|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
11-24-2007, 02:10 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 11
OS: Windows XP
|
Please Help, Missing dll's,and uncontrollable popups
Hi, ever since my favorite game AVP2 has been messing up on me i have been experiencing problems with my computer. I'v been getting missing dll files error windows(3 different dll's) and very annoying popups from a supposably window antivirus and wouldn't let me close the window. I have recently just reformatted my computer because of a problem like this and would prefer not to do that again.i have also tried to do a system restore on my computer but it just restarts and says it couldn't restore from that date. i have a log file from highjackthis so maybe someone can help me with my annoying problem.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:59:56 AM, on 11/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Joey\My Documents\HiJackThis files\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=w....aspx&id=64855 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {C6863340-CE79-4ECE-AA21-9775F12DDC84} - C:\WINDOWS\system32\ddccy.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joey\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10802} (FlyLoader Class) - http://www.flycalc.com/loadercalc_win.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E4A0E30D-BDE5-42CD-8B4C-83A73ACD2F99}: NameServer = 207.164.234.193 206.47.244.137 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 7601 bytes |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-26-2007, 12:03 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Nov 2005
Location: UK
Posts: 1,968
OS: xp
|
Re: Please Help, Missing dll's,and uncontrollable popups
Hi mralien420 and welcome to TSF
Sorry for the delay in getting to you, the forum has been really busy and all our helpers are volunteers. ------------------------ Please download VundoFix.exe to your desktop
------------------------ 1. Download combofix to your desktop 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ------------------------ Download Deckard's System Scanner to your Desktop. Note: You must be logged onto an account with administrator privileges.
To attach a file to a new post, simply
What DSS will do:
------------------------ Required Logs c:\vundofix.txt c:\combofix.txt main.txt extra.txt (attached) |
|
|
|
|
11-27-2007, 12:43 PM
|
#3 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 11
OS: Windows XP
|
Re: Please Help, Missing dll's,and uncontrollable popups
ok, so i ran vondo and i recieced an error message:
------------------------------------------------------------------------ runtime error! program:....Files\Common Files\Symantec Shared\Appcore\AppSvc32.exe R6025 -pure virtual function call ------------------------------------------------------------------------ no i kinda thought it was my anti virus interferring with vondo but i don't know. plus vondo still kept searching but found nothing and no log was given. so what should i do? (thank you so much for helping, im glad there are ppl like u helping ppl like me) |
|
|
|
|
11-28-2007, 10:23 AM
|
#5 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 11
OS: Windows XP
|
Re: Please Help, Missing dll's,and uncontrollable popups
ComboFix 07-11-19.4C - Joey 2007-11-28 12:18:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.194 [GMT -5:00] Running from: C:\Documents and Settings\Joey\My Documents\HiJackThis files\combofix\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\Documents and Settings\Joey\Desktop\internetgamebox.lnk c:\Documents and Settings\Joey\Local Settings\Application Data\timzgthubf.dat C:\Documents and Settings\Joey\Local Settings\Application Data\timzgthubf.exe c:\Documents and Settings\Joey\Local Settings\Application Data\timzgthubf_nav.dat c:\Documents and Settings\Joey\Local Settings\Application Data\timzgthubf_navps.dat C:\Documents and Settings\Joey\Start Menu\Programs\InternetGameBox C:\Documents and Settings\Joey\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk C:\Documents and Settings\Joey\Start Menu\Programs\InternetGameBox\Privacy Policy.lnk C:\Documents and Settings\Joey\Start Menu\Programs\InternetGameBox\Terms and conditions.lnk C:\Documents and Settings\Joey\Start Menu\Programs\InternetGameBox\Website.lnk C:\Program Files\internetgamebox C:\Program Files\internetgamebox\InternetGameBox.exe C:\Program Files\internetgamebox\language C:\Program Files\internetgamebox\Privacy Policy.url C:\Program Files\internetgamebox\ressources\AttenteOff.html C:\Program Files\internetgamebox\ressources\AttenteOn.html C:\Program Files\internetgamebox\ressources\configv2_en.xml C:\Program Files\internetgamebox\ressources\configv2_es.xml C:\Program Files\internetgamebox\ressources\configv2_fr.xml C:\Program Files\internetgamebox\ressources\favoris\defaultv2.swf C:\Program Files\internetgamebox\ressources\NoS2F.bin C:\Program Files\internetgamebox\skins\skinv2.skn C:\Program Files\internetgamebox\Terms and conditions.url C:\Program Files\internetgamebox\uninst.exe C:\Program Files\internetgamebox\Website.url C:\WINDOWS\cookies.ini C:\WINDOWS\system32\nvs2.inf . