![]() |
![]() |
![]() |
|||||
![]() |
![]() |
![]() |
![]() |
![]() |
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
|
|
#1 (permalink) |
|
Registered User
|
Some pop-up problems, and DSS problem
Every once in a while while browsing, a small window will pop up saying something about porn, or viruses being on my computer and some program offering to clean it, it closes out all other windows, and when I close it, it pops up a new window with the products webpage. (Sorry I don't recall what it was.)
Panda Scan came up clean, and I can't give you a DSS report because it always gives a message saying "dss.exe has encountered a problem and needs to close. We are sorry for the inconvenience." anyway here's the HJT log, hope you can help.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:13:49 PM, on 8/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Creative\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE C:\WINDOWS\CTHELPER.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\MOZILL~2\FIREFOX.EXE C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5111 bytes |
|
|
| Sponsored Links |
|
|
#4 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,246
OS: N/A
|
Re: Some pop-up problems, and DSS problem
1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe
2. Double click on combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
|
|
|
|
|
#5 (permalink) |
|
Registered User
|
Re: Some pop-up problems, and DSS problem
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:14 PM, on 8/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Creative\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE C:\WINDOWS\CTHELPER.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Comodo\Firewall\cpf.exe C:\Program Files\Trillian\trillian.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\PROGRA~1\MOZILL~2\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4255 bytes ComboFix 07-08-14 - "Owner" 2007-08-13 14:20:50.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1469 [GMT -10:00] * Created a new restore point ((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 ))))))))))))))))))))))))))))))) 2007-08-16 23:19 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-08-16 23:19 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-08-16 23:19 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-08-16 23:19 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-08-16 23:19 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-16 23:19 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-08-16 23:18 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-08-13 14:20 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-10 07:59 <DIR> d-------- C:\Program Files\Webteh 2007-08-10 07:59 <DIR> d-------- C:\Program Files\Combined Community Codec Pack 2007-08-09 00:27 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-08-09 00:27 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-08-09 00:27 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-08-09 00:27 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-08-09 00:27 <DIR> d-------- C:\Program Files\Winamp 2007-08-08 20:55 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-08-07 23:48 <DIR> d-------- C:\Program Files\uTorrent 2007-08-07 23:48 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\uTorrent 2007-08-07 12:00 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-07 09:42 <DIR> d-------- C:\Program Files\QuickTime 2007-08-07 09:42 <DIR> d-------- C:\Program Files\Apple Software Update 2007-08-07 09:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer 2007-08-07 09:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple 2007-08-06 23:06 <DIR> d-------- C:\Deckard 2007-08-06 23:03 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-08-06 23:03 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-05 22:58 <DIR> d-------- C:\Program Files\Trillian 2007-08-04 22:35 <DIR> d-------- C:\WINDOWS\system32\appmgmt 2007-08-04 22:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-08-02 22:34 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo 2007-08-02 22:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo 2007-08-01 22:15 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Talkback 2007-08-01 22:13 <DIR> d-------- C:\Program Files\Comodo 2007-08-01 21:12 0 --a------ C:\WINDOWS\nsreg.dat 2007-08-01 21:12 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Thunderbird 2007-08-01 21:11 <DIR> d-------- C:\Program Files\Mozilla Thunderbird 2007-08-01 11:48 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2007-08-01 11:48 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-08-01 11:48 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-08-01 11:48 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-08-01 11:48 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2007-08-01 11:48 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-08-01 11:48 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-08-01 11:48 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-08-01 11:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2007-08-01 11:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-07-31 12:19 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-07-31 12:19 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-07-31 12:19 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-07-31 12:19 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-07-31 12:19 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-07-31 12:19 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-07-31 12:19 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-07-31 12:19 <DIR> d-------- C:\Program Files\Ahead 2007-07-31 12:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink 2007-07-31 12:16 <DIR> d-------- C:\Program Files\CyberLink 2007-07-31 11:46 <DIR> d-------- C:\Driver 2007-07-31 11:33 <DIR> d-------- C:\WINDOWS\system32\Defaults 2007-07-31 11:31 10,240 --a------ C:\WINDOWS\CTDCRES.DLL 2007-07-31 11:19 77,824 --------- C:\WINDOWS\system32\ctdvda32.dll 2007-07-31 10:17 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL 2007-07-31 10:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Creative 2007-07-31 10:05 42,911 --a------ C:\WINDOWS\system32\drivers\DVCam.sys 2007-07-31 10:05 <DIR> d-------- C:\WINDOWS\catroot 2007-07-31 10:05 <DIR> d-------- C:\Program Files\Texas Instruments Inc 2007-07-31 10:01 277,200 --a------ C:\WINDOWS\system32\CTAA1.DAT 2007-07-31 10:01 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll 2007-07-31 10:01 11,776 --a------ C:\WINDOWS\INRES.DLL 2007-07-30 16:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\gtopala 2007-07-30 16:15 41,984 --------- C:\WINDOWS\Ctregrun.exe 2007-07-30 16:15 <DIR> d-------- C:\Program Files\Creative 2007-07-30 13:57 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-07-27 16:22 <DIR> d-------- C:\Program Files\CCleaner 2007-07-27 15:45 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-07-27 15:45 <DIR> d-------- C:\Program Files\Alwil Software 2007-07-27 11:58 <DIR> d-------- C:\WINDOWS\system32\data 2007-07-27 11:57 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-07-27 11:56 <DIR> d-------- C:\Program Files\MSBuild 2007-07-27 11:53 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-07-27 11:53 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-07-27 11:53 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-07-27 11:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-07-27 11:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-07-27 11:52 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-07-27 11:49 <DIR> d-------- C:\WINDOWS\RegisteredPackages 2007-07-27 