Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Help, Popups! Tried Everything!
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 06-03-2007, 10:26 AM   #1 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: Win XP


Help, Popups! Tried Everything!
Hi, everytime i open my internet explorer i get constant random popups! Based on what i've read from other threads, I've already done an AVG antispyware scan in safe mode, i've performed the SmitfraudFix scan options 1 and 2, and 3, and i have performed the online panda scan (which by the way found and deleted 3 viruses in the Smitfraud program). Although these steps have sped up my pc, which was very slow, i still get random popups in internet explorer, and in the privacy tab for my internet explorer options, the cookie blocker is always on its own taken down to the lowest safety level "accept all cookies." I think the only thing left is to check my hijackthis log, i would be EXTREMELY thankful for any help... as i've lost a lot of sleep over this issue.


("O20 - Winlogon Notify: tuvvvww - tuvvvww.dll (file missing)" was a dangerous spyware so thats one of the ones i'll have to check off and remove right? And do all the "file missing" have to be removed?)
Here is my curret Hijackthis log:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:56:47 AM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\arservice.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Kazik\Film\AVG Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Kazik\Film\AVG Anti-Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\108Mbps Wireless LAN Adapter\WLANPRO.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: PsapiAnalyzer Object - {320F26E1-8F10-4143-B433-B2DB14896D1F} - c:\windows\web\dbpc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D5DBA41-7041-4782-A4D3-1A438249ABEF} - C:\WINDOWS\system32\jkhfd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: (no name) - {B71FA585-B351-4E48-8DA8-22F6F705EC73} - C:\WINDOWS\system32\tuvvvww.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\qjpyqadq.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ATIMACE] C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\mjauxngc.dll",realset
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Kazik\Film\AVG Anti-Spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaunchList] C:\Kazik\Film\Pinnacle Studio 11\Instaled\LaunchList2.exe
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = C:\Program Files\108Mbps Wireless LAN Adapter\WLANPRO.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Reg.lnk = C:\Program Files\108Mbps Wireless LAN Adapter\Reg.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135556684984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1135883272667
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://timeentry.advancedutility.com...ivexviewer.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/v...ex/ieatgpc.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - Winlogon Notify: dbpc - c:\windows\web\dbpc.dll
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll
O20 - Winlogon Notify: tuvvvww - tuvvvww.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Kazik\Film\AVG Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
canada33 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 06-03-2007, 12:59 PM   #2 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: Win XP


Help, Popups! Tried Everything!
Sorry, i just realized you probably prefer HijackThis v1.99.1, so here is my current hijackthis log done by version 1.99.1 :

Logfile of HijackThis v1.99.1
Scan saved at 2:53:32 PM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Kazik\Film\AVG Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Kazik\Film\AVG Anti-Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\108Mbps Wireless LAN Adapter\WLANPRO.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Kazik\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: PsapiAnalyzer Object - {320F26E1-8F10-4143-B433-B2DB14896D1F} - c:\windows\web\dbpc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D5DBA41-7041-4782-A4D3-1A438249ABEF} - C:\WINDOWS\system32\jkhfd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: (no name) - {B71FA585-B351-4E48-8DA8-22F6F705EC73} - C:\WINDOWS\system32\tuvvvww.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\qjpyqadq.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ATIMACE] C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\mjauxngc.dll",realset
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Kazik\Film\AVG Anti-Spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaunchList] C:\Kazik\Film\Pinnacle Studio 11\Instaled\LaunchList2.exe
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = C:\Program Files\108Mbps Wireless LAN Adapter\WLANPRO.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Reg.lnk = C:\Program Files\108Mbps Wireless LAN Adapter\Reg.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135556684984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1135883272667
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://timeentry.advancedutility.com...ivexviewer.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/v...ex/ieatgpc.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dbpc - c:\windows\web\dbpc.dll
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: tuvvvww - tuvvvww.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Kazik\Film\AVG Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
canada33 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-03-2007, 08:26 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,914
OS: WinXP and Vista


Re: Help, Popups! Tried Everything!
Hello canada33 and welcome to TSF,

Thank you--yes, we do prefer HijackThis 1.99.1 as the Beta version is is still under development.

While your symptoms may improve after this first round, there will be more to do, so please stay with me and post any requested logs.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you which I will need in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-03-2007, 09:49 PM   #4 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: Win XP


Re: Help, Popups! Tried Everything!
Thank you Ried for your quick response!! It is much appreciated!!