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-27 14:27 <DIR> d-------- C:\VundoFix Backups 2007-11-21 20:44 <DIR> d-------- C:\Database 2007-11-21 20:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-21 20:29 <DIR> d-------- C:\FPSYS 2007-11-21 08:57 <DIR> d-------- C:\Program Files\IMVU 2007-11-21 08:57 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\IMVU 2007-11-13 16:04 <DIR> d-------- C:\Program Files\DivX 2007-11-10 18:25 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\ArcSoft 2007-11-10 18:19 <DIR> d-------- C:\Program Files\Common Files\ArcSoft 2007-11-10 18:19 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll 2007-11-10 18:19 245,408 --a------ C:\WINDOWS\system32\unicows.dll 2007-11-07 17:22 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-11-07 17:22 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2007-11-07 17:19 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-11-07 17:19 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-11-06 10:49 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2007-11-06 10:49 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2007-11-06 10:49 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2007-11-06 10:49 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2007-11-06 10:49 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2007-11-06 10:49 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2007-11-04 16:18 <DIR> d-------- C:\Program Files\Download Manager 2007-11-04 16:18 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\IGN_DLM 2007-11-03 22:48 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\MilkShape 3D 1.x.x 2007-10-30 19:55 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll 2007-10-30 19:55 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll 2007-10-30 19:55 191,536 --a------ C:\WINDOWS\system32\drivers\symtdi.sys 2007-10-30 19:55 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys 2007-10-30 19:55 39,856 --a------ C:\WINDOWS\system32\drivers\symids.sys 2007-10-30 19:55 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys 2007-10-30 19:55 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys 2007-10-30 19:55 27,696 --a------ C:\WINDOWS\system32\drivers\symredrv.sys 2007-10-30 19:55 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys 2007-10-30 19:24 12,963 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat 2007-10-30 19:24 1,358 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf 2007-10-30 19:09 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-10-30 19:09 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-10-30 19:09 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-28 03:04 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2007-11-28 03:04 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2007-11-28 03:04 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2007-11-27 20:41 --------- d-----w C:\Documents and Settings\Joey\Application Data\LimeWire 2007-11-27 19:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-26 13:57 --------- d-----w C:\Documents and Settings\Joey\Application Data\Creative 2007-11-23 16:00 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-13 01:18 --------- d-----w C:\Program Files\Common Files\Real 2007-11-10 23:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-23 21:43 --------- d-----w C:\Program Files\Yahoo! 2007-10-23 21:24 --------- d-----w C:\Program Files\Java 2007-10-23 21:08 428,485 --sh--w C:\WINDOWS\system32\yccdd.ini2 2007-10-23 13:34 426,320 --sh--w C:\WINDOWS\system32\yccdd.bak2 2007-10-21 00:22 --------- d-----w C:\Documents and Settings\Joey\Application Data\pixelStorm 2007-10-20 16:36 --------- d-----w C:\Program Files\Symantec 2007-10-20 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-10-19 02:13 --------- d-----w C:\Documents and Settings\Joey\Application Data\Eyeblaster 2007-10-19 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom 2007-10-18 21:21 6,465 --sh--w C:\WINDOWS\system32\yccdd.bak1 2007-10-17 02:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-10-17 02:29 --------- d-----w C:\Documents and Settings\Joey\Application Data\PlayFirst 2007-10-17 02:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-10-16 22:15 --------- d-----w C:\Program Files\Real 2007-10-12 22:52 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2007-10-09 13:23 --------- d-----w C:\Program Files\Common Files\NSV 2007-10-06 22:59 --------- d-----w C:\Program Files\BlackAngel Software 2007-10-06 21:19 --------- d-----w C:\Program Files\Audible 2007-10-06 21:08 --------- d-----w C:\Program Files\Creative 2007-10-06 21:04 --------- d--h--w C:\Program Files\Creative Installation Information 2007-10-06 21:03 --------- d-----w C:\Program Files\Common Files\Creative 2007-10-06 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative 2007-10-06 01:24 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-10-06 01:22 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-10-06 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-10-06 00:34 28,624 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-05 15:47 --------- d-----w C:\Program Files\SSI 2007-10-05 13:44 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-10-05 13:32 --------- d-----w C:\Program Files\Winamp 2007-10-05 12:21 --------- d-----w C:\Documents and Settings\Joey\Application