Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Constant IE popups, core.cache.dsk, vundo, and more! Please help!
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 03-21-2008, 12:03 AM   #1 (permalink)
Registered User
 
Join Date: Mar 2008
Posts: 5
OS: XP


Constant IE popups, core.cache.dsk, vundo, and more! Please help!
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-21 00:51:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:29 AM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\DOCUME~1\ADMINI~1\Desktop\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://corner-carvers.com/forums/index.php?s=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3BB40A17-ABF6-46A3-9302-5DB7FCBF91E8} - (no file)
O2 - BHO: (no name) - {3E339FBE-2E28-5CF9-0211-5200B7CEDABB} - C:\WINDOWS\system32\mmknujsh.dll__SpybotSDDisabled (file missing)
O2 - BHO: (no name) - {6556BA68-FA9F-40BF-9C2E-CE957DAF731C} - (no file)
O2 - BHO: (no name) - {69F08224-5FEC-446C-8FFE-15390F54C36A} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {E04D2EF7-7FC0-4902-94D6-512B6522DED1} - C:\WINDOWS\system32\jkhfc.dll (file missing)
O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - C:\WINDOWS\system32\gebcyyv.dll__SpybotSDDisabled (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O15 - Trusted Zone: http://usa.kaspersky.com
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://*.kasperskyusa.com
O15 - Trusted Zone: http://www.pandasecurity.com
O15 - Trusted Zone: http://housecall65.trendmicro.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130982446750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199056992937
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: gebcyyv - gebcyyv.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 6069 bytes

-- Files created between 2008-02-21 and 2008-03-21 -----------------------------

2008-03-21 00:42:48 0 d-------- C:\Program Files\SpywareBlaster
2008-03-21 00:28:59 0 d-------- C:\WINDOWS\pss
2008-03-20 22:53:14 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-20 22:53:13 0 d-------- C:\WINDOWS\LastGood
2008-03-19 15:05:43 0 d-------- C:\Program Files\MSXML 6.0
2008-03-18 17:15:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
2008-03-18 17:15:24 0 d-------- C:\Program Files\NCH Software
2008-03-18 17:14:48 0 d-------- C:\Program Files\NCH Swift Sound
2008-03-18 16:10:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-03-18 16:10:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-03-18 16:09:47 256 --a------ C:\WINDOWS\system32\pool.bin
2008-03-18 16:09:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Research In Motion
2008-03-18 16:03:37 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-18 16:03:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-18 16:00:08 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-18 16:00:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-18 16:00:07 0 d-------- C:\Program Files\Roxio
2008-03-18 15:59:42 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-18 15:51:04 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-03-18 15:51:03 0 d-------- C:\Program Files\Research In Motion
2008-03-13 18:02:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Seagate
2008-03-13 17:58:31 392320 --a------ C:\WINDOWS\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
2008-03-13 17:58:31 32768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>
2008-03-13 17:56:52 0 d-------- C:\Program Files\Common Files\Seagate
2008-03-13 17:56:51 0 d-------- C:\Program Files\Seagate
2008-03-08 00:57:58 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-08 00:57:58 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-08 00:56:05 80160 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-08 00:56:05 5209376 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-08 00:56:03 0 d-------- C:\Program Files\Kaspersky Lab
2008-03-08 00:19:55 0 d-------- C:\kav
2008-03-08 00:06:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-07 23:59:49 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-03-04 23:47:49 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-03-02 02:20:07 0 d-------- C:\Program Files\Outerinfo
2008-03-02 02:20:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\??stem32
2008-02-29 20:34:20 0 d-------- C:\Program Files\FileASSASSIN
2008-02-29 19:36:28 285345 --ahs---- C:\WINDOWS\system32\cfhkj.ini2
2008-02-29 19:00:54 0 d--hs---- C:\WINDOWS\TGV3aXMgVGFubmVy
2008-02-29 19:00:33 86016 -----n--- C:\WINDOWS\system32\drivers\wanarpp.sys
2008-02-29 19:00:27 0 d-------- C:\WINDOWS\system32\x3
2008-02-29 19:00:27 0 d-------- C:\WINDOWS\system32\s7
2008-02-29 19:00:27 0 d-------- C:\WINDOWS\system32\k8
2008-02-29 19:00:27 0 d-------- C:\WINDOWS\system32\c4
2008-02-29 19:00:27 0 d-------- C:\WINDOWS\system32\c2
2008-02-29 19:00:26 0 d-------- C:\Program Files\Common Files\M?crosoft
2008-02-29 19:00:09 0 d-------- C:\WINDOWS\system32\iDlo01
2008-02-29 14:14:47 0 d-------- C:\WINDOWS\system32\DRIVERS2


