|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-13-2007, 11:31 AM
|
#1 (permalink) |
|
I hate spyware :/
Join Date: Oct 2007
Posts: 9
OS: XP
|
IE popups not going away!
Hi, I've recently run across this site and seen that select people are having trouble with certain files, such as ddccbxx.dll and popups to account for. I've renamed Hijackthis.exe to Happy.exe and ran it, and posted my log. Also, I've ran combofix and posted that log as well. I've tried numerous times to reboot in safemode and have tried to delete ddccbxx.dll (haven't tried deleting the others as of yet) in safe mode, but to no avail! Please help!
Thank you for for all your help in advance and I know you guys are busy and to be patient! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:29:38 AM, on 10/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Val-\My Documents\Downloads\HiJackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe c:\dell\E-center\gtb2.exe C:\Documents and Settings\Val-\My Documents\Downloads\Happy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ragnarokonline.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: (no name) - {3266BE23-4EBA-4EBD-A2DD-56B18138E137} - C:\WINDOWS\system32\jkhfd.dll O2 - BHO: (no name) - {57B85AE8-6E03-4568-8183-20A2FFFE31AC} - C:\Program Files\Movie Maker\meroxecal83122.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\cgohrxgj.dll O2 - BHO: (no name) - {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} - C:\WINDOWS\system32\ddccbxx.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify: ddccbxx - C:\WINDOWS\SYSTEM32\ddccbxx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9151 bytes ----------------------------- "Val-" - 2007-10-13 10:15:51 - ComboFix 07-07-17.8 - Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 ))))))))))))))))))))))))))))))) 2007-10-13 10:07 <DIR> d-------- C:\Rustbfix 2007-10-13 09:19 <DIR> d-------- C:\Program Files\Norton Internet Security 2007-10-13 09:16 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-13 09:16 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-13 09:15 <DIR> d-------- C:\Program Files\Symantec 2007-10-13 09:07 <DIR> d-------- C:\DOCUME~1\Val-\DoctorWeb 2007-10-13 08:52 309,344 --a------ C:\WINDOWS\system32\jkhfd.dll 2007-10-13 02:35 75,840 --a------ C:\WINDOWS\system32\cgohrxgj.dll 2007-10-13 02:32 84,544 --a------ C:\WINDOWS\system32\fvemornx.dll 2007-10-12 14:15 34,304 --a------ C:\WINDOWS\system32\ddccbxx.dll 2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-10-13 17:11:25 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-13 16:44:27 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-13 16:44:27 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-10 06:36:00 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-10-10 06:36:00 104 --sh--r C:\WINDOWS\system32\AF245FD88E.sys 2007-09-18 21:44:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 21:44:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 21:44:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 21:44:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 21:44:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 21:44:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-16 07:23:30 -------- d-----w C:\DOCUME~1\Val-\APPLIC~1\Apple Computer 2007-09-02 07:40:44 -------- d-----w C:\DOCUME~1\Val-\APPLIC~1\BitTorrent 2007-08-31 07:01:09 -------- d-----w C:\Program Files\WMR11 2007-08-30 04:42:19 -------- d-----w C:\Program Files\DAEMON Tools 2007-08-30 04:39:22 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-08-29 08:31:56 -------- d-----w C:\Program Files\QuickTime 2007-08-27 00:00:21 -------- d-----w C:\Program Files\iTunes 2007-08-27 00:00:16 -------- d-----w C:\Program Files\iPod 2007-08-26 23:57:31 -------- d-----w C:\Program Files\Apple Software Update 2007-08-26 23:56:47 -------- d-----w C:\Program Files\Common Files\Apple 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-07 08:08:48 3,092 -c--a-w C:\WINDOWS\mozver.dat 2007-07-31 02:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-31 02:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-31 02:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-31 02:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-31 02:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-31 02:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-31 02:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-26 23  12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll2007-07-26 23 12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll2007-07-16 08:31:36 88 --sh--r C:\WINDOWS\system32\8ED85F24AF.sys 1989-12-12 17:10:10 576,352 -csh--r C:\WINDOWS\giqksllA.