|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-11-2007, 11:26 AM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 13
OS: xp;;''
|
Im getting popups beleave im infected
Hello
My hp pavilion windows xp computer is infected with malware and i get pops every 5-10 mins and i dont know how to stop them.I have a firewall and virus/spyware scanners up to date so i dont know how i got this.I have already download hijackthis but i dont know what to delete.. so anything will help and i posted my hijackthis report if it helps anything Logfile of HijackThis v1.99.1 Scan saved at 10:25:49 AM, on 8/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe C:\PROGRA~1\IOGEAR\BLUETO~1\BTSTAC~1.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do?site=pogop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Storeobj] C:\DOCUME~1\HP_ADM~1\APPLIC~1\PHONEM~1\filemapisend.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-11-2007, 01:47 PM
|
#2 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,355
OS: N/A
|
Re: Im getting popups beleave im infected
1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe
2. Double click on combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stal
__________________
Question - what have you done for the community today? |
|
|
|
|
08-11-2007, 02:33 PM
|
#3 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 13
OS: xp;;''
|
Re: Im getting popups beleave im infected
here is the combofix log
ComboFix 07-08-12 - "HP_Administrator" 2007-08-11 13:25:30.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1464 [GMT -7:00] * Created a new restore point ((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 ))))))))))))))))))))))))))))))) 2007-08-11 12:10 <DIR> d-------- C:\Program Files\uTorrent 2007-08-11 11:23 106 --a------ C:\delete.bat 2007-08-11 11:18 <DIR> d-------- C:\NoLopBackups 2007-08-11 03:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-11 03:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-08-11 03:28 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\.SunDownloadManager 2007-08-11 02:44 262,144 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-11 02:38 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-11 02:17 241 --a------ C:\WINDOWS\system32\SR.vbs 2007-08-11 02:08 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-11 01:50 <DIR> d-------- C:\cBFU 2007-08-11 01:13 <DIR> d-------- C:\Program Files\Lavasoft 2007-08-11 01:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-11 01:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-10 23:16 <DIR> d-------- C:\Program Files\Phone Memo 2007-08-10 23:16 <DIR> d-------- C:\Program Files\Get-Torrent 2007-08-10 23:16 <DIR> d-------- C:\My Downloads 2007-08-10 23:16 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Phone Memo 2007-08-10 23:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\That Amen Second Book 2007-08-10 23:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web 2007-08-09 20:17 1,916,928 --------- C:\WINDOWS\UNNVEContent.exe 2007-08-09 14:54 <DIR> d-------- C:\Program Files\Video Joiner 2007-08-09 14:14 909,312 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-08-09 14:14 40,960 --a------ C:\WINDOWS\system32\FXDV1to2.dll 2007-08-09 14:14 36,864 --a------ C:\WINDOWS\system32\ogg.dll 2007-08-09 14:14 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe 2007-08-09 14:14 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-08-09 14:14 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll 2007-08-09 14:14 1,060,864 --a------ C:\WINDOWS\system32\vorbis.dll 2007-08-09 14:13 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2007-08-09 14:13 <DIR> d-------- C:\Program Files\Fx Joiner 2007-08-08 22:08 <DIR> d-------- C:\Program Files\PeerGuardian2 2007-08-08 18:19 <DIR> d-------- C:\Program Files\Common Files\InterVideo 2007-08-08 18:14 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-08-07 16:38 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Nero 2007-08-04 21:48 1,376,256 --a------ C:\WINDOWS\system32\I2E_CINT.dll 2007-08-04 21:48 <DIR> d-------- C:\Program Files\Colour-Science i2e Photoshop plugin 2007-08-01 20:56 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Pogo Games 2007-07-31 14:17 <DIR> d-------- C:\Program Files\PokerRoom.com 2007-07-27 23:34 <DIR> d-------- C:\Program Files\AoA Audio Extractor 2007-07-27 19:42 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\???????sAppData 2007-07-26 16:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-07-26 16:06 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-26 16:06 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-26 16:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-07-26 16:06 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-26 16:03 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-07-26 16:03 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-07-26 16:03 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-07-26 16:03 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-07-26 16:03 740,442 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-26 16:03 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-07-26 16:03 57,344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-07-26 16:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-07-26 16:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-07-26 16:03 294,912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-07-26 16:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-07-26 16:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-07-26 16:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-25 13:13 <DIR> d-------- C:\Program Files\Xvideo 2007-07-22 22:28 <DIR> d-------- C:\Program Files\InterActual 2007-07-21 22:41 16 --ahs---- C:\WINDOWS\mpgncojb.sys 2007-07-21 22:35 <DIR> d-------- C:\Program Files\Common Files\Colasoft Shared 2007-07-21 22:35 <DIR> d-------- C:\Program Files\Colasoft Ping Tool 1.1 2007-07-21 21:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-07-18 23:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData 2007-07-17 21:39 87,608 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\inst.exe 2007-07-17 21:39 <DIR> d-------- C:\Program Files\DVDFab Platinum 3 2007-07-15 00:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2007-07-12 