-- Find3M Report ---------------------------------------------------------------

2008-03-20 23:36:43 0 d-------- C:\Program Files\SmartFTP
2008-03-20 22:39:46 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-20 16:41:19 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-18 16:00:08 0 d-------- C:\Program Files\Common Files
2008-03-18 16:00:08 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-08 14:54:08 0 d-------- C:\Program Files\Pinnacle
2008-03-08 03:59:32 0 d-------- C:\Program Files\Common Files\M?crosoft
2008-03-08 03:59:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\??stem32
2008-02-29 21:59:34 0 d-------- C:\Program Files\Real Alternative
2008-02-29 21:59:32 0 d-------- C:\Program Files\SpamBayes
2008-02-29 21:59:31 0 d-------- C:\Program Files\Oriens Solution
2008-02-06 10:14:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-05 20:50:32 0 d-------- C:\Program Files\Movie Maker
2008-02-05 20:50:31 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-05 20:50:30 0 d-------- C:\Program Files\messenger
2008-02-05 20:50:29 0 d-------- C:\Program Files\Java Web Start
2008-02-05 20:50:28 0 d-------- C:\Program Files\ICQ
2008-02-05 20:50:28 0 d-------- C:\Program Files\AIM
2008-02-05 20:50:27 0 d-------- C:\Program Files\FinePixViewer
2008-01-22 20:42:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-01-22 20:36:39 0 d-------- C:\Program Files\WinAVI Video Converter
2007-12-30 18:12:09 155 --a------ C:\DelUS.bat
2007-12-30 16:26:20 4 --a------ C:\WINDOWS\vx86036.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BB40A17-ABF6-46A3-9302-5DB7FCBF91E8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E339FBE-2E28-5CF9-0211-5200B7CEDABB}]
C:\WINDOWS\system32\mmknujsh.dll__SpybotSDDisabled

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6556BA68-FA9F-40BF-9C2E-CE957DAF731C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69F08224-5FEC-446C-8FFE-15390F54C36A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E04D2EF7-7FC0-4902-94D6-512B6522DED1}]
C:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED120D76-BF31-412C-A99B-783C6676E128}]
C:\WINDOWS\system32\gebcyyv.dll__SpybotSDDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [10/29/2004 05:50 PM C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 07:36 PM]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [04/19/2007 09:24 PM]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [04/19/2007 09:38 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [04/19/2007 09:29 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/29/2004 05:50 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec Network Driver Update Warning"=C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{ED120D76-BF31-412C-A99B-783C6676E128}"= C:\WINDOWS\system32\gebcyyv.dll__SpybotSDDisabled [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcyyv]
gebcyyv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhfc.dll relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"84294dc4"=rundll32.exe "C:\WINDOWS\system32\kuhipnyu.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"84294dc4"=rundll32.exe "C:\WINDOWS\system32\kuhipnyu.dll",b
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
"TraySantaCruz"=C:\WINDOWS\system32\tbctray.exe
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53d30d56-b753-11dc-8817-00095b2880ef}]
AutoRun\command- E:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-03-21 00:51:53 ------------

DSS didn't create an extra.txt file. It's just not on my system.

Here's my activescan log:

Incident Status Location

Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Possible Virus. Not disinfected C:\Deckard\System Scanner\20080310203555\backup\WINDOWS\temp\ASHeuristic\UE_exe.vir
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.zow\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Application Data\Phoenix\Profiles\default\j4905quq.slt\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Phoenix\Profiles\default\j4905quq.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Application Data\Phoenix\Profiles\default\j4905quq.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Phoenix\Profiles\default\j4905quq.slt\cookies.txt[.com.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Phoenix\Profiles\default\j4905quq.slt\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Phoenix\Profiles\default\j4905quq.slt\cookies.txt[.perf.overture.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\default.lbe\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\default.lbe\cookies.txt[statse.webtrendslive.com/S132910]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\default.lbe\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\default.lbe\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\default.lbe\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Lewis Tanner\Application Data\Mozilla\Firefox\Profiles\default.mjl\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Lewis Tanner\Application Data\Mozilla\Firefox\Profiles\default.mjl\cookies.txt[.atdmt.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Lewis Tanner\Application Data\Mozilla\Firefox\Profiles\default.mjl\cookies.txt[.centrport.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Lewis Tanner\Application Data\Mozilla\Firefox\Profiles\default.mjl\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Lewis Tanner\Cookies\lewis tanner@doubleclick[1].txt
Possible Virus. Not disinfected C:\Program Files\Outerinfo\OiUninstaller.exe[UE.exe]


