG Utility.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\D-Link REG Utility.lnk" "backup"="C:\\WINDOWS\\pss\\D-Link REG Utility.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\DWL-G5~1\\Reg.exe " "item"="D-Link REG Utility" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk" "backup"="C:\\WINDOWS\\pss\\DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\DWL-G5~1\\AIRPLUS.exe " "item"="DWL-G520M Wireless 108G MIMO PCI Adapter Utility" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Exif Launcher.lnk" "backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe " "item"="Exif Launcher" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pinnacle PCTV Scheduler.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Pinnacle PCTV Scheduler.lnk" "backup"="C:\\WINDOWS\\pss\\Pinnacle PCTV Scheduler.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Pinnacle\\SHARED~1\\Programs\\PCLESC~1.EXE " "item"="Pinnacle PCTV Scheduler" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SmartUI.lnk" "backup"="C:\\WINDOWS\\pss\\SmartUI.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Scansoft\\PAPERP~1\\SmartUI\\SmartUI.exe " "item"="SmartUI" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Ati2mdxx" "hkey"="HKLM" "command"="Ati2mdxx.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="atiptaxx" "hkey"="HKLM" "command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NMBgMonitor" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cjzjyb] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="c?rss" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\s?mbols\\c?rss.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CTHELPER" "hkey"="HKLM" "command"="CTHELPER.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSoftware" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\1157917618\\ee\\AOLSoftware.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IndexSearch" "hkey"="HKLM" "command"="C:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IPHSend" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ipwins" "hkey"="HKLM" "command"="C:\\Program Files\\Ipwindows\\ipwins.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ltho] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mshta" "hkey"="HKCU" "command"="\"C:\\PROGRA~1\\COMMON~1\\MANTEC~1\\mshta.exe\" -vt yazb" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mmtask" "hkey"="HKLM" "command"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mrmq] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mrmqm" "hkey"="HKCU" "command"="C:\\PROGRA~1\\COMMON~1\\mrmq\\mrmqm.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSMSGS" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="pptd40nt" "hkey"="HKLM" "command"="C:\\Program Files\\Scansoft\\PaperPort\\pptd40nt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVRemote] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Remoterm" "hkey"="HKLM" "command"="C:\\Program Files\\Pinnacle\\Pinnacle PCTV Deluxe\\Remote\\Remoterm.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PSDrvCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PRONoMgr" "hkey"="HKLM" "command"="C:\\Program Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RealPlay" "hkey"="HKLM" "command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="REGSHAVE" "hkey"="HKLM" "command"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BrDefPrt" "hkey"="HKLM" "command"="C:\\Program Files\\Brother\\BRMFLPRO\\BrDefPrt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="sgtray" "hkey"="HKLM" "command"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{5047DE6A-0C77-1033-0421-040305220001}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Update" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\{5047DE6A-0C77-1033-0421-040305220001}\\Update.exe\" te-110-12-0000245" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{5047DE6A-0C78-1033-0421-040305220001}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Update" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\{5047DE6A-0C78-1033-0421-040305220001}\\Update.exe\" te-110-12-0000245" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 -- End of Deckard's System Scanner: finished at 2007-05-05 at 13:46:15 --------- |
|
     |
|
05-08-2007, 06:34 PM
|
#2 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,345
OS: xp
|
Re: Pop ups - zedo.com outerinfo.com
Welcome jsundlof
Start Your Hijackthis Scan and place a check next to these items If there. R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {3DE2EDC1-5127-0AD4-7564-0EB26B1E85BE} - C:\WINDOWS\system32\sji.dll (file missing) O2 - BHO: (no name) - {3DE2EDC7-5121-7ADC-7560-7CB21F1B85C8} - C:\WINDOWS\system32\sji.dll (file missing) O2 - BHO: (no name) - {45E1AB69-15F3-4E75-F248-6BE33BE9A8CE} - C:\WINDOWS\system32\muv.dll O2 - BHO: (no name) - {E43E7A3E-CEF7-915D-F1AF-C0DEB8B505C4} - C:\WINDOWS\system32\igugf.dll (file missing) O4 - HKCU\..\Run: [Wwdsqpu] "C:\Documents and Settings\Owner\Application Data\??stem\r?ndll32.exe" 99001122 O4 - HKCU\..\Run: [Ltho] "C:\PROGRA~1\COMMON~1\MANTEC~1\mshta.exe" -vt ndrv ==================================== Hit fix checked and close Hijackthis. Post a combofix log 1. Download this file - combofix.exe http://www.techsupportforum.com/sect...s/ComboFix.exe alternate link http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Also: Post a fresh Hijackthis log It appears you do not run an antivirus program, why is that ? |