03:10 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\EFIT 2007-07-12 03:08 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys 2007-07-12 03:06 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll 2007-07-12 03:06 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys 2007-07-12 03:06 383 --a------ C:\WINDOWS\system32\haspdos.sys 2007-07-12 03:06 3,063,808 --a------ C:\WINDOWS\system32\hinstd.dll 2007-07-12 03:06 24,576 --a------ C:\WINDOWS\system32\hdduinst.exe 2007-07-12 03:06 2,164,411 --a------ C:\WINDOWS\system32\haspds_windows.dll 2007-07-12 03:06 164,864 --a------ C:\WINDOWS\system32\UNWISE.EXE 2007-07-12 03:06 153,088 --a------ C:\WINDOWS\UNWISE.EXE (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-11 13:23 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\uTorrent 2007-08-11 12:09 --------- d-------- C:\Program Files\Steam 2007-08-11 02:25 --------- d-------- C:\Program Files\iTunes 2007-08-11 02:25 --------- d-------- C:\Program Files\iPod 2007-08-09 15:58 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-09 15:58 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ulead Systems 2007-08-09 14:47 --------- d-------- C:\Program Files\Oberon Media 2007-08-09 13:13 --------- d-------- C:\Program Files\DivX 2007-08-09 02:09 --------- d-a------ C:\Program Files\Common Files\LightScribe 2007-08-08 13:37 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\???????sAppData 2007-08-08 00:40 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Vso 2007-08-07 17:06 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ahead 2007-08-06 01:41 --------- d-------- C:\Program Files\Google 2007-07-26 16:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-07-26 16:06 129784 --------- C:\WINDOWS\system32\pxafs.dll 2007-07-26 16:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-07-26 16:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-07-25 13:16 --------- d-------- C:\Program Files\Allok Video Joiner 2007-07-24 03:38 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM 2007-07-17 21:39 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-07-17 21:39 47360 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\pcouffin.sys 2007-07-17 21:38 87608 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\ezpinst.exe 2007-07-15 00:39 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Yahoo! 2007-07-12 23:59 --------- d-------- C:\Program Files\QuickTime 2007-07-09 15:53 --------- d-------- C:\Program Files\Ahead 2007-07-08 23:18 --------- d-------- C:\Program Files\Common Files\Ahead 2007-07-08 23:17 --------- d-------- C:\Program Files\Nero 2007-07-08 19:28 21764 --a------ C:\WINDOWS\system32\CoreAAC-uninstall.exe 2007-07-08 19:28 --------- d-------- C:\Program Files\AC3Filter 2007-07-08 17:37 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Apple Computer 2007-07-08 17:15 --------- d-------- C:\Program Files\Pegasys Inc 2007-07-08 14:47 --------- d-------- C:\Program Files\FLVPlayer 2007-07-06 01:21 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint 2007-07-06 01:18 --------- d-------- C:\Program Files\CONEXANT 2007-07-06 00:12 --------- d-------- C:\Program Files\IrfanView 2007-07-05 22:49 --------- d-------- C:\Program Files\AOD 2007-07-05 22:49 --------- d-------- C:\Program Files\AIM 2007-07-05 22:49 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Aim 2007-07-05 22:34 --------- d-------- C:\Program Files\Common Files\Apple 2007-07-05 22:34 --------- d-------- C:\Program Files\Apple Software Update 2007-07-05 17:59 --------- d-------- C:\Program Files\Sonic 2007-07-05 17:59 --------- d-------- C:\Program Files\Common Files\Sonic Shared 2007-07-05 17:32 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-07-05 17:31 645904 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys 2007-07-05 17:31 115088 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys 2007-07-05 17:31 1021504 --a------ C:\WINDOWS\system32\vete.dll 2007-07-05 17:19 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\MailFrontier 2007-07-05 17:17 --------- d-------- C:\Program Files\Symantec 2007-07-05 17:17 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-07-05 16:50 --------- d-------- C:\Program Files\Quicken 2007-07-05 16:48 --------- d-------- C:\Program Files\Microsoft Works 2007-07-05 16:40 --------- d-------- C:\Program Files\GemMaster 2007-07-05 16:35 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real 2007-07-05 16:33 1900 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EX332AA-ABA m7580n_YC_0Pavi_QMXF625_E63NAemMPA2_48_INODUSM_SASUSTek Computer INC._V1.03_B3.04_T060614_WXP2_L409_M2047_J320_7AMD_8Athlon 64 X2 Dual Core_92.4_#060720_N_Z14F12F20_G10DE01D1.MRK 2007-07-05 14:43 --------- d-------- C:\Program Files\Dealio 2007-07-05 11:30 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Morpheus Software 2007-07-05 11:16 --------- d-------- C:\Program Files\Common Files\Xuisoft 2007-07-05 00:24 --------- d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 2007-07-05 00:20 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\vlc 2007-07-04 23:28 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR 2007-07-04 17:20 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\IrfanView 2007-07-03 19:10 132904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys 2007-07-03 19:10 11304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-07-02 12:41 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-07-02 12:41 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-06-27 19:05 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe 2007-06-21 23:21 --------- d-------- C:\Program Files\AudioGizmo Ringtone Creator 2007-06-21 23:12 --------- d-------- C:\Program Files\KIKEE iPod to PC Transfer 2007-06-18 16:29 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\ArcSoft 2007-06-18 16:25 --------- d-------- C:\Program Files\Common Files\ArcSoft 2007-06-18 16:25 --------- d-------- C:\Program Files\ArcSoft 2007-05-24 15:14 235884 --a------ C:\WINDOWS\AudioGizmo_Toolbar_Uninstaller_2203.exe 2007-05-23 10:55 1366 --a------ C:\Program Files\MasterTickerList.Test 2007-05-16 09:18 95864 --a------ C:\WINDOWS\system32\NeroCo.dll 2007-05-16 08:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 08:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 