Data\AdobeUM 2007-10-05 12:18 286,720 ----a-w C:\WINDOWS\iun506.exe 2007-10-05 12:18 --------- d-----w C:\Program Files\ResChanger XP 2007-10-05 12:14 --------- d-----w C:\Program Files\AMDAGP 2007-10-05 02:10 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-04 00:05 --------- d-----w C:\Program Files\Ubisoft 2007-10-03 23:57 --------- d-----w C:\Program Files\Bullfrog 2007-10-03 23:49 --------- d-----w C:\Program Files\THQ 2007-10-03 23:47 --------- d-----w C:\Documents and Settings\Joey\Application Data\InstallShield 2007-10-03 23:00 --------- d-----w C:\Program Files\DIFX 2007-10-03 23:00 --------- d-----w C:\Program Files\AMD 2007-10-03 22:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-03 22:58 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2007-10-03 22:58 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys 2007-10-03 22:53 --------- d-----w C:\Program Files\Aspyr 2007-10-03 21:54 --------- d-----w C:\Program Files\EA GAMES 2007-10-03 21:53 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-03 21:50 --------- d-----w C:\Program Files\Fox 2007-10-03 21:47 --------- d-----w C:\Program Files\directx 2007-10-03 21:37 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-03 21:29 --------- d-----w C:\Documents and Settings\Joey\Application Data\Ahead 2007-10-03 21:27 --------- d-----w C:\Program Files\Nero 2007-10-03 21:27 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-03 21:20 --------- d-----w C:\Program Files\WinZip Self-Extractor 2007-10-03 21:03 --------- d-----w C:\Documents and Settings\Joey\Application Data\InterTrust 2007-10-03 20:58 --------- d-----w C:\Program Files\CONEXANT 2007-10-03 19:04 --------- d-----w C:\Program Files\LimeWire 2007-10-03 19:00 --------- d-----w C:\Program Files\Common Files\Java 2007-10-03 18:57 --------- d-----w C:\Program Files\MSN Messenger 2007-10-03 18:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-03 18:40 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-03 18:40 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-03 18:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-03 18:34 --------- d-----w C:\Documents and Settings\Joey\Application Data\Yahoo! 2007-10-03 18:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-10-03 17:49 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6863340-CE79-4ECE-AA21-9775F12DDC84}] C:\WINDOWS\system32\ddccy.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 12:48] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59] "osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 02:11] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "amd_dc_opt"="C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 14:42] "NvCplDaemon"="RUNDLL32.exe" [2004-08-12 09:04 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2005-08-02 15:35 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-12 09:04 C:\WINDOWS\system32\rundll32.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^IMVU.lnk] path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\IMVU.lnk backup=C:\WINDOWS\pss\IMVU.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResChangerXP] 2002-02-14 13:33 600576 --a------ C:\Program Files\ResChanger XP\ResChangerXP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2007-05-14 17:22 35328 --a------ C:\Program Files\Winamp\winampa.exe R2 IOPort;IOPort;\??\C:\WINDOWS\system32\DRIVERS\IOPORT.SYS R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys R2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys S3 AMDPCI;AMDPCI;\??\C:\DOCUME~1\Joey\LOCALS~1\Temp\AMDPCI.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9235da41-71be-11dc-b815-806d6172696f}] \Shell\AutoRun\command - D:\avp2.exe *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-11-27 01:35:26 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Joey.job" . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-28 12:21:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-28 12:22:21 . --- E O F --- |
|
|
|
|
11-28-2007, 10:30 AM
|
#6 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 11
OS: Windows XP
|
Re: Please Help, Missing dll's,and uncontrollable popups
Deckard's System Scanner v20071014.68
Run by Joey on 2007-11-28 12:27:18 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 82: 2007-11-28 17:27:21 UTC - RP82 - Deckard's System Scanner Restore Point 81: 2007-11-28 17:18:26 UTC - RP81 - ComboFix created restore point 80: 2007-11-27 00:07:58 UTC - RP80 - System Checkpoint 79: 2007-11-24 20:32:43 UTC - RP79 - Restore Operation 78: 2007-11-24 20:29:45 UTC - RP78 - Restore Operation -- First Restore Point -- 1: 2007-10-18 21:20:55 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 511 MiB (512 MiB recommended). -- HijackThis (run as Joey.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:28:04 PM, on 11/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Joey\Desktop\dss.exe C:\DOCUME~1\Joey\MYDOCU~1\HIJACK~1\Joey.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=w....aspx&id=64855 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {C6863340-CE79-4ECE-AA21-9775F12DDC84} - C:\WINDOWS\system32\ddccy.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joey\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10802} (FlyLoader Class) - http://www.flycalc.com/loadercalc_win.