|
|
|
|
05-12-2007, 10:54 AM
|
#3 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 9
OS: xp home sp2
|
Re: Pop ups - zedo.com outerinfo.com
thank you. I deleted the items as instructed and now here is the log from ComboFix which will be followed in the next post by the new scanlog from hijackthis after doing ComboFix:
ComboFix log: "Owner" - 2007-05-12 11:27:14 Service Pack 2 ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Owner\Desktop\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe C:\WINDOWS\uninstall_nmon.vbs C:\Program Files\outerinfo\OiUninstaller.exe C:\Program Files\outerinfo\outerinfo.ico C:\Program Files\outerinfo\Terms.rtf C:\Program Files\webhancer\whAgent_update.exe C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\domains.txt C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\log.txt C:\Program Files\Common Files\{3047D~1\Bar888.dll C:\Program Files\Common Files\{3047D~1\toolbardll.lzma C:\Program Files\Common Files\{3047D~1\UnInstall.exe C:\WINDOWS\system32\unsvchosts.lzma C:\WINDOWS\system32\wnststr.exe C:\Program Files\outerinfo C:\Program Files\webhancer C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon C:\Program Files\Common Files\{3047D~1 C:\Program Files\Common Files\{5047D~2 C:\Program Files\Common Files\{5047D~1 C:\WINDOWS\system32\drivers\core.sys ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\C\DOCUME~1 C:\qoobox\purity\C\DOCUME~1\Owner C:\qoobox\purity\C\DOCUME~1\Owner\APPLIC~1 C:\qoobox\purity\C\DOCUME~1\Owner\APPLIC~1\MCROSO~1 C:\qoobox\purity\C\DOCUME~1\Owner\APPLIC~1\STEM~1 C:\qoobox\purity\C\DOCUME~1\Owner\APPLIC~1\STEM~1\r?ndll32.exe C:\qoobox\purity\C\Program Files\SCURIT~1 C:\qoobox\purity\C\Program Files\Common Files\MANTEC~1 C:\qoobox\purity\C\Program Files\Common Files\STEM~1 C:\qoobox\purity\C\WINDOWS\system32\SMBOLS~1 ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_CMDSERVICE -------\LEGACY_COM+_MESSAGES -------\LEGACY_CORE -------\LEGACY_NETWORK_MONITOR -------\cmdService -------\COM+ Messages -------\core ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-12 )))))))))))))))))))))))))))))))))) 2007-05-05 13:37 <DIR> d-------- C:\Deckard 2007-05-05 13:09 21,312 --a------ C:\WINDOWS\choice.exe 2007-05-05 13:05 <DIR> d-------- C:\ie-spyad2 2007-05-05 12:57 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-05-05 12:04 <DIR> d-------- C:\Program Files\InterMute 2007-04-26 09:49 85,504 --------- C:\WINDOWS\system32\evolusbn.dll 2007-04-26 09:49 21,984 --a------ C:\WINDOWS\system32\drivers\evolusb.sys 2007-04-26 09:34 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-04-26 09:34 <DIR> d-------- C:\Program Files\SmartMusic 2007-04-26 09:33 <DIR> d-------- C:\Psfonts 2007-04-26 09:33 <DIR> d-------- C:\Program Files\Finale 2003 2007-04-26 09:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-26 09:32 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-04-26 09:31 <DIR> d-------- C:\Program Files\M-Audio Uno 2007-04-22 11:47 1,829 --a------ C:\WINDOWS\mozver.dat 2007-04-22 11:47 <DIR> d-------- C:\DOCUME~1\PSUNDL~1\APPLIC~1\Snapfish 2007-04-18 10:35 <DIR> d-------- C:\Program Files\iTunes 2007-04-18 10:35 <DIR> d-------- C:\Program Files\iPod 2007-04-18 10:27 <DIR> d-------- C:\DOCUME~1\PSUNDL~1\APPLIC~1\iCloner 2007-04-18 09:49 <DIR> d-------- C:\DOCUME~1\PSUNDL~1\APPLIC~1\CopyTrans (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-12 16:32:28 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-00000001-00001102-00000004-20041102}.dat 2007-05-12 16:32:28 384 ----a-w C:\WINDOWS\system32\DVCState-{00000003-00000000-00000001-00001102-00000004-20041102}.dat 2007-05-05 18:20:39 -------- d-----w C:\Program Files\Common Files\AOL 2007-05-05 17:45:05 -------- d-----w C:\Program Files\Common Files\aolshare 2007-04-26 14:32:16 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-04-18 15:34:28 -------- d-----w C:\Program Files\QuickTime 2007-04-18 15:33:11 -------- d-----w C:\Program Files\Apple Software Update 2007-03-23 03:56:41 2 ----a-w C:\WINDOWS\system32\wnstssv32.exe 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-10 20:02:33 -------- d-----w C:\Program Files\Quicken 2007-03-10 20:02:24 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Intuit 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SetDefaultMidi"="MIDIDEF.EXE" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^acrobat assistant.lnk C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\AcroTray.