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}] 2007-05-29 18:01 97960 -ra------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3266BE23-4EBA-4EBD-A2DD-56B18138E137}] 2007-10-13 08:52 309344 --a------ C:\WINDOWS\system32\jkhfd.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57B85AE8-6E03-4568-8183-20A2FFFE31AC}] C:\Program Files\Movie Maker\meroxecal83122.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] 2005-09-08 03:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}] 2007-10-13 02:35 75840 --a------ C:\WINDOWS\system32\cgohrxgj.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE}] 2007-10-12 14:15 34304 --a------ C:\WINDOWS\system32\ddccbxx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-07 19:48] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 09:55] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 09:56] "SigmatelSysTrayApp"="stsystra.exe" [2006-01-09 02:33 C:\WINDOWS\stsystra.exe] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 12:58] "CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 13:57] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44] "@"="" [] "ECenter"="c:\dell\E-Center\gtb.exe" [2006-02-22 10:00] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 16:26] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 19:05] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-06-25 22:00] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2007-01-31 13:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 08:09] C:\DOCUME~1\Val-\STARTM~1\Programs\Startup Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE}"="C:\WINDOWS\system32\ddccbxx.dll" [2007-10-12 14:15] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccbxx] ddccbxx.dll --a------ 2007-10-12 14:15 34304 C:\WINDOWS\system32\ddccbxx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 C:\\WINDOWS\\system32\\pmkhi [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command- E:\setup.exe *Newly Created Service* - COMHOST Contents of the 'Scheduled Tasks' folder 2007-10-13 15:11:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-09-25 03:00:08 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Val-.job ************************************************************************** catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-13 10:20:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-10-13 10:23:38 C:\ComboFix-quarantined-files.txt ... 2007-10-13 10:23 --- E O F --- Again, thank you for all help provided! -Val |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-13-2007, 10:11 PM
|
#3 (permalink) |
|
I hate spyware :/
Join Date: Oct 2007
Posts: 9
OS: XP
|
Re: IE popups not going away!
Since I can't seem to edit much. When I try to install SSD or ad-aware I specifically get this floating point error. itunes is okay -- specifically, but it seems whatever is hindering me, won't allow me to install SSD or like programs.
This is becoming increasingly frustrating. Please help soon! |
|
|
|
|
10-13-2007, 10:19 PM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista
|
Re: IE popups not going away!
Hello Val,
Please hold off on doing anything else. I'll be getting to this thread shortly, and will have a fix prepared for you. |
|
|
|
|
10-13-2007, 10:35 PM
|
#5 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista
|
Re: IE popups not going away!
Hello Val- and welcome.
Apparently this infection was never fully eradicated from back in July. Let's get started.  Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Firstly, delete your existing ComboFix.exe and download the newest version: Download Combofix and save it to your desktop. **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. --------------------------------------------------------------------- Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------------------------------------------------------------------- Run a new scan with HijackThis and save the log. Please include the following in your next reply for further review: C:\ComboFix.txt New HijackThis log |
|
|
|
|
|
10-13-2007, 11:12 PM
|
#7 (permalink) |
|
I hate spyware :/
Join Date: Oct 2007
Posts: 9
OS: XP
|
Re: IE popups not going away!