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E4A0E30D-BDE5-42CD-8B4C-83A73ACD2F99}: NameServer = 207.164.234.193 206.47.244.137 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 7551 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 atksgt - c:\windows\system32\drivers\atksgt.sys R2 IOPort - c:\windows\system32\drivers\ioport.sys <Not Verified; Erik Salaj; IOPort> R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys R3 AmdTools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys <Not Verified; AMD, Inc.; Special Tools Driver> S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing) S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing) S3 AMDPCI - c:\docume~1\joey\locals~1\temp\amdpci.sys (file missing) S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters> S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: nVidia WDM Video Capture (universal) Device ID: DISPLAY\NVCAP\5&2A95BE&1&CA000002&01&00 Manufacturer: nVidia Name: nVidia WDM Video Capture (universal) PNP Device ID: DISPLAY\NVCAP\5&2A95BE&1&CA000002&01&00 Service: nvcap -- Scheduled Tasks ------------------------------------------------------------- 2007-11-26 20:35:26 574 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Joey.job -- Files created between 2007-10-28 and 2007-11-28 ----------------------------- 2007-11-27 14:27:10 0 d-------- C:\VundoFix Backups 2007-11-21 20:44:14 0 d-------- C:\Database 2007-11-21 20:38:11 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-21 20:29:08 0 d-------- C:\FPSYS 2007-11-21 08:57:24 0 d-------- C:\Documents and Settings\Joey\Application Data\IMVU 2007-11-21 08:57:09 0 d-------- C:\Program Files\IMVU 2007-11-13 16:04:18 0 d-------- C:\Program Files\DivX 2007-11-10 18:25:45 0 d-------- C:\Documents and Settings\Joey\Application Data\ArcSoft 2007-11-10 18:24:34 0 d-------- C:\WINDOWS\pss 2007-11-10 18:19:03 0 d-------- C:\Program Files\Common Files\ArcSoft 2007-11-04 16:18:52 0 d-------- C:\Program Files\Download Manager 2007-11-04 16:18:05 0 d-------- C:\Documents and Settings\Joey\Application Data\IGN_DLM 2007-11-03 22:48:21 0 d-------- C:\Documents and Settings\Joey\Application Data\MilkShape 3D 1.x.x 2007-10-30 19:05:26 0 d-------- C:\WINDOWS\network diagnostic -- Find3M Report --------------------------------------------------------------- 2007-11-28 12:27:54 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-11-27 22:04:35 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll 2007-11-27 22:04:35 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll 2007-11-27 22:04:35 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll 2007-11-27 15:41:17 0 d-------- C:\Documents and Settings\Joey\Application Data\LimeWire 2007-11-26 08:57:26 0 d-------- C:\Documents and Settings\Joey\Application Data\Creative 2007-11-23 11:00:40 0 d-------- C:\Program Files\Windows Media Connect 2 2007-11-12 20:18:01 0 d-------- C:\Program Files\Common Files\Real 2007-11-10 22:29:04 0 d-------- C:\Documents and Settings\Joey\Application Data\Adobe 2007-11-10 18:19:03 0 d-------- C:\Program Files\Common Files 2007-11-10 18:19:00 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-10-23 16:43:19 0 d-------- C:\Program Files\Yahoo! 2007-10-23 16:24:32 0 d-------- C:\Documents and Settings\Joey\Application Data\Sun 2007-10-23 16:24:11 0 d-------- C:\Program Files\Java 2007-10-23 16:08:03 428485 ---hs---- C:\WINDOWS\system32\yccdd.ini2 2007-10-23 08:34:53 426320 ---hs---- C:\WINDOWS\system32\yccdd.bak2 2007-10-20 19:22:48 0 d-------- C:\Documents and Settings\Joey\Application Data\pixelStorm 2007-10-20 19:22:31 17 --a------ C:\WINDOWS\popcinfo.dat 2007-10-20 11:36:30 0 d-------- C:\Program Files\Symantec 2007-10-18 21:13:26 0 d-------- C:\Documents and Settings\Joey\Application Data\Eyeblaster 2007-10-18 16:55:53 40 --a------ C:\WINDOWS\RSoftInfo.dat 2007-10-18 16:21:13 6465 ---hs---- C:\WINDOWS\system32\yccdd.bak1 2007-10-16 21:29:40 0 d-------- C:\Documents and Settings\Joey\Application Data\PlayFirst 2007-10-16 18:36:59 4096 --a------ C:\WINDOWS\d3dx.dat 2007-10-16 17:15:13 0 d-------- C:\Program Files\Real 2007-10-12 17:52:29 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial> 2007-10-09 08:23:41 0 d-------- C:\Program Files\Common Files\NSV 2007-10-06 17:59:14 0 d-------- C:\Program Files\BlackAngel Software 2007-10-06 16:19:29 0 d-------- C:\Program Files\Audible 2007-10-06 16:08:26 0 d-------- C:\Program Files\Creative 2007-10-06 16:04:50 0 d--h----- C:\Program Files\Creative Installation Information 2007-10-06 16:03:52 0 d-------- C:\Program Files\Common Files\Creative 2007-10-05 10:47:33 0 d-------- C:\Program Files\SSI 2007-10-05 08:32:21 0 d-------- C:\Program Files\Winamp 2007-10-05 07:21:29 0 d-------- C:\Documents and Settings\Joey\Application Data\AdobeUM 2007-10-05 07:18:44 0 d-------- C:\Program Files\ResChanger XP 2007-10-05 07:18:19 286720 --a------ C:\WINDOWS\iun506.