Like the title says, my PC is sick, sick, sick. Nothing I've tried will kill the cocktail of nasty that seems to be growing on its own, and sometimes I'll get 10 or more popups from IE in less than 30 seconds, even if I'm not using the internet. My C drive has a red "X" next to it in my windows explorer, as if it is disconnected, and a couple of icons on my desktop relating to .jpg files (pictures that I took) are the same red "x". No combo of spybot, kaspersky, norton, or whatever else is out there has provided any permanent relief. Every time I run a scan/clean, different problems are identified and things dead end when core.cache.dsk needs to be deleted. No amount of manipulation will get rid of the thing, fileassassin included.

I disabled spybot and kasperski in order to run the panda scan, as I kept getting a blank popup when I tried to run it. They are installed, and will be restored once we get going here.

Thanks in advance for any help on this issue.
Lewis Tanner is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 03-27-2008, 07:30 PM   #2 (permalink)
Registered User
 
Join Date: Mar 2008
Posts: 5
OS: XP


Re: Constant IE popups, core.cache.dsk, vundo, and more! Please help!
bump.
Lewis Tanner is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-27-2008, 11:09 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista


Re: Constant IE popups, core.cache.dsk, vundo, and more! Please help!
Hello Lewis Tanner and welcome,

We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first. It is a quick procedure.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-28-2008, 08:11 PM   #4 (permalink)
Registered User
 
Join Date: Mar 2008
Posts: 5
OS: XP


Re: Constant IE popups, core.cache.dsk, vundo, and more! Please help!
COMBOFIX LOG
ComboFix 08-03-20.5 - Administrator 2008-03-28 2:21:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.592 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\STEM32~1
C:\Program Files\Common Files\mcroso~1
C:\Program Files\Common Files\mcroso~1\M?crosoft\
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\temp\tn3
C:\WINDOWS\BM871a7e58.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\c2
C:\WINDOWS\system32\c4
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.ini2
C:\WINDOWS\system32\drivers\wanarpp.sys
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\k8
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pjhaijtm.ini
C:\WINDOWS\system32\s7
C:\WINDOWS\system32\s7\gbsu011.exe
C:\WINDOWS\system32\uynpihuk.ini
C:\WINDOWS\system32\x3

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TNIDRIVER
-------\Legacy_WANARPP
-------\Service_TnIDriver
-------\Service_wanarpp