11:48 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-07-27 11:45 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2007-07-27 11:45 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-07-27 11:45 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-07-26 18:42 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-07-26 18:42 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-07-26 18:41 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2007-07-26 18:41 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2007-07-26 18:41 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2007-07-26 18:41 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2007-07-26 18:39 <DIR> d-------- C:\Program Files\Futuremark 2007-07-26 18:37 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-07-26 18:37 <DIR> d-------- C:\WINDOWS\nview 2007-07-26 18:34 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys 2007-07-26 18:34 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-02 10:13 2722 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin 2007-08-02 10:12 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin 2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll 2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe 2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys 2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll 2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll 2007-06-29 00:43 5690624 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll 2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll 2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll 2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll 2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll 2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll 2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll 2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll 2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll 2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll 2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll 2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll 2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll 2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll 2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe 2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll 2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe 2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll 2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll 2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43] "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "CTSysVol"="C:\Program Files\Creative\Surround Mixer\CTSysVol.exe" [2002-09-11 11:04] "CTDVDDET"="C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00] "CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-01 22:13] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-10 23:25] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 12:22] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 12:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" R0 SiRemFil;SATALink External Device Filter;C:\WINDOWS\system32\DRIVERS\SiRemFil.sys S3 COMMONFX.DLL;COMMONFX.DLL;C:\WINDOWS\system32\COMMONFX.DLL S3 CT20XUT.DLL;CT20XUT.DLL;C:\WINDOWS\system32\CT20XUT.DLL S3 CTAUDFX.DLL;CTAUDFX.DLL;C:\WINDOWS\system32\CTAUDFX.DLL S3 CTEAPSFX.DLL;CTEAPSFX.DLL;C:\WINDOWS\system32\CTEAPSFX.DLL S3 CTEDSPFX.DLL;CTEDSPFX.DLL;C:\WINDOWS\system32\CTEDSPFX.DLL S3 CTEDSPIO.DLL;CTEDSPIO.DLL;C:\WINDOWS\system32\CTEDSPIO.DLL S3 CTEDSPSY.DLL;CTEDSPSY.DLL;C:\WINDOWS\system32\CTEDSPSY.DLL S3 CTERFXFX.DLL;CTERFXFX.DLL;C:\WINDOWS\system32\CTERFXFX.DLL S3 CTEXFIFX.DLL;CTEXFIFX.DLL;C:\WINDOWS\system32\CTEXFIFX.DLL S3 CTHWIUT.DLL;CTHWIUT.DLL;C:\WINDOWS\system32\CTHWIUT.DLL S3 CTSBLFX.DLL;CTSBLFX.DLL;C:\WINDOWS\system32\CTSBLFX.DLL S3 hap17v2k;Creative P17V HAL Driver;C:\WINDOWS\system32\drivers\hap17v2k.sys S3 WINFLASH;WINFLASH;\??\C:\Driver\flash184\WinFlash.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adeb7e17-4533-11dc-8cc5-044b80808003}] AutoRun\command- F:\Launch.exe Contents of the 'Scheduled Tasks' folder 2007-08-13 18:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-13 14:21:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-13 14:22:32 --- E O F --- |
|
|
|
|
#6 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,246
OS: N/A
|
Re: Some pop-up problems, and DSS problem
Log appears clean but let's do a perfunctory scan
Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400 Answer Yes, when prompted to install an ActiveX component.
__________________
|
|
|
|
|
#7 (permalink) |
|
Registered User
|
Re: Some pop-up problems, and DSS problem
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT Tuesday, August 14, 2007 10:46:34 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 14/08/2007 Kaspersky Anti-Virus database records: 379854 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 28860 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 00:19:12 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7zn8733e.default\cert8.db Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7zn8733e.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7zn8733e.default\history.dat Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7zn8733e.default\key3.db Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7zn8733e.default\parent.lock Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7zn8733e.default\search.sqlite Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7zn8733e.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\i8tt4pax.default\abook.mab Object is locked skipped C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\i8tt4pax.default\cert8.db Object is locked skipped C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\i8tt4pax.default\key3.db Object is locked skipped C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\i8tt4pax.default\Mail\Local Folders\Inbox.msf Object is locked skipped C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\i8tt4pax.default\panacea.dat Object is locked skipped C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\i8tt4pax.default\parent.lock Object is locked skipped C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\i8tt4pax.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\7zn8733e.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\7zn8733e.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\7zn8733e.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\7zn8733e.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007081320070814\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DFAF30.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{40B04145-D24D-43EC-B7EE-477105610B22}\RP67\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_5ec.dat Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.CDF Object is locked skipped Scan process completed. |
|
|
|
|
#8 (permalink) | ||
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,246
OS: N/A
|
Re: Some pop-up problems, and DSS problem
Quote:
Quote:
__________________
|
||
|
|
|
|
#10 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,246
OS: N/A
|
Re: Some pop-up problems, and DSS problem
Those files are being used by the Operating System or some other program. They're being actively written to. That's why they're locked & inaccessible to any scanner.
If you have doubts, try doing this little experiment ... Try opening this file - C:\WINDOWS\system32\config\system See if Windows allow you access.
__________________
|
|
|
|
|
#11 (permalink) | |
|
Registered User
|
Re: Some pop-up problems, and DSS problem
Quote:
|
|
|
|
| Thread Tools | |
|
|