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller> 2007-10-05 07:14:44 0 d-------- C:\Program Files\AMDAGP 2007-10-04 21:10:44 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; > 2007-10-03 19:05:17 0 d-------- C:\Program Files\Ubisoft 2007-10-03 18:59:49 287 --a------ C:\WINDOWS\EReg072.dat 2007-10-03 18:57:15 0 d-------- C:\Program Files\Bullfrog 2007-10-03 18:49:02 0 d-------- C:\Program Files\THQ 2007-10-03 18:47:05 0 d-------- C:\Documents and Settings\Joey\Application Data\InstallShield 2007-10-03 18:00:54 0 d-------- C:\Program Files\DIFX 2007-10-03 18:00:08 0 d-------- C:\Program Files\AMD 2007-10-03 17:59:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-03 17:53:08 0 d-------- C:\Program Files\Aspyr 2007-10-03 16:54:29 0 d-------- C:\Program Files\EA GAMES 2007-10-03 16:53:25 0 d-------- C:\Program Files\Common Files\InstallShield 2007-10-03 16:50:43 0 d-------- C:\Program Files\Fox 2007-10-03 16:47:41 0 d-------- C:\Program Files\directx 2007-10-03 16:37:32 0 d-------- C:\Program Files\Common Files\Adobe 2007-10-03 16:29:03 0 d-------- C:\Documents and Settings\Joey\Application Data\Ahead 2007-10-03 16:27:56 0 d-------- C:\Program Files\Common Files\Ahead 2007-10-03 16:27:55 0 d-------- C:\Program Files\Nero 2007-10-03 16:20:02 0 d-------- C:\Program Files\WinZip Self-Extractor 2007-10-03 16:03:21 0 d-------- C:\Documents and Settings\Joey\Application Data\InterTrust 2007-10-03 15:58:23 0 d-------- C:\Program Files\CONEXANT 2007-10-03 15:43:50 0 d-------- C:\Program Files\Messenger 2007-10-03 14:04:20 0 d-------- C:\Program Files\LimeWire 2007-10-03 14:00:33 0 d-------- C:\Program Files\Common Files\Java 2007-10-03 13:57:11 0 d-------- C:\Program Files\MSN Messenger 2007-10-03 13:34:43 0 d-------- C:\Documents and Settings\Joey\Application Data\Yahoo! 2007-10-03 13:05:01 0 d-------- C:\Documents and Settings\Joey\Application Data\Macromedia 2007-10-03 13:01:46 0 d-------- C:\Program Files\Online Services 2007-10-03 12:55:34 0 d-------- C:\Documents and Settings\Joey\Application Data\Identities 2007-10-03 12:49:55 0 d-------- C:\Program Files\microsoft frontpage 2007-10-03 12:49:42 0 -rahs---- C:\MSDOS.SYS 2007-10-03 12:49:42 0 -rahs---- C:\IO.SYS 2007-10-03 12:49:42 0 --a------ C:\CONFIG.SYS 2007-10-03 12:49:42 0 --a------ C:\AUTOEXEC.BAT 2007-10-03 12:48:24 0 d--h----- C:\Program Files\WindowsUpdate 2007-10-03 12:47:37 0 d-------- C:\Program Files\Common Files\MSSoap 2007-10-03 12:47:28 0 d-------- C:\Program Files\Movie Maker 2007-10-03 12:47:01 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-10-03 12:46:11 0 d-------- C:\Program Files\MSN Gaming Zone 2007-10-03 12:46:04 0 d-------- C:\Program Files\Windows NT 2007-10-03 09:41:36 0 d-------- C:\Program Files\Common Files\ODBC 2007-10-03 09:41:33 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-10-03 09:41:11 62 --ahs---- C:\Documents and Settings\Joey\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6863340-CE79-4ECE-AA21-9775F12DDC84}] C:\WINDOWS\system32\ddccy.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 12:48 PM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM] "osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 02:11 AM] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM] "amd_dc_opt"="C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [06/28/2006 02:42 PM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/02/2005 03:35 PM] "nwiz"="nwiz.exe" [08/02/2005 03:35 PM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/02/2005 03:35 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [03/05/2007 04:57 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/3/2007 4:33:58 PM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^IMVU.lnk] path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\IMVU.lnk backup=C:\WINDOWS\pss\IMVU.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResChangerXP] C:\Program Files\ResChanger XP\ResChangerXP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST -- End of Deckard's System Scanner: finished at 2007-11-28 12:28:43 ------------ |
|
|
|
|
11-28-2007, 05:03 PM
|
#8 (permalink) | |
|
Analyst, Security Team
Join Date: Nov 2005
Location: UK
Posts: 1,968
OS: xp
|
Re: Please Help, Missing dll's,and uncontrollable popups
Hi mralien420
P2P - I see you have P2P software <Limewire> installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. ----------------------------- From Control Panel > Add/Remove Programs uninstall the following program (if it still exists) Java(TM) 6 Update 2 Leave Java(TM) 6 Update 3 as this is the latest version ----------------------------- 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ----------------------------- Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%. ----------------------------- Required Logs c:\combofix.txt Kaspersky report new HijackThis log <<< taken after the online scan Please also provide an update on system behaviour |
|
|
|
|
|
11-29-2007, 05:49 AM
|
#9 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 11
OS: Windows XP
|
Re: Please Help, Missing dll's,and uncontrollable popups
ComboFix 07-11-19.4C - Joey 2007-11-28 21:57:58.2 - NTFSx86