ComboFix 07-10-14.1 - Val- 2007-10-13 21:57:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.452 [GMT -7:00] Running from: C:\Documents and Settings\Val-\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Val-\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\giqksllA.exe C:\WINDOWS\system32\cgohrxgj.dll C:\WINDOWS\system32\ddccbxx.dll C:\WINDOWS\system32\fvemornx.dll C:\WINDOWS\system32\jkhfd.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\WINDOWS\cookies.ini C:\WINDOWS\giqksllA.exe C:\WINDOWS\giqksllA.exe C:\WINDOWS\system32\amslbves.ini C:\WINDOWS\system32\b10FdUe C:\WINDOWS\system32\cgohrxgj.dll C:\WINDOWS\system32\cgohrxgj.dll C:\WINDOWS\system32\ddccbxx.dll C:\WINDOWS\system32\dfhkj.bak2 C:\WINDOWS\system32\dfhkj.bak2 C:\WINDOWS\system32\dfhkj.ini C:\WINDOWS\system32\dfhkj.ini C:\WINDOWS\system32\dfhkj.ini2 C:\WINDOWS\system32\dfhkj.ini2 C:\WINDOWS\system32\dfhkj.tmp C:\WINDOWS\system32\dfhkj.tmp C:\WINDOWS\system32\dlnmaawn.dll C:\WINDOWS\system32\driver C:\WINDOWS\system32\fvemornx.dll C:\WINDOWS\system32\fvemornx.dll C:\WINDOWS\system32\jkhfd.dll C:\WINDOWS\system32\jkhfd.dll C:\WINDOWS\system32\sevblsma.dll C:\WINDOWS\system32\xnromevf.ini C:\WINDOWS\system32\Z11 . ((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))) . 2007-10-13 21:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-10-13 21:17 <DIR> d-------- C:\Documents and Settings\Val-\Application Data\SUPERAntiSpyware.com 2007-10-13 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-10-13 18:16 2,638 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-13 10:07 <DIR> d-------- C:\Rustbfix 2007-10-13 09:19 <DIR> d-------- C:\Program Files\Norton Internet Security 2007-10-13 09:16 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-13 09:16 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-13 09:15 <DIR> d-------- C:\Program Files\Symantec 2007-10-13 09:07 <DIR> d-------- C:\Documents and Settings\Val-\DoctorWeb 2007-10-09 20:57 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-14 04:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-14 04:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-14 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-14 03:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-14 01:59 --------- d-----w C:\Program Files\Java 2007-10-13 16:44 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-13 16:44 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-09-18 21:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 21:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 21:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 21:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 21:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 21:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-16 07:23 --------- d-----w C:\Documents and Settings\Val-\Application Data\Apple Computer 2007-09-02 07:40 --------- d-----w C:\Documents and Settings\Val-\Application Data\BitTorrent 2007-08-31 07:01 --------- d-----w C:\Program Files\WMR11 2007-08-30 04:42 --------- d-----w C:\Program Files\DAEMON Tools 2007-08-30 04:39 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-08-29 08:31 --------- d-----w C:\Program Files\QuickTime 2007-08-27 00:00 --------- d-----w C:\Program Files\iTunes 2007-08-27 00:00 --------- d-----w C:\Program Files\iPod 2007-08-26 23:57 --------- d-----w C:\Program Files\Apple Software Update 2007-08-26 23:56 --------- d-----w C:\Program Files\Common Files\Apple 2007-08-26 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-07 19:48] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 09:55] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 09:56] "SigmatelSysTrayApp"="stsystra.exe" [2006-01-09 02:33 C:\WINDOWS\stsystra.exe] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 12:58] "CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 13:57] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44] "ECenter"="c:\dell\E-Center\gtb.exe" [2006-02-22 10:00] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 16:26] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 19:05] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-06-25 22:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 08:09] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccbxx] ddccbxx.dll S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys S3 PNDIS5;PNDIS5 NDIS Protocol Driver;\??\D:\PNDIS5.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command - E:\setup.exe *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-10-13 15:11:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-09-25 03:00:08 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Val-.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-13 22:03:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-13 22:05:59 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-13 20:11 C:\ComboFix2.txt ... 2007-10-13 20:11 C:\ComboFix3.txt ... 2007-10-13 17:07 C:\combofix_log.txt ... 2007-10-13 08:21 . --- E O F --- ----------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:09:58 PM, on 10/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\Documents and Settings\Val-\My Documents\Downloads\Happy.exe c:\dell\E-center\gtb.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ddccbxx - ddccbxx.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9517 bytes I think I will rerun since there seems to be Norton still running. Last edited by Val-; 10-13-2007 at 11:15 PM. |
|
|
|
|
10-13-2007, 11:24 PM
|
#8 (permalink) |
|
I hate spyware :/
Join Date: Oct 2007
Posts: 9
OS: XP
|
Re: IE popups not going away!
Okay, here is the NEW combofix. My Apologies for that. Still seems norton was still running internet security which won't even be shut down. But to post anyways.