((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

2008-03-27 18:59 . 2004-08-04 02:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-27 18:59 . 2004-08-04 00:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-27 18:59 . 2004-08-04 00:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-27 18:59 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-21 12:40 . 2008-03-21 12:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-21 00:42 . 2008-03-21 00:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-21 00:40 . 2008-03-21 00:40 <DIR> d-------- C:\Deckard
2008-03-20 22:53 . 2008-03-20 23:52 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-20 22:53 . 2008-03-20 22:53 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-20 22:53 . 2008-03-20 22:53 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-20 22:53 . 2008-03-20 22:53 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-19 15:05 . 2008-03-19 15:05 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-18 17:15 . 2008-03-18 17:15 <DIR> d-------- C:\Program Files\NCH Software
2008-03-18 17:15 . 2008-03-18 17:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
2008-03-18 17:14 . 2008-03-18 17:15 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-03-18 16:10 . 2008-03-18 16:10 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-03-18 16:10 . 2008-03-18 16:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-03-18 16:10 . 2008-03-25 22:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-18 16:10 . 2008-03-18 16:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-18 16:09 . 2008-03-18 16:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Research In Motion
2008-03-18 16:09 . 2008-03-25 22:02 256 --a------ C:\WINDOWS\system32\pool.bin
2008-03-18 16:03 . 2008-03-18 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-18 16:03 . 2008-03-18 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-18 16:00 . 2008-03-18 16:02 <DIR> d-------- C:\Program Files\Roxio
2008-03-18 16:00 . 2008-03-18 16:03 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-18 16:00 . 2008-03-18 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-18 15:59 . 2008-03-18 16:01 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-18 15:52 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-03-18 15:51 . 2008-03-18 15:51 <DIR> d-------- C:\Program Files\Research In Motion
2008-03-18 15:51 . 2008-03-18 15:51 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-03-13 18:07 . 2008-03-13 18:14 1,430,048 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2008-03-13 18:07 . 2008-03-13 18:15 1,024 --a------ C:\WINDOWS\system32\AutoPartNt.let
2008-03-13 18:02 . 2008-03-13 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Seagate
2008-03-13 17:58 . 2008-03-13 17:58 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2008-03-13 17:58 . 2008-03-13 17:58 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-03-13 17:58 . 2008-03-13 17:58 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-03-13 17:56 . 2008-03-13 17:56 <DIR> d-------- C:\Program Files\Seagate
2008-03-13 17:56 . 2008-03-13 17:57 <DIR> d-------- C:\Program Files\Common Files\Seagate
2008-03-13 17:27 . 2006-03-16 02:22 76,288 -ra------ C:\WINDOWS\system32\SilSupp.cpl
2008-03-13 17:27 . 2006-06-20 02:44 62,336 -ra------ C:\WINDOWS\system32\drivers\SI3112.sys
2008-03-13 17:27 . 2004-10-31 23:21 10,368 -ra------ C:\WINDOWS\system32\drivers\SiWinAcc.sys
2008-03-13 17:27 . 2006-04-17 22:49 5,504 -ra------ C:\WINDOWS\system32\drivers\SiRemFil.sys
2008-03-08 00:57 . 2008-03-08 00:57 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-08 00:57 . 2008-03-08 00:57 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-08 00:56 . 2008-03-08 00:56 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-08 00:56 . 2008-03-28 02:25 5,696,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-08 00:56 . 2008-03-28 02:25 109,344 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-08 00:56 . 2008-03-28 02:24 81,500 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-08 00:56 . 2008-03-28 02:24 13,364 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-08 00:19 . 2008-03-08 00:19 <DIR> d-------- C:\kav
2008-03-08 00:06 . 2008-03-28 02:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-07 23:59 . 2008-03-08 00:02 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-03-07 10:02 . 2008-03-07 22:34 474 --ahs---- C:\WINDOWS\system32\dkthaakb.ini
2008-03-06 09:50 . 2008-03-07 09:50 354 --ahs---- C:\WINDOWS\system32\jdyesqtp.ini
2008-03-05 09:47 . 2008-03-06 09:47 294 --ahs---- C:\WINDOWS\system32\mykenjrl.ini
2008-03-04 23:47 . 2007-06-05 11:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-04 09:44 . 2008-03-04 20:25 414 --ahs---- C:\WINDOWS\system32\budrsdfn.ini
2008-02-29 20:34 . 2008-03-04 23:42 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-02-29 19:00 . 2008-02-29 20:09 <DIR> d--hs---- C:\WINDOWS\TGV3aXMgVGFubmVy
2008-02-29 14:14 . 2008-03-01 22:34 <DIR> d-------- C:\WINDOWS\system32\DRIVERS2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 06:47 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-28 01:08 --------- d-----w C:\Program Files\SmartFTP
2008-03-27 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-21 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-21 05:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-21 03:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-18 21:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-08 19:54 --------- d-----w C:\Program Files\Pinnacle
2008-03-01 02:59 --------- d-----w C:\Program Files\SpamBayes
2008-03-01 02:59 --------- d-----w C:\Program Files\Real Alternative
2008-03-01 02:59 --------- d-----w C:\Program Files\Oriens Solution
2008-02-09 00:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-02-06 15:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-06 01:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-06 01:50 --------- d-----w C:\Program Files\Java Web Start
2008-02-06 01:50 --------- d-----w C:\Program Files\ICQ
2008-02-06 01:50 --------- d-----w C:\Program Files\FinePixViewer
2008-02-06 01:50 --------- d-----w C:\Program Files\AIM
2007-12-30 23:12 155 ----a-w C:\DelUS.bat
2004-01-30 23:23 60,816 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BB40A17-ABF6-46A3-9302-5DB7FCBF91E8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E339FBE-2E28-5CF9-0211-5200B7CEDABB}]
C:\WINDOWS\system32\mmknujsh.dll__SpybotSDDisabled