Running from: C:\Documents and Settings\Joey\My Documents\HiJackThis files\combofix\ComboFix.exe Command switches used :: C:\Documents and Settings\Joey\My Documents\HiJackThis files\combofix\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\yccdd.bak1 C:\WINDOWS\system32\yccdd.bak2 C:\WINDOWS\system32\yccdd.ini2 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\yccdd.bak1 C:\WINDOWS\system32\yccdd.bak2 C:\WINDOWS\system32\yccdd.ini2 . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))) . 2007-11-28 12:25 <DIR> d-------- C:\Deckard 2007-11-27 14:27 <DIR> d-------- C:\VundoFix Backups 2007-11-21 20:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-21 20:29 <DIR> d-------- C:\FPSYS 2007-11-21 08:57 <DIR> d-------- C:\Program Files\IMVU 2007-11-21 08:57 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\IMVU 2007-11-13 16:04 <DIR> d-------- C:\Program Files\DivX 2007-11-10 18:25 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\ArcSoft 2007-11-10 18:19 <DIR> d-------- C:\Program Files\Common Files\ArcSoft 2007-11-10 18:19 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll 2007-11-10 18:19 245,408 --a------ C:\WINDOWS\system32\unicows.dll 2007-11-07 17:22 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-11-07 17:22 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2007-11-07 17:19 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-11-07 17:19 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-11-06 10:49 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2007-11-06 10:49 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2007-11-06 10:49 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2007-11-06 10:49 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2007-11-06 10:49 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2007-11-06 10:49 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2007-11-04 16:18 <DIR> d-------- C:\Program Files\Download Manager 2007-11-04 16:18 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\IGN_DLM 2007-11-03 22:48 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\MilkShape 3D 1.x.x 2007-10-30 19:55 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll 2007-10-30 19:55 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll 2007-10-30 19:55 191,536 --a------ C:\WINDOWS\system32\drivers\symtdi.sys 2007-10-30 19:55 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys 2007-10-30 19:55 39,856 --a------ C:\WINDOWS\system32\drivers\symids.sys 2007-10-30 19:55 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys 2007-10-30 19:55 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys 2007-10-30 19:55 27,696 --a------ C:\WINDOWS\system32\drivers\symredrv.sys 2007-10-30 19:55 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys 2007-10-30 19:24 12,963 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat 2007-10-30 19:24 1,358 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf 2007-10-30 19:09 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-10-30 19:09 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-10-30 19:09 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-29 02:52 --------- d-----w C:\Program Files\Java 2007-11-28 20:22 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2007-11-28 20:22 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2007-11-28 20:22 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2007-11-28 17:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-27 20:41 --------- d-----w C:\Documents and Settings\Joey\Application Data\LimeWire 2007-11-26 13:57 --------- d-----w C:\Documents and Settings\Joey\Application Data\Creative 2007-11-23 16:00 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-13 01:18 --------- d-----w C:\Program Files\Common Files\Real 2007-11-10 23:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-23 21:43 --------- d-----w C:\Program Files\Yahoo! 2007-10-21 00:22 --------- d-----w C:\Documents and Settings\Joey\Application Data\pixelStorm 2007-10-20 16:36 --------- d-----w C:\Program Files\Symantec 2007-10-20 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-10-19 02:13 --------- d-----w C:\Documents and Settings\Joey\Application Data\Eyeblaster 2007-10-19 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom 2007-10-17 02:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-10-17 02:29 --------- d-----w C:\Documents and Settings\Joey\Application Data\PlayFirst 2007-10-17 02:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-10-16 22:15 --------- d-----w C:\Program Files\Real 2007-10-12 22:52 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2007-10-09 13:23 --------- d-----w C:\Program Files\Common Files\NSV 2007-10-06 22:59 --------- d-----w C:\Program Files\BlackAngel Software 2007-10-06 21:19 --------- d-----w C:\Program Files\Audible 2007-10-06 21:08 --------- d-----w C:\Program Files\Creative 2007-10-06 21:04 --------- d--h--w C:\Program Files\Creative Installation Information 2007-10-06 21:03 --------- d-----w C:\Program Files\Common Files\Creative 2007-10-06 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative 2007-10-06 01:24 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-10-06 01:22 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-10-06 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-10-06 00:34 28,624 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-05 15:47 --------- d-----w C:\Program Files\SSI 2007-10-05 13:44 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-10-05 13:32 --------- d-----w C:\Program Files\Winamp 2007-10-05 12:21 --------- d-----w C:\Documents and Settings\Joey\Application Data\AdobeUM 2007-10-05 12:18 286,720 ----a-w C:\WINDOWS\iun506.exe 2007-10-05 12:18 --------- d-----w C:\Program