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe gamma loader.exe.lnk C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^america online 9.0 tray icon.lnk C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^d-link reg utility.lnk C:\PROGRA~1\DWL-G5~1\Reg.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^dwl-g520m wireless 108g mimo pci adapter utility.lnk C:\PROGRA~1\DWL-G5~1\AIRPLUS.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^exif launcher.lnk C:\PROGRA~1\FINEPI~1\QuickDCF.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^pinnacle pctv scheduler.lnk C:\PROGRA~1\Pinnacle\SHARED~1\Programs\PCLESC~1.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^smartui.lnk C:\PROGRA~1\Scansoft\PAPERP~1\SmartUI\SmartUI.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atimodechange Ati2mdxx.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atipta C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa} "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cjzjyb C:\WINDOWS\system32\s?mbols\c?rss.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cthelper CTHELPER.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostmanager C:\Program Files\Common Files\AOL\1157917618\ee\AOLSoftware.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\indexsearch C:\Program Files\Scansoft\PaperPort\IndexSearch.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iphsend C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipwins C:\Program Files\Ipwindows\ipwins.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper "C:\Program Files\iTunes\iTunesHelper.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ltho "C:\PROGRA~1\COMMON~1\MANTEC~1\mshta.exe" -vt yazb HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mrmq C:\PROGRA~1\COMMON~1\mrmq\mrmqm.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs "C:\Program Files\Messenger\MSMSGS.EXE" /background HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\paperport ptd C:\Program Files\Scansoft\PaperPort\pptd40nt.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pctvremote C:\Program Files\Pinnacle\Pinnacle PCTV Deluxe\Remote\Remoterm.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pinnacledrivercheck C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pronomgr.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task "C:\Program Files\QuickTime\qttask.exe" -atboottime HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realtray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regshave C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\remotecontrol "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setdefprt C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\storageguard "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{5047de6a-0c77-1033-0421-040305220001} "C:\Program Files\Common Files\{5047DE6A-0C77-1033-0421-040305220001}\Update.exe" te-110-12-0000245 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{5047de6a-0c78-1033-0421-040305220001} "C:\Program Files\Common Files\{5047DE6A-0C78-1033-0421-040305220001}\Update.exe" te-110-12-0000245 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HTTPFilter HTTPFilter\0\0 DcomLaunch DcomLaunch\0TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-12 11:44:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-12 11:44:52 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-12 11:44 |
|
|
|
|
05-12-2007, 11:02 AM
|
#4 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 9
OS: xp home sp2
|
Re: Pop ups - zedo.com outerinfo.com
Here is most recent hijackthis log after executing your instructions from your first reply - Also you asked why I do not run virus protection - no good reason. it used to be because i felt it interfered with the home network. now i don't know. any recommendations? A neighbor who is a computer tech recommends Symantec AV Corporate edition. Anyway, thank you for your help and here is the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:55:47 AM, on 5/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\BRMFRSMG.EXE C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://sitecontrol.hostway.com/pas/...s/Login.render R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158529351750 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 5690 bytes |
|
|
|
|
05-12-2007, 11:09 AM
|
#5 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 9
OS: xp home sp2
|
Re: Pop ups - zedo.com outerinfo.com
PS (sorry) -
I noticed in my programs tab that there is an Outerinfo>uninstall option. I am guessing that was installed when i went to outerinfo.com and attempted to opt out. Maybe that was put on my machine and I did not notice or was not told that I needed to go to this place to finish the uninstall process. I will await your further instructions before doing so. As an aside (if such things are tolerated) read Dilbert today and yesterday for Dogbert as a malicious techsupport guy. must be tempting in some instances for you. Do be gentle with me however. |
|
|
|
|
05-13-2007, 02:47 AM
|
#6 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,345
