|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
07-19-2009, 03:58 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2009
Posts: 2
OS: Windows Vista
|
Help
Hello
I was having trouble with a pop-up that wouldn't stop showing up no matter what I did. So I was told to download and run Combofix and that would solve my problem. So far I haven't seen the pop-up anymore but they said that I need to have someone read my log to let me know what to do next. --------------------------------------------------------------------------------------------------------------------------------- ComboFix 09-07-14.08 - C-Money 07/19/2009 3:59.1.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.447.154 [GMT -5:00] Running from: c:\users\C-Money\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500 D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 ))))))))))))))))))))))))))))))) . 2009-07-16 18:10 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-07-16 18:10 . 2009-04-03 16:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-07-16 18:10 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-07-16 18:10 . 2009-07-16 18:17 -------- d-----w- c:\program files\Common Files\PC Tools 2009-07-16 18:10 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-07-16 18:09 . 2009-07-18 07:48 -------- d-----w- c:\program files\Spyware Doctor 2009-07-16 18:09 . 2009-07-16 18:09 -------- d-----w- c:\users\C-Money\AppData\Roaming\PC Tools 2009-07-16 18:09 . 2009-07-16 18:09 -------- d-----w- c:\programdata\PC Tools 2009-07-16 18:09 . 2004-08-04 13:00 506368 ----a-w- c:\windows\system32\msxml.dll 2009-07-15 20:36 . 2009-07-17 06:54 -------- d-----w- c:\programdata\18787554 2009-07-15 17:31 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-07-15 17:31 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-07-15 17:31 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-07-15 17:31 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-07-14 08:20 . 2009-07-14 08:20 -------- d-----w- c:\users\C-Money\AppData\Local\Apps 2009-07-14 08:20 . 2009-07-14 08:21 -------- d-----w- c:\users\C-Money\AppData\Local\Deployment 2009-07-14 08:19 . 2009-07-14 08:19 -------- d-----w- c:\program files\Microsoft Synchronization Services 2009-07-11 02:53 . 2009-07-11 02:53 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-07-11 02:51 . 2009-07-11 02:52 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-07-11 02:51 . 2009-07-11 02:54 -------- d-----w- c:\program files\DivX 2009-07-04 16:53 . 2009-07-04 16:53 -------- d-----w- c:\program files\ConvertHelper 2009-07-04 15:32 . 2009-07-13 06:24 -------- d-----w- c:\users\C-Money\dwhelper 2009-07-01 12:54 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll 2009-07-01 12:54 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-07-01 12:54 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll 2009-07-01 12:54 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe 2009-07-01 12:54 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2009-07-01 12:54 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2009-07-01 12:54 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe 2009-07-01 12:30 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll 2009-07-01 12:30 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll 2009-07-01 12:30 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll 2009-07-01 12:29 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll 2009-07-01 12:28 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll 2009-06-23 22:27 . 2009-06-23 22:27 -------- d-----w- c:\users\C-Money\AppData\Local\Opera 2009-06-23 22:26 . 2009-06-23 22:27 -------- d-----w- c:\program files\Opera . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-18 18:34 . 2008-10-05 00:11 -------- d-----w- c:\users\C-Money\AppData\Roaming\LimeWire 2009-07-16 18:55 . 2008-10-01 14:49 97848 ----a-w- c:\users\C-Money\AppData\Local\GDIPFONTCACHEV1.DAT 2009-07-16 18:00 . 2009-05-14 03:17 -------- d-----w- c:\programdata\Microsoft Help 2009-07-16 08:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-14 08:19 . 2008-11-27 19:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-07-07 23:18 . 2009-07-07 23:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-05-23 22:55 . 2008-10-30 02:27 -------- d-----w- c:\users\C-Money\AppData\Roaming\Ventrilo 2009-05-23 03:21 . 2009-05-23 03:21 -------- d-----w- c:\program files\Ventrilo 2009-05-23 03:18 . 2009-05-23 03:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-24 16:05 . 2009-06-10 00:20 827904 ----a-w- c:\windows\system32\wininet.dll 2009-04-24 16:02 . 2009-06-10 00:20 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-24 13:44 . 2009-06-10 00:20 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-04-23 12:43 . 2009-06-10 00:20 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:42 . 2009-06-10 00:20 636928 ----a-w- c:\windows\system32\localspl.dll 2009-04-21 11:55 . 2009-06-10 00:20 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-19 192000] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13580832] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 92704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{FCF7AE31-CABA-4146-9117-76531B4113DB}c:\\windows.old.000\\program files\\limewire\\limewire.exe"= UDP:c:\windows.old.000\program files\limewire\limewire.exe:LimeWire "UDP Query User{7E2DC88D-D45B-442F-B1FD-396CB9DB8FA6}c:\\windows.old.000\\program files\\limewire\\limewire.exe"= TCP:c:\windows.old.000\program files\limewire\limewire.exe:LimeWire "{FF08FC86-B645-46A6-8D7B-63D7E6FA2E63}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{634F3A05-C8C4-4978-9508-01AB6794CFE0}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{EAEC561E-657B-4CDB-A1AB-36075CC7AB31}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{8A9ED2FF-1228-4201-B4A5-4369083F4C32}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe "{38EE1ED2-FC04-4A63-A9CE-E2D28F1041CF}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe "TCP Query User{AB2C5975-1568-4C05-B0F1-6F45366B6253}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{41404130-60AE-4FC3-838E-9747B6C24520}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DoNotAllowExceptions"= 0 (0x0) R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [7/16/2009 1:10 PM 130936] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/16/2009 1:10 PM 348752] R3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\System32\drivers\uts_bus.sys [10/1/2008 9:54 AM 84352] R3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\System32\drivers\uts_mdfl.sys [10/1/2008 9:54 AM 14976] R3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\System32\drivers\uts_mdm.sys [10/1/2008 9:54 AM 110848] R3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\System32\drivers\uts_serd.sys [10/1/2008 9:54 AM 90880] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [3/25/2009 11:27 PM 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . - - - - ORPHANS REMOVED - - - - HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe . ------- Supplementary Scan ------- . FF - ProfilePath - c:\users\C-Money\AppData\Roaming\Mozilla\Firefox\Profiles\9h4gwy7y.default\ FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\windows.old.000\Program Files\Mozilla Firefox\plugins\npmusicn.dll ---- FIREFOX POLICIES ---- FF - user.js: google.toolbar.linkdoctor.enabled - false c:\windows.old.000\Program Files\Mozilla Firefox\defaults\pref\jaman.js - pref("network.protocol-handler.warn-external.jaman", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-19 04:14 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(704) c:\program files\Spyware Doctor\pctgmhk.dll c:\windows\system32\msi.dll . Completion time: 2009-07-19 4:31 ComboFix-quarantined-files.txt 2009-07-19 09:31 Pre-Run: 19,169,550,336 bytes free Post-Run: 19,867,865,088 bytes free 186 --- E O F --- 2009-07-17 04:10 |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
| Thread Tools | |
|
|