Files\ResChanger XP 2007-10-05 12:14 --------- d-----w C:\Program Files\AMDAGP 2007-10-05 02:10 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-04 00:05 --------- d-----w C:\Program Files\Ubisoft 2007-10-03 23:57 --------- d-----w C:\Program Files\Bullfrog 2007-10-03 23:49 --------- d-----w C:\Program Files\THQ 2007-10-03 23:47 --------- d-----w C:\Documents and Settings\Joey\Application Data\InstallShield 2007-10-03 23:00 --------- d-----w C:\Program Files\DIFX 2007-10-03 23:00 --------- d-----w C:\Program Files\AMD 2007-10-03 22:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-03 22:58 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2007-10-03 22:58 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys 2007-10-03 22:53 --------- d-----w C:\Program Files\Aspyr 2007-10-03 21:54 --------- d-----w C:\Program Files\EA GAMES 2007-10-03 21:53 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-03 21:50 --------- d-----w C:\Program Files\Fox 2007-10-03 21:47 --------- d-----w C:\Program Files\directx 2007-10-03 21:37 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-03 21:29 --------- d-----w C:\Documents and Settings\Joey\Application Data\Ahead 2007-10-03 21:27 --------- d-----w C:\Program Files\Nero 2007-10-03 21:27 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-03 21:20 --------- d-----w C:\Program Files\WinZip Self-Extractor 2007-10-03 21:03 --------- d-----w C:\Documents and Settings\Joey\Application Data\InterTrust 2007-10-03 20:58 --------- d-----w C:\Program Files\CONEXANT 2007-10-03 19:04 --------- d-----w C:\Program Files\LimeWire 2007-10-03 19:00 --------- d-----w C:\Program Files\Common Files\Java 2007-10-03 18:57 --------- d-----w C:\Program Files\MSN Messenger 2007-10-03 18:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-03 18:40 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-03 18:40 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-03 18:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-03 18:34 --------- d-----w C:\Documents and Settings\Joey\Application Data\Yahoo! 2007-10-03 18:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-10-03 17:49 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 12:48] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59] "osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 02:11] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "amd_dc_opt"="C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 14:42] "NvCplDaemon"="RUNDLL32.exe" [2004-08-12 09:04 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2005-08-02 15:35 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-12 09:04 C:\WINDOWS\system32\rundll32.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^IMVU.lnk] path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\IMVU.lnk backup=C:\WINDOWS\pss\IMVU.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResChangerXP] 2002-02-14 13:33 600576 --a------ C:\Program Files\ResChanger XP\ResChangerXP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2007-05-14 17:22 35328 --a------ C:\Program Files\Winamp\winampa.exe R2 IOPort;IOPort;\??\C:\WINDOWS\system32\DRIVERS\IOPORT.SYS R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys R2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys S3 AMDPCI;AMDPCI;\??\C:\DOCUME~1\Joey\LOCALS~1\Temp\AMDPCI.sys *Newly Created Service* - APPMGMT *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-11-27 01:35:26 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Joey.job" . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-28 22:00:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-28 22:00:36 C:\ComboFix2.txt ... 2007-11-28 12:22 . --- E O F --- |
|
|
|
|
11-29-2007, 05:53 AM
|
#10 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 11
OS: Windows XP
|
Re: Please Help, Missing dll's,and uncontrollable popups
Thursday, November 29, 2007 7:51:46 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 29/11/2007 Kaspersky Anti-Virus database records: 467967 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases false Scan Target My Computer C:\ D:\ Scan Statistics Total number of scanned objects 81610 Number of viruses found 5 Number of infected objects 9 Number of suspicious objects 0 Duration of the scan process 00:59:14 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-28_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\C9965F17.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\DDAE5A8E.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped C:\Documents and Settings\Joey\Application Data\Sun\Java\Deployment\cache\6.0\25\575b3459-43793016/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped C:\Documents and Settings\Joey\Application Data\Sun\Java\Deployment\cache\6.0\25\575b3459-43793016 ZIP: infected - 1 skipped C:\Documents and Settings\Joey\Application Data\Sun\Java\Deployment\cache\6.0\32\50c2ce60-13816e03/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped C:\Documents and Settings\Joey\Application Data\Sun\Java\Deployment\cache\6.0\32\50c2ce60-13816e03 ZIP: infected - 1 skipped C:\Documents and Settings\Joey\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Joey\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Joey\Local Settings\Temp\Perflib_Perfdata_324.dat Object is locked skipped C:\Documents and Settings\Joey\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Joey\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Joey\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Joey\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Symantec\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Symantec\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Symantec\Norton AntiVirus\AVVirus.