OS: xp
|
Re: Pop ups - zedo.com outerinfo.com
If you start the uninstall of Outerinfo (In addremove programs)
windows should offer to remove it from the list since it is not on your pc now. Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file. Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop. Code:
REGEDIT4
;
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cjzjyb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipwins]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ltho]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mrmq]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{5047de6a-0c77-1033-0421-040305220001}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{5047de6a-0c78-1033-0421-040305220001}]
;
Submit this file here and let me know whats found C:\WINDOWS\system32\wnstssv32.exe http://www.virustotal.com/flash/index_en.html ~~~~~~~~~~~~~~~~ I recommend almost anything besides norton or mcaffee, they are to common. Install atleast a free anti virus and firewall program Dont make the common mistake of installing more than one anti virus or firewall AVG Anti-Virus-Free: http://www.grisoft.com/us/us_dwnl_free.php AntiVir Personal Edition: http://www.free-av.com/ avast! 4 Home - Free antivirus software : http://www.asw.cz/eng/free_virus_protectio.html http://www.activevirusshield.com/ant...eav/index.adp? Understanding and Using Firewalls: http://www.bleepingcomputer.com/foru...howtutorial=60 ZoneAlarm provide's a paid for and free version http://www.zonelabs.com/ http://www.zonelabs.com/store/conten...=en&lid=nav_za Free Firewall Software - Comodo™ Firewall: http://www.personalfirewall.comodo.com/ Outpost http://www.outpost.uk.com/download/outpost1.html ---------------------------------------------------- Your Acrobat and Java programs are out of date, update them. After you have updated them and installed/updated an antivirus program > Replace your hijackthis with the none beta version and post one more log and mention any problems at that time. http://www.merijn.org/files/HijackThis.exe Last edited by LonnyRJones : 05-13-2007 at 02:48 AM. |
|
|
|
|
05-13-2007, 11:27 AM
|
#7 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 9
OS: xp home sp2
|
Re: Pop ups - zedo.com outerinfo.com
Symantec is different from Norton correct? Regarding a firewall: I had thought that since this computer is on a network behind a router (netgear RT314) hardwall firewall, I did not need one. Not true? Windows XPpro firewall no good? I will download one of the virus protection programs you recommend. Thank you for your continued advice and assistance.
Scan result of wnstssv32.exe below. Complete scanning result of "wnstssv32.exe", received in VirusTotal at 05.13.2007, 18:38:20 (CET). Antivirus Version Update Result AhnLab-V3 2007.5.10.0 05.11.2007 no virus found AntiVir 7.4.0.15 05.12.2007 no virus found Authentium 4.93.8 05.12.2007 no virus found Avast 4.7.997.0 05.11.2007 no virus found AVG 7.5.0.467 05.13.2007 no virus found BitDefender 7.2 05.13.2007 no virus found CAT-QuickHeal 9.00 05.12.2007 no virus found ClamAV devel-20070416 05.13.2007 no virus found DrWeb 4.33 05.13.2007 no virus found eSafe 7.0.15.0 05.13.2007 Win32.Xorpix.al eTrust-Vet 30.7.3628 05.11.2007 no virus found Ewido 4.0 05.13.2007 Trojan.Small FileAdvisor 1 05.13.2007 No threat detected Fortinet 2.85.0.0 05.13.2007 no virus found F-Prot 4.3.2.48 05.12.2007 no virus found F-Secure 6.70.13030.0 05.11.2007 no virus found Ikarus T3.1.1.7 05.13.2007 no virus found Kaspersky 4.0.2.24 05.13.2007 no virus found McAfee 5029 05.11.2007 no virus found Microsoft 1.2503 05.13.2007 no virus found NOD32v2 2262 05.12.2007 no virus found Norman 5.80.02 05.11.2007 no virus found Panda 9.0.0.4 05.13.2007 no virus found Prevx1 V2 05.13.2007 Polymorphic Trojans Sophos 4.17.0 05.11.2007 no virus found Sunbelt 2.2.907.0 05.12.2007 no virus found Symantec 10 05.13.2007 no virus found TheHacker 6.1.6.114 05.12.2007 no virus found VBA32 3.12.0 05.13.2007 no virus found VirusBuster 4.3.7:9 05.13.2007 no virus found Webwasher-Gateway 6.0.1 05.13.2007 no virus found Aditional Information File size: 2 bytes MD5: 4f3dd0ffb3e41c5f74b5b0d8c1f10bb5 SHA1: e688cf7414fb701c4495010d43a4eaaaeac71768 Bit9 info: http://fileadvisor.bit9.com/services...b5b0d8c1f10bb5 Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=4f3d691635 |
|
|
|
|
05-13-2007, 01:04 PM
|
#8 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,345
OS: xp
|
Re: Pop ups - zedo.com outerinfo.com
Norton / symantec, Id still recommend differant antivirus
Yes the built in firewall and your router are sufficient Download "Suspicious File Packer" Third one on this page > http://www.safer-networking.org/en/tools/index.html To your desktop, unzip the file inside run sfp.exe copy then paste the list below into it and hit continue. C:\WINDOWS\system32\wnstssv32.exe a .cab file will have been created on your desktop attach it here Please. http://www.thespykiller.co.uk/index.php?board=1.0 |
|
|
|