08:12 683520 --------- C:\WINDOWS\system32\inetcomm.dll 2007-05-16 08:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 08:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 08:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll 2007-04-22 23:05 1366 --a------ C:\Program Files\MasterTickerList.Txt ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38] "gcasServ"="C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" [2004-11-28 12:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 21:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 21:00] C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme R0 bb-run;Promise driver accelerator;C:\WINDOWS\system32\DRIVERS\bb-run.sys R0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys R2 ARSVC;ARSVC;C:\WINDOWS\arservice.exe R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 aracpi;aracpi;C:\WINDOWS\system32\DRIVERS\aracpi.sys R3 arkbcfltr;Microsoft PS2 Keyboard Filter;C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys R3 armoucfltr;Microsoft PS2 Mouse Filter;C:\WINDOWS\system32\DRIVERS\armoucfltr.sys R3 ARPolicy;ARPolicy;C:\WINDOWS\system32\DRIVERS\arpolicy.sys R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx);C:\WINDOWS\system32\DRIVERS\hcwPP2.sys R3 HSX_DP;HSX_DP;C:\WINDOWS\system32\DRIVERS\HSX_DP.sys R3 HSXHWBS2;HSXHWBS2;C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys R3 nuvaud2;SmartDisk USB Audio Service;C:\WINDOWS\system32\DRIVERS\nuvaud2.sys R3 nuvvid2;SmartDisk USB Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys R3 winachsx;winachsx;C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys S2 BTSLBCSP;Bluetooth Port Client Driver;\??\C:\WINDOWS\system32\drivers\btslbcsp.sys S3 arhidfltr;MS Ar HID Filter Driver;C:\WINDOWS\system32\DRIVERS\arhidfltr.sys Contents of the 'Scheduled Tasks' folder 2007-08-10 06:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-11 07:00:00 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 16:00:00 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 17:00:00 C:\WINDOWS\Tasks\At11.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 18:00:00 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 19:00:00 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 20:00:00 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-10 21:00:00 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-10 22:00:00 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-10 23:00:00 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 00:00:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 01:00:00 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 08:00:02 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 02:00:00 C:\WINDOWS\Tasks\At20.job 2007-08-11 03:00:00 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-10 04:00:00 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-10 05:00:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 06:00:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 09:00:00 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 10:00:00 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 11:00:00 C:\WINDOWS\Tasks\At5.job 2007-08-11 12:00:00 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 13:00:00 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 14:00:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\4H7S74Ha.exe 2007-08-11 15:00:00 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\4H7S74Ha.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-11 13:29:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-11 13:31:03 C:\ComboFix-quarantined-files.txt ... 2007-08-11 02:14 C:\ComboFix2.txt ... 2007-08-11 02:14 --- E O F --- Hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 1:33:30 PM, on 8/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do?site=pogop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do?site=pogop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
08-11-2007, 03:03 PM
|
#4 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,355
OS: N/A
|
Re: Im getting popups beleave im infected
Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:
--------------- Open notepad and copy/paste the text in the quotebox below into it: Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/173666-im-getting-popups-beleave-im-infected.html Collect:: C:\delete.bat C:\WINDOWS\system32\4H7S74Ha.exe C:\WINDOWS\system32\SR.vbs File:: C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job Folder:: C:\cBFU C:\Program Files\Phone Memo C:\DOCUME~1\HP_ADM~1\APPLIC~1\Phone Memo C:\DOCUME~1\ALLUSE~1\APPLIC~1\That Amen Second Book C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint  Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip Please submit this file before proceeding to the next step. --------------- Click here perform an online scan >> Online Scanner --------------- In your next post, please include fresh logs from:
__________________
Question - what have you done for the community today? |
|
|
|
|
08-11-2007, 04:45 PM
|
#5 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 13
OS: xp;;''
|
Re: Im getting popups beleave im infected
From ComboFix zip file
file zipped: C:\delete.bat -> catchme.zip -> delete.bat ( 106 bytes ) file to big: combofix.sys; 1024 > 106 source file error: C:\WINDOWS\system32\4H7S74Ha.exe file zipped: C:\WINDOWS\system32\SR.vbs -> catchme.zip -> SR.vbs ( 241 bytes ) file to big: combofix.sys; 1024 > 241 http://www.techsupportforum.com/secu...-infected.html |
|
|
|
|
08-11-2007, 04:51 PM
|
#6 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,355
OS: N/A
|
Re: Im getting popups beleave im infected
You're supposed to upload the file to this website > http://www.bleepingcomputer.com/subm....php?channel=4
__________________
Question - what have you done for the community today? |
|
|
|
|
08-11-2007, 05:33 PM
|
#7 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 13
OS: xp;;''
|
Re: Im getting popups beleave im infected
Online scan