I have performed the ComboFix action and here is the log:

"HP_Administrator" - 2007-06-03 23:12:17 Service Pack 2 NTFS
ComboFix 07-06-3 - Running from: "C:\Documents and Settings\HP_Administrator\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\qjpyqadq.dll
C:\WINDOWS\system32\rqrrqrs.dll
C:\WINDOWS\system32\osipnrlx.exe
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\bdeeg.tmp
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\bdeeg.tmp
C:\WINDOWS\Web\dbpc.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\Web\ntp2.ini


((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 )))))))))))))))))))))))))))))))


2007-06-03 00:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-02 17:31 6,486 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-01 20:27 8,224 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-06-01 19:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-01 15:04 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-06-01 14:23 <DIR> d-------- C:\VundoFix Backups
2007-06-01 11:50 131,124 --a------ C:\WINDOWS\system32\mjauxngc.dll
2007-06-01 11:49 263,220 --ahs---- C:\WINDOWS\system32\jkhfd.dll
2007-05-31 21:09 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-05-31 09:38 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2007-05-31 09:37 171,520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2007-05-31 09:35 <DIR> d-------- C:\Program Files\Pinnacle
2007-05-31 09:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio
2007-05-31 09:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
2007-05-29 17:11 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-05-29 17:11 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-29 11:48 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
2007-05-29 00:34 87,608 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\inst.exe
2007-05-29 00:34 <DIR> d-------- C:\Program Files\vso
2007-05-29 00:14 87,608 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\ezpinst.exe
2007-05-29 00:14 47,360 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\pcouffin.sys
2007-05-29 00:14 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Vso
2007-05-28 22:58 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\DivX
2007-05-28 22:02 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ashampoo
2007-05-28 21:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ashampoo
2007-05-28 16:42 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ulead Systems
2007-05-28 16:38 <DIR> d-------- C:\Program Files\Windows Media Components
2007-05-28 16:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
2007-05-28 14:49 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-05-27 15:45 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ahead
2007-05-27 15:41 <DIR> d-------- C:\Program Files\Nero
2007-05-27 15:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-05-27 00:52 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Media Player Classic
2007-05-09 03:14 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-03 19:54:37 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-03 09:38:46 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-06-03 09:33:38 -------- d-----w C:\Program Files\QuickTime
2007-06-03 09:30:42 -------- d-----w C:\Program Files\Norton Internet Security
2007-06-03 09:15:47 -------- d-----w C:\Program Files\iTunes
2007-06-03 09:11:19 -------- d-----w C:\Program Files\Google
2007-06-03 09:04:53 -------- d---a-w C:\Program Files\Common Files\LightScribe
2007-06-03 04:58:48 -------- d-----w C:\Program Files\108Mbps Wireless LAN Adapter
2007-06-02 02:20:48 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-31 13:42:37 189 ----a-w C:\AUTOEXEC.BAT
2007-05-29 21:45:30 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-29 02:55:05 -------- d-----w C:\Program Files\DivX
2007-05-28 20:39:47 -------- d-----w C:\Program Files\Common Files\InterVideo
2007-05-19 18:51:22 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-29 22:52:56 -------- d-----w C:\Program Files\Common Files\Elecard
2007-04-21 00:04:43 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2007-04-18 16:14:43 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-14 22:20:58 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Talkative IRC
2007-04-01 16:02:03 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-06 15:58:38 210,456 ----a-w C:\WINDOWS\system32\IVIresizeW7.dll
2007-03-06 15:58:36 194,072 ----a-w C:\WINDOWS\system32\IVIresizePX.dll
2007-03-06 15:58:34 198,168 ----a-w C:\WINDOWS\system32\IVIresizeP6.dll
2007-03-06 15:58:32 198,168 ----a-w C:\WINDOWS\system32\IVIresizeM6.dll
2007-03-06 15:58:30 206,360 ----a-w C:\WINDOWS\system32\IVIresizeA6.dll
2007-03-06 15:58:26 26,136 ----a-w C:\WINDOWS\system32\IVIresize.dll
2006-10-28 23:51:22 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-09-06 01:18]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 05:33]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{9D5DBA41-7041-4782-A4D3-1A438249ABEF}=C:\WINDOWS\system32\jkhfd.dll [2007-06-01 11:49]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar6.dll [2007-01-20 00:55]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 18:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 C:\WINDOWS\arpwrmsg.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 02:35]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 01:34]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 09:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
"@"="" []
"ATIMACE"="C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe" [2006-02-21 22:27]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\ALCMTR.EXE]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 00:21]
"PdxRegCl"="C:\Program Files\Paradox\Programs\PdxRegCl.exe" [2004-06-14 16:57]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-09 15:52]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 13:27]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 13:28]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-12-22 13:31]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 21:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"!AVG Anti-Spyware"="C:\Kazik\Film\AVG Anti-Spyware\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 08:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-06-03 18:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 19:54]
"LaunchList"="C:\Kazik\Film\Pinnacle Studio 11\Instaled\LaunchList2.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Kazik\Film\AVG Anti-Spyware\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedb]
C:\WINDOWS\system32\geedb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfd]
C:\WINDOWS\system32\jkhfd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvvww]
tuvvvww.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23a2bd6e-5412-11db-b496-0040f4a02793}]
AutoRun\command- K:\wd_windows_tools\setup.exe