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6556BA68-FA9F-40BF-9C2E-CE957DAF731C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69F08224-5FEC-446C-8FFE-15390F54C36A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E04D2EF7-7FC0-4902-94D6-512B6522DED1}]
C:\WINDOWS\system32\jkhfc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 19:36 227856]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 21:24 1169744]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 21:38 1945688]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 21:29 149024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec Network Driver Update Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" [2004-04-30 18:02 91256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcyyv]
gebcyyv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"84294dc4"=rundll32.exe "C:\WINDOWS\system32\kuhipnyu.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"84294dc4"=rundll32.exe "C:\WINDOWS\system32\kuhipnyu.dll",b
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
"TraySantaCruz"=C:\WINDOWS\system32\tbctray.exe
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\ICQ\\Icq.exe"=
"C:\\Program Files\\Java\\j2re1.4.1_02\\bin\\javaw.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Documents and Settings\\Administrator\\Desktop\\iexplore.exe"=
"C:\\kav\\kav7\\setup.exe"=

R0 SI3112;SiI-3512 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3112.sys [2006-06-20 02:44]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]
R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys [2002-04-17 15:51]
R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys [2002-04-17 15:51]
R3 USBFVNETR;NETGEAR MA101 USB Adapter;C:\WINDOWS\system32\DRIVERS\ma101rndxp.sys [2002-02-28 07:12]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);C:\WINDOWS\system32\DRIVERS\ADSFilter.sys []
S3 iMSPQMn;iMSPQMn;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iMSPQMn.sys []
S3 RivaTuner;RivaTuner;C:\Program Files\RivaTuner\RivaTuner.sys []
S3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 22:31]
S3 vtdg46xx;vtdg46xx;C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [2002-03-21 20:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53d30d56-b753-11dc-8817-00095b2880ef}]
\Shell\AutoRun\command - E:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 07:25:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 02:25:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-28 2:27:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-28 07:27:33
.
2008-03-19 20:05:50 --- E O F ---

Hijack This log


Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-28 21:01:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:08 PM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dss(3).exe
C:\DOCUME~1\ADMINI~1\Desktop\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://corner-carvers.com/forums/index.php?s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3BB40A17-ABF6-46A3-9302-5DB7FCBF91E8} - (no file)
O2 - BHO: (no name) - {3E339FBE-2E28-5CF9-0211-5200B7CEDABB} - C:\WINDOWS\system32\mmknujsh.dll__SpybotSDDisabled (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6556BA68-FA9F-40BF-9C2E-CE957DAF731C} - (no file)
O2 - BHO: (no name) - {69F08224-5FEC-446C-8FFE-15390F54C36A} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {E04D2EF7-7FC0-4902-94D6-512B6522DED1} - C:\WINDOWS\system32\jkhfc.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://usa.kaspersky.com
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://*.kasperskyusa.com
O15 - Trusted Zone: http://www.pandasecurity.com
O15 - Trusted Zone: http://housecall65.trendmicro.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130982446750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199056992937
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: gebcyyv - gebcyyv.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 6836 bytes