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{7E6C9F91-DB02-44D3-8892-A66D02D59269}\RP47\A0012061.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped C:\System Volume Information\_restore{7E6C9F91-DB02-44D3-8892-A66D02D59269}\RP48\A0012140.dll Infected: Trojan-Downloader.Win32.Agent.dlu skipped C:\System Volume Information\_restore{7E6C9F91-DB02-44D3-8892-A66D02D59269}\RP48\A0012141.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped C:\System Volume Information\_restore{7E6C9F91-DB02-44D3-8892-A66D02D59269}\RP48\A0012167.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ayn skipped C:\System Volume Information\_restore{7E6C9F91-DB02-44D3-8892-A66D02D59269}\RP49\A0013265.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped C:\System Volume Information\_restore{7E6C9F91-DB02-44D3-8892-A66D02D59269}\RP84\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. |
|
|
|
|
11-29-2007, 05:55 AM
|
#11 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 11
OS: Windows XP
|
Re: Please Help, Missing dll's,and uncontrollable popups
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:38 AM, on 11/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Joey\My Documents\HiJackThis files\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=w....aspx&id=64855 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joey\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10802} (FlyLoader Class) - http://www.flycalc.com/loadercalc_win.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E4A0E30D-BDE5-42CD-8B4C-83A73ACD2F99}: NameServer = 207.164.234.193 206.47.244.137 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 7736 bytes |
|
|
|
|
11-29-2007, 06:00 AM
|
#12 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 11
OS: Windows XP
|
Re: Please Help, Missing dll's,and uncontrollable popups
hi Moral Terror, I have just noticed your small notice not to run antivirus programs while the scanner is running, just to let u know i didn't see that before and had it running while i scanned. do i need to rescan?or did it still work. honestly i was sleeping when it was scanning lol.
|
|
|
|
|
11-29-2007, 06:58 AM
|
#13 (permalink) |
|
Analyst, Security Team
Join Date: Nov 2005
Location: UK
Posts: 1,968
OS: xp
|
Re: Please Help, Missing dll's,and uncontrollable popups
Hi mralien420
No need to rescan, resident antivirus can sometimes interfere with the scan though. Kaspersky picks up a couple of items in your Java cache and some infected Restore Points which we will clear out now. Apart from that, if there are no more issues, you should be good to go Kindly follow these simple steps in order to keep your computer clean and secure:
Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein After doing all these, your system will be optimised against future threats. It's okay to delete the Hijack This folder in a couple weeks if everything is working okay. Have a safe & happy computing day.  Please respond to this thread one more time so we can mark this thread as resolved. |
|
|
|
|
11-29-2007, 12:49 PM
|
#14 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 11
OS: Windows XP
|
Re: Please Help, Missing dll's,and uncontrollable popups
Well thank you very much for the help, and all my problems that i can c and remember are gone now. If i had money i would definitly send some to u ppl, lol. anyways i was told by one of my friends that i shouldn't have any other antivirus programs running with the one i have now including my windows firewall but obviously he must be wronge, right? Plus there are so many programs to choose from, i don't know which ones will best suit me, or does it really madder since they all mostly do the same thing.
|
|
|
|
|
11-29-2007, 09:44 PM
|
#15 (permalink) |
|
Analyst, Security Team
Join Date: Nov 2005
Location: UK
Posts: 1,968
OS: xp
|
Re: Please Help, Missing dll's,and uncontrollable popups
Hi mralien420
Your friend is right about the antivirus and firewall programs. You should have only 1 of each running as they do conflict against each other and can cause undesirable results. You will still need layers of protection onboard. As a guide my home pc runs Spybot Search and Destroy with TeaTimer (realtime protection) enabled to prevent installations and registry changes without my knowledge, AVG AntiSpyware and Ad-Adaware (without realtime) to regularly scan and remove malware, Spyware Blaster to prevent ActiveX being downloaded and block some known bad sites, WinPatrol very good at managing cookies, MVPS hosts which prevents access to known bad sites (overlaps a bit with Spyware Blaster) and IE-Spyad (similar to MVPS hosts), all on top of my antivirus and firewall. The article by Tony Klein listed in my previous post is very good at explaining what you will need to stay secure. HTH
|
|
|
|
| Thread Tools | |
|
|