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-06-02 00:17:03 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-03 23:27:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-03 23:33:07 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-03 23:32

--- E O F ---
canada33 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-03-2007, 10:27 PM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,914
OS: WinXP and Vista


Re: Help, Popups! Tried Everything!
You're welcome,

Once again, please copy these instructions to Notepad and save to your desktop for reference.

********************************************************

Before fixing anything, please download the Suspicious File Packer --> http://www.safer-networking.org/files/sfp.zip

Unzip it to the desktop and run it.
Run sfp.exe and paste the following list of filepaths into the Suspicious File Packer window:


C:\WINDOWS\system32\mjauxngc.dll
C:\WINDOWS\system32\jkhfd.dll


Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site --> http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.

-------------------------------------------------------------------

Close any open browsers.

-------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::
C:\WINDOWS\system32\mjauxngc.dll
C:\WINDOWS\system32\jkhfd.dll

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\9D5DBA41-7041-4782-A4D3-1A438249ABEF]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"=-
"Alcmtr"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedb]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfd]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvvww]
Save this as ComboFix-Do.txt, in the same location as ComboFix.exe




Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe

Follow the prompts.

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Panda results
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-04-2007, 08:14 AM   #6 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: Win XP


Re: Help, Popups! Tried Everything!
Thanks Ried, you seem to have golden hands, the pc is looking much better! It has clearly sped up, and i have yet to see a random pop-up in IE. Am i to assume its fixed? The Panda online scan did however find some spyware and potentially hacking stuff. Here are the logs as requested:

Here is the ComboFix log:

"HP_Administrator" - 2007-06-04 0:41:39 Service Pack 2 NTFS
Command switches used :: ""C:\Documents and Settings\HP_Administrator\Desktop\ComboFix-Do.txt""


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\VundoFix Backups
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\mjauxngc.dll


((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 )))))))))))))))))))))))))))))))


2007-06-03 23:33 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-03 00:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-02 17:31 6,486 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-01 20:27 8,224 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-06-01 19:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-01 15:04 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-05-31 21:09 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-05-31 09:38 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2007-05-31 09:37 171,520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2007-05-31 09:35 <DIR> d-------- C:\Program Files\Pinnacle
2007-05-31 09:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio
2007-05-31 09:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
2007-05-29 17:11 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-05-29 17:11 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-29 11:48 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
2007-05-29 00:34 87,608 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\inst.exe
2007-05-29 00:34 <DIR> d-------- C:\Program Files\vso
2007-05-29 00:14 87,608 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\ezpinst.exe
2007-05-29 00:14 47,360 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\pcouffin.sys
2007-05-29 00:14 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Vso
2007-05-28 22:58 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\DivX
2007-05-28 22:02 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ashampoo
2007-05-28 21:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ashampoo
2007-05-28 16:42 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ulead Systems
2007-05-28 16:38 <DIR> d-------- C:\Program Files\Windows Media Components
2007-05-28 16:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
2007-05-28 14:49 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-05-27 15:45 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ahead
2007-05-27 15:41 <DIR> d-------- C:\Program Files\Nero
2007-05-27 15:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-05-27 00:52 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Media Player Classic
2007-05-09 03:14 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-03 19:54:37 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-03 09:38:46 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-06-03 09:33:38 -------- d-----w C:\Program Files\QuickTime
2007-06-03 09:30:42 -------- d-----w C:\Program Files\Norton Internet Security
2007-06-03 09:15:47 -------- d-----w C:\Program Files\iTunes
2007-06-03 09:11:19 -------- d-----w C:\Program Files\Google
2007-06-03 09:04:53 -------- d---a-w C:\Program Files\Common Files\LightScribe
2007-06-03 04:58:48 -------- d-----w C:\Program Files\108Mbps Wireless LAN Adapter
2007-06-02 02:20:48 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-31 13:42:37 189 ----a-w C:\AUTOEXEC.BAT
2007-05-29 21:45:30 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-29 02:55:05 -------- d-----w C:\Program Files\DivX
2007-05-28 20:39:47 -------- d-----w C:\Program Files\Common Files\InterVideo
2007-05-19 18:51:22 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-29 22:52:56 -------- d-----w C:\Program Files\Common Files\Elecard
2007-04-21 00:04:43 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2007-04-18 16:14:43 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-14 22:20:58 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Talkative IRC
2007-04-01 16:02:03 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-06 15:58:38 210,456 ----a-w C:\WINDOWS\system32\IVIresizeW7.dll
2007-03-06 15:58:36 194,072 ----a-w C:\WINDOWS\system32\IVIresizePX.dll
2007-03-06 15:58:34 198,168 ----a-w C:\WINDOWS\system32\IVIresizeP6.dll
2007-03-06 15:58:32 198,168 ----a-w C:\WINDOWS\system32\IVIresizeM6.dll
2007-03-06 15:58:30 206,360 ----a-w C:\WINDOWS\system32\IVIresizeA6.dll
2007-03-06 15:58:26 26,136 ----a-w C:\WINDOWS\system32\IVIresize.dll
2006-10-28 23:51:22 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-09-06 01:18]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 05:33]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{9D5DBA41-7041-4782-A4D3-1A438249ABEF}=C:\WINDOWS\system32\jkhfd.dll []
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar6.dll [2007-01-20 00:55]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 18:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 C:\WINDOWS\arpwrmsg.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 02:35]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 01:34]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 09:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
"@"="" []
"ATIMACE"="C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe" [2006-02-21 22:27]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 C:\WINDOWS\RTHDCPL.EXE]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 00:21]
"PdxRegCl"="C:\Program Files\Paradox\Programs\PdxRegCl.exe" [2004-06-14 16:57]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-09 15:52]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 13:27]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 13:28]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-12-22 13:31]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 21:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"!AVG Anti-Spyware"="C:\Kazik\Film\AVG Anti-Spyware\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 08:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-06-03 18:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 19:54]
"LaunchList"="C:\Kazik\Film\Pinnacle Studio 11\Instaled\LaunchList2.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Kazik\Film\AVG Anti-Spyware\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23a2bd6e-5412-11db-b496-0040f4a02793}]
AutoRun\command- K:\wd_windows_tools\setup.exe