ComboFix 07-10-14.1 - Val- 2007-10-13 22:19:47.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.604 [GMT -7:00] Running from: C:\Documents and Settings\Val-\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Val-\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\giqksllA.exe C:\WINDOWS\system32\cgohrxgj.dll C:\WINDOWS\system32\ddccbxx.dll C:\WINDOWS\system32\fvemornx.dll C:\WINDOWS\system32\jkhfd.dll . ((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))) . 2007-10-13 21:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-10-13 21:17 <DIR> d-------- C:\Documents and Settings\Val-\Application Data\SUPERAntiSpyware.com 2007-10-13 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-10-13 18:16 2,638 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-13 10:07 <DIR> d-------- C:\Rustbfix 2007-10-13 09:19 <DIR> d-------- C:\Program Files\Norton Internet Security 2007-10-13 09:16 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-13 09:16 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-13 09:15 <DIR> d-------- C:\Program Files\Symantec 2007-10-13 09:07 <DIR> d-------- C:\Documents and Settings\Val-\DoctorWeb 2007-10-09 20:57 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-14 04:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-14 04:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-14 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-14 03:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-14 02:51 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-10-14 01:59 --------- d-----w C:\Program Files\Java 2007-10-13 16:44 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-13 16:44 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-09-18 21:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 21:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 21:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 21:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 21:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 21:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-16 07:23 --------- d-----w C:\Documents and Settings\Val-\Application Data\Apple Computer 2007-09-02 07:40 --------- d-----w C:\Documents and Settings\Val-\Application Data\BitTorrent 2007-08-31 07:01 --------- d-----w C:\Program Files\WMR11 2007-08-30 04:42 --------- d-----w C:\Program Files\DAEMON Tools 2007-08-30 04:39 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-08-29 08:31 --------- d-----w C:\Program Files\QuickTime 2007-08-27 00:00 --------- d-----w C:\Program Files\iTunes 2007-08-27 00:00 --------- d-----w C:\Program Files\iPod 2007-08-26 23:57 --------- d-----w C:\Program Files\Apple Software Update 2007-08-26 23:56 --------- d-----w C:\Program Files\Common Files\Apple 2007-08-26 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:20 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2007-07-26 23:06 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-07-26 23:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-07 19:48] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 09:55] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 09:56] "SigmatelSysTrayApp"="stsystra.exe" [2006-01-09 02:33 C:\WINDOWS\stsystra.exe] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 12:58] "CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 13:57] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44] "ECenter"="c:\dell\E-Center\gtb.exe" [2006-02-22 10:00] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 16:26] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 19:05] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-06-25 22:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 08:09] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccbxx] ddccbxx.dll S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys S3 PNDIS5;PNDIS5 NDIS Protocol Driver;\??\D:\PNDIS5.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command - E:\setup.exe *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-10-13 15:11:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-09-25 03:00:08 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Val-.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-13 22:21:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-13 22:21:32 C:\ComboFix-quarantined-files.txt ... 2007-10-13 20:11 C:\ComboFix2.txt ... 2007-10-13 22:05 C:\ComboFix3.txt ... 2007-10-13 20:11 C:\combofix_log.txt ... 2007-10-13 08:21 . --- E O F --- |
|
|
|
|
10-13-2007, 11:25 PM
|
#9 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista
|
Re: IE popups not going away!
Quote:
|
|
|
|
|
|
10-13-2007, 11:29 PM
|
#10 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista
|
Re: IE popups not going away!
Please...slow down.
 Understand that everytime you run CFScript, a new backup of your registry with erunt is made, which overwrites the previous one. Should anything go wrong, we'd not have a decent registry backup. I'll get to this thread momentarily. |
|
|
|
|
10-13-2007, 11:33 PM
|
#11 (permalink) | |
|
I hate spyware :/
Join Date: Oct 2007
Posts: 9
OS: XP
|
Re: IE popups not going away!
Quote:
|
|
|
|
|
|
10-13-2007, 11:35 PM
|
#12 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista
|
Re: IE popups not going away!
Ok, run a scan with HijackThis and 'check' the following entry:
O20 - Winlogon Notify: ddccbxx - ddccbxx.dll (file missing) Click 'Fix Checked' and close HijackThis. ------------------------------------------------------------------- We now need to run an online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer with Panda ActiveScan
* Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------------- Run a new scan with HijackThis and save the log. -------------------------------------------------------------------- Please include the following in your next reply: Panda results New HijackThis log |
|
|
|
|
10-14-2007, 12:07 AM
|
#13 (permalink) |
|
I hate spyware :/
Join Date: Oct 2007
Posts: 9
OS: XP
|
Re: IE popups not going away!