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, August 11, 2007 4:29:02 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 12/08/2007 Kaspersky Anti-Virus database records: 378846 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 80852 Number of viruses found: 2 Number of infected objects: 3 Number of suspicious objects: 0 Duration of the scan process: 01:11:11 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a367f0f8678101a56962f43aaae80c08_84077979-ac28-4dd9-9257-5dd577c92c57 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\scratch\ERRSTAT.HTM Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_149079548_14483456_31110 Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE2.tmp Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{191E4CDE-3338-434A-99F4-588AAE05AECD}.TmpSBE Object is locked skipped C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007081120070812\index.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF3F76.tmp Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFB3A7.tmp Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFF9DF.tmp Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\D7O1R0UR\Kas-SaveReport-1[1].gif Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked skipped C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped C:\Program Files\HP\HP Software Update\HPwuSchd2.exe Infected: Virus.Win32.Agent.ab skipped C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MailBuddy.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP12\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\Internet Logs\YOUR-4DACD0EA75.ldb Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{64001582-5BBC-4C9E-88EA-985A6FBF7C12}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SMINST\RECGUARD.EXE Infected: Virus.Win32.Agent.ab skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ZLT042b6.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT042b9.TMP Object is locked skipped C:\WINDOWS\TempFile Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 3:36:34 PM, on 8/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do?site=pogop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do?site=pogop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ComboFix 07-08-12 - "HP_Administrator" 2007-08-11 15:03:49.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1531 [GMT -7:00] Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\cBFU C:\cBFU\BFU.exe C:\cBFU\sidekickFix.bat C:\delete.bat C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web C:\DOCUME~1\ALLUSE~1\APPLIC~1\That Amen Second Book C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1241215004.mtx C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1641344922.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-458154057.mtj&p2=1&p3=07314902280612890680795710951897&p4=16777217 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-482166611.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-928913617.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1233786184.mtx C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1355542221.mts C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\429179175.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1265740221.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1416738099.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\686406997.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\799008539.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx C:\WINDOWS\system32\SR.vbs C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job ((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 ))))))))))))))))))))))))))))))) 2007-08-11 12:10 <DIR> d-------- C:\Program Files\uTorrent 2007-08-11 11:18 <DIR> d-------- C:\NoLopBackups 2007-08-11 03:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-11 03:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-08-11 03:28 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\.SunDownloadManager 2007-08-11 02:44 262,144 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-11 02:38 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-11 02:08 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-11 01:13 <DIR> d-------- C:\Program Files\Lavasoft 2007-08-11 01:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-11 01:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-10 23:16 <DIR> d-------- C:\Program Files\Get-Torrent 2007-08-10 23:16 <DIR> d-------- C:\My Downloads 2007-08-09 20:17 1,916,928 --------- C:\WINDOWS\UNNVEContent.exe 2007-08-09 14:54 <DIR> d-------- C:\Program Files\Video Joiner 2007-08-09 14:14 909,312 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-08-09 14:14 40,960 --a------ C:\WINDOWS\system32\FXDV1to2.dll 2007-08-09 14:14 36,864 --a------ C:\WINDOWS\system32\ogg.dll 2007-08-09 14:14 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe 2007-08-09 14:14 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-08-09 14:14 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll 2007-08-09 14:14 1,060,864 --a------ C:\WINDOWS\system32\vorbis.dll 2007-08-09 14:13 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2007-08-09 14:13 <DIR> d-------- C:\Program Files\Fx Joiner 2007-08-08 22:08 <DIR> d-------- C:\Program Files\PeerGuardian2 2007-08-08 18:19 <DIR> d-------- C:\Program Files\Common Files\InterVideo 2007-08-08 18:14 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-08-07 16:38 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Nero 2007-08-04 21:48 1,376,256 --a------ C:\WINDOWS\system32\I2E_CINT.dll 2007-08-01 20:56 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Pogo Games 2007-07-31 14:17 <DIR> d-------- C:\Program Files\PokerRoom.com 2007-07-27 23:34 <DIR> d-------- C:\Program Files\AoA Audio Extractor 2007-07-27 19:42 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\???????sAppData 2007-07-26 16:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-07-26 16:06 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-26 16:06 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-26 16:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-07-26 16:06 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-26 16:03 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-07-26 16:03 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-07-26 16:03 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-07-26 16:03 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-07-26 16:03 740,442 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-26 16:03 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-07-26 16:03 