-- Files created between 2008-02-28 and 2008-03-28 -----------------------------

2008-03-28 02:14:12 0 d-------- C:\cmdcons
2008-03-28 02:13:16 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-28 02:13:16 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-28 02:13:16 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-28 02:13:16 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-21 00:42:48 0 d-------- C:\Program Files\SpywareBlaster
2008-03-21 00:28:59 0 d-------- C:\WINDOWS\pss
2008-03-20 22:53:14 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-19 15:05:43 0 d-------- C:\Program Files\MSXML 6.0
2008-03-18 17:15:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
2008-03-18 17:15:24 0 d-------- C:\Program Files\NCH Software
2008-03-18 17:14:48 0 d-------- C:\Program Files\NCH Swift Sound
2008-03-18 16:10:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-03-18 16:10:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-03-18 16:09:47 256 --a------ C:\WINDOWS\system32\pool.bin
2008-03-18 16:09:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Research In Motion
2008-03-18 16:03:37 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-18 16:03:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-18 16:00:08 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-18 16:00:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-18 16:00:07 0 d-------- C:\Program Files\Roxio
2008-03-18 15:59:42 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-18 15:51:04 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-03-18 15:51:03 0 d-------- C:\Program Files\Research In Motion
2008-03-13 18:02:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Seagate
2008-03-13 17:58:31 392320 --a------ C:\WINDOWS\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
2008-03-13 17:58:31 32768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>
2008-03-13 17:56:52 0 d-------- C:\Program Files\Common Files\Seagate
2008-03-13 17:56:51 0 d-------- C:\Program Files\Seagate
2008-03-08 00:57:58 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-08 00:57:58 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-08 00:56:05 111136 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-08 00:56:05 5709344 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-08 00:56:03 0 d-------- C:\Program Files\Kaspersky Lab
2008-03-08 00:19:55 0 d-------- C:\kav
2008-03-08 00:06:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-07 23:59:49 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-03-04 23:47:49 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-29 20:34:20 0 d-------- C:\Program Files\FileASSASSIN
2008-02-29 19:00:54 0 d--hs---- C:\WINDOWS\TGV3aXMgVGFubmVy
2008-02-29 14:14:47 0 d-------- C:\WINDOWS\system32\DRIVERS2


-- Find3M Report ---------------------------------------------------------------

2008-03-28 02:21:30 0 d-------- C:\Program Files\Common Files
2008-03-28 01:47:57 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-27 20:08:27 0 d-------- C:\Program Files\SmartFTP
2008-03-20 22:39:46 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-18 16:00:08 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-08 14:54:08 0 d-------- C:\Program Files\Pinnacle
2008-02-29 21:59:34 0 d-------- C:\Program Files\Real Alternative
2008-02-29 21:59:32 0 d-------- C:\Program Files\SpamBayes
2008-02-29 21:59:31 0 d-------- C:\Program Files\Oriens Solution
2008-02-06 10:14:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-05 20:50:32 0 d-------- C:\Program Files\Movie Maker
2008-02-05 20:50:31 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-05 20:50:30 0 d-------- C:\Program Files\messenger
2008-02-05 20:50:29 0 d-------- C:\Program Files\Java Web Start
2008-02-05 20:50:28 0 d-------- C:\Program Files\ICQ
2008-02-05 20:50:28 0 d-------- C:\Program Files\AIM
2008-02-05 20:50:27 0 d-------- C:\Program Files\FinePixViewer
2007-12-30 18:12:09 155 --a------ C:\DelUS.bat
2007-12-30 16:26:20 4 --a------ C:\WINDOWS\vx86036.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BB40A17-ABF6-46A3-9302-5DB7FCBF91E8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E339FBE-2E28-5CF9-0211-5200B7CEDABB}]
C:\WINDOWS\system32\mmknujsh.dll__SpybotSDDisabled

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6556BA68-FA9F-40BF-9C2E-CE957DAF731C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69F08224-5FEC-446C-8FFE-15390F54C36A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E04D2EF7-7FC0-4902-94D6-512B6522DED1}]
C:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [10/29/2004 05:50 PM C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 07:36 PM]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [04/19/2007 09:24 PM]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [04/19/2007 09:38 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [04/19/2007 09:29 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/29/2004 05:50 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec Network Driver Update Warning"=C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcyyv]
gebcyyv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"84294dc4"=rundll32.exe "C:\WINDOWS\system32\kuhipnyu.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"84294dc4"=rundll32.exe "C:\WINDOWS\system32\kuhipnyu.dll",b
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
"TraySantaCruz"=C:\WINDOWS\system32\tbctray.exe
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53d30d56-b753-11dc-8817-00095b2880ef}]
AutoRun\command- E:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-03-28 21:02:40 ------------


After running combofix, I haven't gotten any popups, but my C drive still has a red X next to it in windows explorer, and I got an error when running DSS - an invalid procedure call. It appeared to run fine, though.

Thanks for your help with this! Sorry if I'm slow in responding, my wife just had our first child on monday and I'm not always available to check back in on this problem.
Lewis Tanner is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-28-2008, 10:53 PM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista


Re: Constant IE popups, core.cache.dsk, vundo, and more! Please help!
Congratulations to you and your wife!