Okay, here's everything again after the panda scan:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11 16 PM, on 10/13/2007Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AIM\aim.exe C:\Program Files\Ventrilo\Ventrilo.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Val-\My Documents\Downloads\Happy.exe c:\dell\E-center\gtb.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9657 bytes -------------------------------- Incident Status Location Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.advertising.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.atdmt.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.advertising.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[ad.yieldmanager.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[c5.zedo.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[ad.yieldmanager.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.zedo.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[winantispyware.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[go.winantispyware.com/MTg4NQ==/2/702/antispyware/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.go.winantispyware.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[go.winantispyware.com/MTg4NQ==/2/702/antispyware/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.mediaplex.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.doubleclick.net/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.questionmarket.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.adrevolver.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.fastclick.net/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.realmedia.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.fastclick.net/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.realmedia.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.fastclick.net/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[server.iad.liveperson.net/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[server.iad.liveperson.net/hc/6607719] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[server.iad.liveperson.net/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.perf.overture.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.overture.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.tribalfusion.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.bluestreak.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.trafficmp.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.2o7.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.112.2o7.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.2o7.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.112.2o7.net/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.casalemedia.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.atwola.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.ads.pointroll.com/] Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[citi.bridgetrack.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.bs.serving-sys.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[statse.webtrendslive.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.247realmedia.com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.revenue.net/] Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[searchportal.information.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies-1.txt[.burstnet.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.2o7.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.advertising.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.advertising.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[stats1.reliablestats.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[www.winantiviruspro.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.winantivirus.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[winantivirus.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.zedo.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[www.errorsafe.com/] Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.errorsafe.com/] Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[systemdoctor.com/] Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.weborama.fr/] Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.smartadserver.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.atwola.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.xiti.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.com.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.go.com/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Val-\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\cookies.txt[.toplist.cz/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Val-\Cookies\val-@2o7[1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Val-\Cookies\val-@2o7[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Val-\Cookies\val-@advertising[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Val-\Cookies\val-@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Val-\Cookies\val-@atwola[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Val-\Cookies\val-@bs.serving-sys[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Val-\Cookies\val-@doubleclick[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Val-\Cookies\val-@serving-sys[2].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Val-\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Val-\Desktop\ComboFix.exe[nircmd.cfexe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Val-\Desktop\SmitfraudFix\Process.exe Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Val-\Desktop\SmitfraudFix\Reboot.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Val-\Desktop\SmitfraudFix\restart.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Val-\Local Settings\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\Cache\7ED6F4AAd01[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Val-\Local Settings\Application Data\Mozilla\Firefox\Profiles\sd4rr7zs.default\Cache\7ED6F4AAd01[nircmd.cfexe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Val-\My Documents\Downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe] Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Val-\My Documents\Downloads\SmitfraudFix.zip[SmitfraudFix/Reboot.exe] Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Val-\My Documents\Downloads\SmitfraudFix.zip[SmitfraudFix/restart.exe] Last edited by Val-; 10-14-2007 at 12:09 AM. |
|
|
|
|
10-14-2007, 12:14 AM
|
#14 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista
|
Re: IE popups not going away!
Hi,
Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu. -------------------------------------------------------------------- Your logs are clean. If there aren't any more problems, please continue with the following procedure. The command below will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point. Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK: ComboFix /u -------------------------------------------------------------------- To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically. How is your system behaving now? |
|
|
|
|
10-14-2007, 12:43 AM
|
#15 (permalink) |
|
I hate spyware :/
Join Date: Oct 2007
Posts: 9
OS: XP
|
Re: IE popups not going away!
Everything seems to be running smooth now. I'm so relieved. I've been dealing with this all day!
Thank you so much! I'll have to install Spyware blaster! Thank you, again! Definitely deserving of my donation :) -Val Last edited by Val-; 10-14-2007 at 12:45 AM. |
|
|
|
| Thread Tools | |
|
|
located at the bottom of the page.
then click 