57,344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-07-26 16:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-07-26 16:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-07-26 16:03 294,912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-07-26 16:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-07-26 16:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-07-26 16:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-25 13:13 <DIR> d-------- C:\Program Files\Xvideo 2007-07-22 22:28 <DIR> d-------- C:\Program Files\InterActual 2007-07-21 22:41 16 --ahs---- C:\WINDOWS\mpgncojb.sys 2007-07-21 22:35 <DIR> d-------- C:\Program Files\Common Files\Colasoft Shared 2007-07-21 22:35 <DIR> d-------- C:\Program Files\Colasoft Ping Tool 1.1 2007-07-21 21:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-07-18 23:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData 2007-07-17 21:39 87,608 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\inst.exe 2007-07-17 21:39 <DIR> d-------- C:\Program Files\DVDFab Platinum 3 2007-07-15 00:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2007-07-12 03:10 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\EFIT 2007-07-12 03:08 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys 2007-07-12 03:06 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll 2007-07-12 03:06 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys 2007-07-12 03:06 383 --a------ C:\WINDOWS\system32\haspdos.sys 2007-07-12 03:06 3,063,808 --a------ C:\WINDOWS\system32\hinstd.dll 2007-07-12 03:06 24,576 --a------ C:\WINDOWS\system32\hdduinst.exe 2007-07-12 03:06 2,164,411 --a------ C:\WINDOWS\system32\haspds_windows.dll 2007-07-12 03:06 164,864 --a------ C:\WINDOWS\system32\UNWISE.EXE 2007-07-12 03:06 153,088 --a------ C:\WINDOWS\UNWISE.EXE (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-11 13:23 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\uTorrent 2007-08-11 12:09 --------- d-------- C:\Program Files\Steam 2007-08-11 02:25 --------- d-------- C:\Program Files\iTunes 2007-08-11 02:25 --------- d-------- C:\Program Files\iPod 2007-08-09 15:58 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-09 15:58 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ulead Systems 2007-08-09 14:47 --------- d-------- C:\Program Files\Oberon Media 2007-08-09 13:13 --------- d-------- C:\Program Files\DivX 2007-08-09 02:09 --------- d-a------ C:\Program Files\Common Files\LightScribe 2007-08-08 13:37 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\???????sAppData 2007-08-08 00:40 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Vso 2007-08-07 17:06 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ahead 2007-08-06 01:41 --------- d-------- C:\Program Files\Google 2007-07-26 16:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-07-26 16:06 129784 --------- C:\WINDOWS\system32\pxafs.dll 2007-07-26 16:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-07-26 16:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-07-25 13:16 --------- d-------- C:\Program Files\Allok Video Joiner 2007-07-24 03:38 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM 2007-07-17 21:39 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-07-17 21:39 47360 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\pcouffin.sys 2007-07-17 21:38 87608 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\ezpinst.exe 2007-07-15 00:39 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Yahoo! 2007-07-12 23:59 --------- d-------- C:\Program Files\QuickTime 2007-07-09 15:53 --------- d-------- C:\Program Files\Ahead 2007-07-08 23:18 --------- d-------- C:\Program Files\Common Files\Ahead 2007-07-08 23:17 --------- d-------- C:\Program Files\Nero 2007-07-08 19:28 21764 --a------ C:\WINDOWS\system32\CoreAAC-uninstall.exe 2007-07-08 19:28 --------- d-------- C:\Program Files\AC3Filter 2007-07-08 17:37 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Apple Computer 2007-07-08 17:15 --------- d-------- C:\Program Files\Pegasys Inc 2007-07-08 14:47 --------- d-------- C:\Program Files\FLVPlayer 2007-07-06 01:18 --------- d-------- C:\Program Files\CONEXANT 2007-07-06 00:12 --------- d-------- C:\Program Files\IrfanView 2007-07-05 22:49 --------- d-------- C:\Program Files\AOD 2007-07-05 22:49 --------- d-------- C:\Program Files\AIM 2007-07-05 22:49 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Aim 2007-07-05 22:34 --------- d-------- C:\Program Files\Common Files\Apple 2007-07-05 22:34 --------- d-------- C:\Program Files\Apple Software Update 2007-07-05 17:59 --------- d-------- C:\Program Files\Sonic 2007-07-05 17:59 --------- d-------- C:\Program Files\Common Files\Sonic Shared 2007-07-05 17:32 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-07-05 17:31 645904 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys 2007-07-05 17:31 115088 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys 2007-07-05 17:31 1021504 --a------ C:\WINDOWS\system32\vete.dll 2007-07-05 17:19 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\MailFrontier 2007-07-05 17:17 --------- d-------- C:\Program Files\Symantec 2007-07-05 17:17 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-07-05 16:50 --------- d-------- C:\Program Files\Quicken 2007-07-05 16:48 --------- d-------- C:\Program Files\Microsoft Works 2007-07-05 16:40 --------- d-------- C:\Program Files\GemMaster 2007-07-05 16:35 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real 2007-07-05 16:33 1900 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EX332AA-ABA m7580n_YC_0Pavi_QMXF625_E63NAemMPA2_48_INODUSM_SASUSTek Computer INC._V1.03_B3.04_T060614_WXP2_L409_M2047_J320_7AMD_8Athlon 64 X2 Dual Core_92.4_#060720_N_Z14F12F20_G10DE01D1.MRK 2007-07-05 14:43 --------- d-------- C:\Program Files\Dealio 2007-07-05 11:30 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Morpheus Software 2007-07-05 11:16 --------- d-------- C:\Program Files\Common Files\Xuisoft 2007-07-05 00:24 --------- d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 2007-07-05 00:20 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\vlc 2007-07-04 23:28 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR 2007-07-04 17:20 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\IrfanView 2007-07-03 19:10 