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-06-02 00:17:03 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-04 00:49:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-04 0:50:14
C:\ComboFix-quarantined-files.txt ... 2007-06-04 00:50
C:\ComboFix2.txt ... 2007-06-03 23:33

--- E O F ---



And here is the Panda Scan Report:


Incident Status Location

Spyware:spyware/web3000 Not disinfected c:\windows\hh.ico
Adware:adware/statblaster Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.filefront[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@club.cdfreaks[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@did-it[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mbe[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.fastclick[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@perf.overture[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@terra.com[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@winantivirus[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.winantiviruspro[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
canada33 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-04-2007, 08:09 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,914
OS: WinXP and Vista


Re: Help, Popups! Tried Everything!
Yes, we're just about through here.


Using 'My Computer', navigate to and delete the following File

c:\windows\ hh.ico

--------------------------------------------------------------------

Clear your Internet Explorer7 cookies.

* Click on the Start button, then >Control Panel>Internet Options>General tab
* Under Browsing History, click on Delete.
* In the Delete Browsing History box that opens, click on Delete cookies

**I'll have instructions for IESpyAd below, which will help thwart these undesirable cookies in the future.

--------------------------------------------------------------------

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Ensure Windows Auto Update is Enabled
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
  • Now navigate to C:\ie-spyad. Double click to open it.
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list, by typing 2
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Please respond one more time to confirm this thread as resolved.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-05-2007, 10:01 AM   #8 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: Win XP


Re: Help, Popups! Tried Everything!
Thank you Ried! Your help is extremely appreciated and i sincerely wish you all the best in life! I just have one last quick question. When i minimize a window, the minimized tab does not appear in the blue bar at the bottom of my windows, it just disappears, and i have to use Alt+Tab to re-open minimized windows. This is the way its been for a long time now, and im sure its not a spyware or virus, but i just don't know what i did or how to get the minimized windows or programs to be visible in the bottom bar. The startup shortcuts do however appear down there as always (on the left and right sides). Any suggestions?

I would once again like to thank you for all of your help!
canada33 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-05-2007, 08:30 PM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,914
OS: WinXP and Vista


Re: Help, Popups! Tried Everything!
You're quite welcome, and thank you for the kind words.

Download http://www.kellys-korner-xp.com/regs...top_fixall.vbs and save it to your desktop. Double click to run it.

Please let me know if that worked for you.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-05-2007, 10:05 PM   #10 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: Win XP


Re: Help, Popups! Tried Everything!
Yup! It worked perfectly! No more Alt+Tab for me! Thanks again Ried for everything!!!
canada33 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-05-2007, 10:53 PM   #11 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,914
OS: WinXP and Vista


Re: Help, Popups! Tried Everything!



Take care, and best regards, canada33.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:09 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85