132904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys 2007-07-03 19:10 11304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-07-02 12:41 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-07-02 12:41 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-06-27 19:05 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe 2007-06-21 23:21 --------- d-------- C:\Program Files\AudioGizmo Ringtone Creator 2007-06-21 23:12 --------- d-------- C:\Program Files\KIKEE iPod to PC Transfer 2007-06-18 16:29 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\ArcSoft 2007-06-18 16:25 --------- d-------- C:\Program Files\Common Files\ArcSoft 2007-06-18 16:25 --------- d-------- C:\Program Files\ArcSoft 2007-05-24 15:14 235884 --a------ C:\WINDOWS\AudioGizmo_Toolbar_Uninstaller_2203.exe 2007-05-23 10:55 1366 --a------ C:\Program Files\MasterTickerList.Test 2007-05-16 09:18 95864 --a------ C:\WINDOWS\system32\NeroCo.dll 2007-05-16 08:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 08:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 08:12 683520 --------- C:\WINDOWS\system32\inetcomm.dll 2007-05-16 08:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 08:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 08:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll 2007-04-22 23:05 1366 --a------ C:\Program Files\MasterTickerList.Txt ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38] "gcasServ"="C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" [2004-11-28 12:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 21:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 21:00] C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme R0 bb-run;Promise driver accelerator;C:\WINDOWS\system32\DRIVERS\bb-run.sys R0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys R2 ARSVC;ARSVC;C:\WINDOWS\arservice.exe R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 aracpi;aracpi;C:\WINDOWS\system32\DRIVERS\aracpi.sys R3 arkbcfltr;Microsoft PS2 Keyboard Filter;C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys R3 armoucfltr;Microsoft PS2 Mouse Filter;C:\WINDOWS\system32\DRIVERS\armoucfltr.sys R3 ARPolicy;ARPolicy;C:\WINDOWS\system32\DRIVERS\arpolicy.sys R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx);C:\WINDOWS\system32\DRIVERS\hcwPP2.sys R3 HSX_DP;HSX_DP;C:\WINDOWS\system32\DRIVERS\HSX_DP.sys R3 HSXHWBS2;HSXHWBS2;C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys R3 nuvaud2;SmartDisk USB Audio Service;C:\WINDOWS\system32\DRIVERS\nuvaud2.sys R3 nuvvid2;SmartDisk USB Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys R3 winachsx;winachsx;C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys S2 BTSLBCSP;Bluetooth Port Client Driver;\??\C:\WINDOWS\system32\drivers\btslbcsp.sys S3 arhidfltr;MS Ar HID Filter Driver;C:\WINDOWS\system32\DRIVERS\arhidfltr.sys Contents of the 'Scheduled Tasks' folder 2007-08-10 06:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-11 15:08:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-11 15:10:03 C:\ComboFix-quarantined-files.txt ... 2007-08-11 15:10 C:\ComboFix2.txt ... 2007-08-11 13:31 C:\ComboFix3.txt ... 2007-08-11 02:14 --- E O F --- combofixs log ComboFix 07-08-12 - "HP_Administrator" 2007-08-11 15:03:49.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1531 [GMT -7:00] Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\cBFU C:\cBFU\BFU.exe C:\cBFU\sidekickFix.bat C:\delete.bat C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web C:\DOCUME~1\ALLUSE~1\APPLIC~1\That Amen Second Book C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1241215004.mtx C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1641344922.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-458154057.mtj&p2=1&p3=07314902280612890680795710951897&p4=16777217 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-482166611.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-928913617.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1233786184.mtx C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1355542221.mts C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\429179175.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1265740221.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1416738099.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\686406997.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\799008539.mtj&p2=1&p3=07314902280612890680795710951897&p4=0 C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini C:\DOCUME~1\HP_ADM~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx C:\WINDOWS\system32\SR.vbs C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job ((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 ))))))))))))))))))))))))))))))) 2007-08-11 12:10 <DIR> d-------- C:\Program Files\uTorrent 2007-08-11 11:18 <DIR> d-------- C:\NoLopBackups 2007-08-11 03:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-11 03:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-08-11 03:28 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\.SunDownloadManager 2007-08-11 02:44 262,144 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-11 02:38 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-11 02:08 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-11 01:13 <DIR> d-------- C:\Program Files\Lavasoft 2007-08-11 01:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-11 01:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-10 23:16 <DIR> d-------- C:\Program Files\Get-Torrent 2007-08-10 23:16 <DIR> d-------- C:\My Downloads 2007-08-09 20:17 1,916,928 --------- C:\WINDOWS\UNNVEContent.exe 2007-08-09 14:54 <DIR> d-------- C:\Program Files\Video Joiner 2007-08-09 14:14 909,312 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-08-09 14:14 40,960 --a------ C:\WINDOWS\system32\FXDV1to2.dll 2007-08-09 14:14 36,864 --a------ C:\WINDOWS\system32\ogg.dll 2007-08-09 14:14 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe 2007-08-09 14:14 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-08-09 14:14 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll 2007-08-09 14:14 1,060,864 --a------ C:\WINDOWS\system32\vorbis.dll 2007-08-09 14:13 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2007-08-09 14:13 <DIR> d-------- C:\Program Files\Fx Joiner 2007-08-08 22:08 <DIR> d-------- C:\Program Files\PeerGuardian2 2007-08-08 18:19 <DIR> d-------- C:\Program Files\Common Files\InterVideo 2007-08-08 18:14 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-08-07 16:38 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Nero 2007-08-04 21:48 1,376,256 --a------ C:\WINDOWS\system32\I2E_CINT.dll 2007-08-01 20:56 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Pogo Games 2007-07-31 14:17 <DIR> d-------- C:\Program Files\PokerRoom.com 2007-07-27 23:34 <DIR> d-------- C:\Program Files\AoA Audio Extractor 2007-07-27 19:42 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\???????sAppData 2007-07-26 16:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-07-26 16:06 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-26 16:06 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-26 16:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-07-26 16:06 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-26 16:03 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-07-26 16:03 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-07-26 16:03 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-07-26 16:03 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-07-26 16:03 740,442 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-26 16:03 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-07-26 16:03 57,344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-07-26 16:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-07-26 16:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-07-26 16:03 294,912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-07-26 16:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-07-26 16:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-07-26 16:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-25 13:13 <DIR> d-------- C:\Program Files\Xvideo 2007-07-22 22:28 <DIR> d-------- C:\Program Files\InterActual 2007-07-21 22:41 16 --ahs---- C:\WINDOWS\mpgncojb.sys 2007-07-21 22:35 <DIR> d-------- C:\Program Files\Common Files\Colasoft Shared 2007-07-21 22:35 <DIR> d-------- C:\Program Files\Colasoft Ping Tool 1.1 2007-07-21 21:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-07-18 23:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData 2007-07-17 21:39 87,608 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\inst.exe 2007-07-17 21:39 <DIR> d-------- C:\Program Files\DVDFab Platinum 3 2007-07-15 00:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2007-07-12 03:10 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\EFIT 2007-07-12 03:08 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys 2007-07-12 03:06 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll 2007-07-12 03:06 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys 2007-07-12 03:06 383 --a------ C:\WINDOWS\system32\haspdos.sys 2007-07-12 03:06 3,063,808 --a------ C:\WINDOWS\system32\hinstd.dll 2007-07-12 03:06 24,576 --a------ C:\WINDOWS\system32\hdduinst.exe 2007-07-12 03:06 2,164,411 --a------ C:\WINDOWS\system32\haspds_windows.dll 2007-07-12 03:06 164,864 --a------ C:\WINDOWS\system32\UNWISE.EXE 2007-07-12 03:06 153,088 --a------ C:\WINDOWS\UNWISE.EXE (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-11 13:23 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\uTorrent 2007-08-11 12:09 --------- d-------- C:\Program Files\Steam 2007-08-11 02:25 --------- d-------- C:\Program Files\iTunes 2007-08-11 02:25 --------- d-------- C:\Program Files\iPod 2007-08-09 15:58 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-09 15:58 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ulead Systems 2007-08-09 14:47 --------- d-------- C:\Program Files\Oberon Media 2007-08-09 13:13 --------- d-------- C:\Program Files\DivX 2007-08-09 02:09 --------- d-a------ C:\Program Files\Common Files\LightScribe 2007-08-08 13:37 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\???????sAppData 2007-08-08 00:40 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Vso 2007-08-07 17:06 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ahead 2007-08-06 01:41 --------- d-------- C:\Program Files\Google 2007-07-26 16:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-07-26 16:06 129784 --------- C:\WINDOWS\system32\pxafs.dll 2007-07-26 16:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-07-26 16:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-07-25 13:16 --------- d-------- C:\Program Files\Allok Video Joiner 2007-07-24 03:38 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM 2007-07-17 21:39 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-07-17 21:39 47360 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\pcouffin.sys 2007-07-17 21:38 87608 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\ezpinst.exe 2007-07-15 00:39 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Yahoo! 2007-07-12 23:59 --------- d-------- C:\Program Files\QuickTime 2007-07-09 15:53 --------- d-------- C:\Program Files\Ahead 2007-07-08 23:18 --------- d-------- C:\Program Files\Common Files\Ahead 2007-07-08 23:17 --------- d-------- C:\Program Files\Nero 2007-07-08 19:28 21764 --a------ C:\WINDOWS\system32\CoreAAC-uninstall.exe 2007-07-08 19:28 --------- d-------- C:\Program Files\AC3Filter 2007-07-08 17:37 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Apple Computer 2007-07-08 17:15 --------- d-------- C:\Program Files\Pegasys Inc 2007-07-08 14:47 --------- d-------- C:\Program Files\FLVPlayer 2007-07-06 01:18 --------- d-------- C:\Program Files\CONEXANT 2007-07-06 00:12 --------- d-------- C:\Program Files\IrfanView 2007-07-05 22:49 --------- d-------- C:\Program Files\AOD 2007-07-05 22:49 --------- d-------- C:\Program Files\AIM 2007-07-05 22:49 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Aim 2007-07-05 22:34 --------- d-------- C:\Program Files\Common Files\Apple 2007-07-05 22:34 --------- d-------- C:\Program Files\Apple Software Update 2007-07-05 17:59 --------- d-------- C:\Program Files\Sonic 2007-07-05 17:59 --------- d-------- C:\Program Files\Common Files\Sonic Shared 2007-07-05 17:32 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-07-05 17:31 645904 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys 2007-07-05 17:31 115088 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys 2007-07-05 17:31 1021504 --a------ C:\WINDOWS\system32\vete.dll 2007-07-05 17:19 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\MailFrontier 2007-07-05 17:17 --------- d-------- C:\Program Files\Symantec 2007-07-05 17:17 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-07-05 16:50 --------- d-------- C:\Program Files\Quicken 2007-07-05 16:48 --------- d-------- C:\Program Files\Microsoft Works 2007-07-05 16:40 --------- d-------- C:\Program Files\GemMaster 2007-07-05 16:35 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real 2007-07-05 16:33 1900 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EX332AA-ABA m7580n_YC_0Pavi_QMXF625_E63NAemMPA2_48_INODUSM_SASUSTek Computer INC._V1.03_B3.04_T060614_WXP2_L409_M2047_J320_7AMD_8Athlon 64 X2 Dual Core_92.4_#060720_N_Z14F12F20_G10DE01D1.MRK 2007-07-05 14:43 --------- d-------- C:\Program Files\Dealio 2007-07-05 11:30 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Morpheus Software 2007-07-05 11:16 --------- d-------- C:\Program Files\Common Files\Xuisoft 2007-07-05 00:24 --------- d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 2007-07-05 00:20 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\vlc 2007-07-04 23:28 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR 2007-07-04 17:20 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\IrfanView 2007-07-03 19:10 132904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys 2007-07-03 19:10 11304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-07-02 12:41 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-07-02 12:41 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-06-27 19:05 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe 2007-06-21 23:21 --------- d-------- C:\Program Files\AudioGizmo Ringtone Creator 2007-06-21 23:12 --------- d-------- C:\Program Files\KIKEE iPod to PC Transfer 2007-06-18 16:29 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\ArcSoft 2007-06-18 16:25 --------- d-------- C:\Program Files\Common Files\ArcSoft 2007-06-18 16:25 --------- d-------- C:\Program Files\ArcSoft 2007-05-24 15:14 235884 --a------ C:\WINDOWS\AudioGizmo_Toolbar_Uninstaller_2203.exe 2007-05-23 10:55 1366 --a------ C:\Program Files\MasterTickerList.Test 2007-05-16 09:18 95864 --a------ C:\WINDOWS\system32\NeroCo.dll 2007-05-16 08:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 08:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 08:12 683520 --------- C:\WINDOWS\system32\inetcomm.dll 2007-05-16 08:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 08:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 08:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll 2007-04-22 23:05 1366 --a------ C:\Program Files\MasterTickerList.Txt ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38] "gcasServ"="C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" [2004-11-28 12:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 21:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 21:00] C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme R0 bb-run;Promise driver accelerator;C:\WINDOWS\system32\DRIVERS\bb-run.sys R0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys R2 ARSVC;ARSVC;C:\WINDOWS\arservice.exe R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 aracpi;aracpi;C:\WINDOWS\system32\DRIVERS\aracpi.sys R3 arkbcfltr;Microsoft PS2 Keyboard Filter;C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys R3 armoucfltr;Microsoft PS2 Mouse Filter;C:\WINDOWS\system32\DRIVERS\armoucfltr.sys R3 ARPolicy;ARPolicy;C:\WINDOWS\system32\DRIVERS\arpolicy.sys R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx);C:\WINDOWS\system32\DRIVERS\hcwPP2.sys R3 HSX_DP;HSX_DP;C:\WINDOWS\system32\DRIVERS\HSX_DP.sys R3 HSXHWBS2;HSXHWBS2;C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys R3 nuvaud2;SmartDisk USB Audio Service;C:\WINDOWS\system32\DRIVERS\nuvaud2.sys R3 nuvvid2;SmartDisk USB Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys R3 winachsx;winachsx;C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys S2 BTSLBCSP;Bluetooth Port Client Driver;\??\C:\WINDOWS\system32\drivers\btslbcsp.sys S3 arhidfltr;MS Ar HID Filter Driver;C:\WINDOWS\system32\DRIVERS\arhidfltr.sys Contents of the 'Scheduled Tasks' folder 2007-08-10 06:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-11 15:08:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-11 15:10:03 C:\ComboFix-quarantined-files.txt ... 2007-08-11 15:10 C:\ComboFix2.txt ... 2007-08-11 13:31 C:\ComboFix3.txt ... 2007-08-11 02:14 --- E O F --- |
|
|
|
|
08-11-2007, 09:57 PM
|
#8 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,355
OS: N/A
|
Re: Im getting popups beleave im infected
pen NOTEPAD.exe and copy/paste the text in the quotebox below into it:
Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"
for %%g in (
"C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
C:\WINDOWS\SMINST\RECGUARD.EXE
) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
for %%g in (
C:\NoLopBackups
%systemdrive%\VundoFix Backups
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Disable("")>SR.vbs
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Enable("")>>SR.vbs
wscript SR.vbs
(
echo.REGEDIT4&echo.
echo.[hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced]
echo."hidden"=dword:00000002
echo."hidefileext"=dword:00000001
echo."showsuperhidden"=dword:00000000
)>rehide.reg
regedit /s rehide.reg
del rehide.reg SR.vbs
nircmd wait 7000
del %0
It should look like this:  Double click on fix.bat & allow it to run Post back to tell me what it says
__________________
Question - what have you done for the community today? |
|
|
|
|
08-11-2007, 10:43 PM
|
#10 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,355
OS: N/A
|
Re: Im getting popups beleave im infected
Your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:
Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html After doing all these, your system will be optimised against future threats. It's okay to delete the Hijack This folder in a couple weeks if everything is working okay. Have a safe & happy computing day.  Kindly respond to this thread once more so we can mark this thread as resolved.
__________________
Question - what have you done for the community today? |
|
|
|
| Thread Tools | |
|
|