No worries, this round will take care of that Red X.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Code:
File::
C:\WINDOWS\system32\dkthaakb.ini
C:\WINDOWS\system32\jdyesqtp.ini
C:\WINDOWS\system32\mykenjrl.ini
C:\WINDOWS\system32\budrsdfn.ini

Folder::
C:\WINDOWS\TGV3aXMgVGFubmVy

FolderLook::
C:\WINDOWS\system32\DRIVERS2

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BB40A17-ABF6-46A3-9302-5DB7FCBF91E8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E339FBE-2E28-5CF9-0211-5200B7CEDABB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6556BA68-FA9F-40BF-9C2E-CE957DAF731C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69F08224-5FEC-446C-8FFE-15390F54C36A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E04D2EF7-7FC0-4902-94D6-512B6522DED1}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcyyv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"84294dc4"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"84294dc4"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------

Run a new scan with HijackThis.exe and save the log.

---------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky results
New HijackThis log
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2008, 09:00 PM   #6 (permalink)
Registered User
 
Join Date: Mar 2008
Posts: 5
OS: XP


Re: Constant IE popups, core.cache.dsk, vundo, and more! Please help!
Combofix Log

ComboFix 08-03-20.5 - Administrator 2008-03-29 1:17:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.737 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\budrsdfn.ini
C:\WINDOWS\system32\dkthaakb.ini
C:\WINDOWS\system32\jdyesqtp.ini
C:\WINDOWS\system32\mykenjrl.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\budrsdfn.ini
C:\WINDOWS\system32\dkthaakb.ini
C:\WINDOWS\system32\jdyesqtp.ini
C:\WINDOWS\system32\mykenjrl.ini
C:\WINDOWS\TGV3aXMgVGFubmVy

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

2008-03-27 18:59 . 2004-08-04 02:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-27 18:59 . 2004-08-04 00:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-27 18:59 . 2004-08-04 00:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-27 18:59 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-21 12:40 . 2008-03-21 12:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-21 00:42 . 2008-03-21 00:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-21 00:40 . 2008-03-21 00:40 <DIR> d-------- C:\Deckard
2008-03-20 22:53 . 2008-03-20 23:52 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-20 22:53 . 2008-03-20 22:53 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-20 22:53 . 2008-03-20 22:53 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-20 22:53 . 2008-03-20 22:53 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-19 15:05 . 2008-03-19 15:05 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-18 17:15 . 2008-03-18 17:15 <DIR> d-------- C:\Program Files\NCH Software
2008-03-18 17:15 . 2008-03-18 17:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
2008-03-18 17:14 . 2008-03-18 17:15 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-03-18 16:10 . 2008-03-18 16:10 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-03-18 16:10 . 2008-03-18 16:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-03-18 16:10 . 2008-03-25 22:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-18 16:10 . 2008-03-18 16:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-18 16:09 . 2008-03-18 16:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Research In Motion
2008-03-18 16:09 . 2008-03-25 22:02 256 --a------ C:\WINDOWS\system32\pool.bin
2008-03-18 16:03 . 2008-03-18 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-18 16:03 . 2008-03-18 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-18 16:00 . 2008-03-18 16:02 <DIR> d-------- C:\Program Files\Roxio
2008-03-18 16:00 . 2008-03-18 16:03 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-18 16:00 . 2008-03-18 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-18 15:59 . 2008-03-18 16:01 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-18 15:52 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-03-18 15:51 . 2008-03-18 15:51 <DIR> d-------- C:\Program Files\Research In Motion
2008-03-18 15:51 . 2008-03-18 15:51 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-03-13 18:07 . 2008-03-13 18:14 1,430,048 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2008-03-13 18:07 . 2008-03-13 18:15 1,024 --a------ C:\WINDOWS\system32\AutoPartNt.let
2008-03-13 18:02 . 2008-03-13 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Seagate
2008-03-13 17:58 . 2008-03-13 17:58 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2008-03-13 17:58 . 2008-03-13 17:58 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-03-13 17:58 . 2008-03-13 17:58 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-03-13 17:56 . 2008-03-13 17:56 <DIR> d-------- C:\Program Files\Seagate
2008-03-13 17:56 . 2008-03-13 17:57 <DIR> d-------- C:\Program Files\Common Files\Seagate
2008-03-13 17:27 . 2006-03-16 02:22 76,288 -ra------ C:\WINDOWS\system32\SilSupp.cpl
2008-03-13 17:27 . 2006-06-20 02:44 62,336 -ra------ C:\WINDOWS\system32\drivers\SI3112.sys
2008-03-13 17:27 . 2004-10-31 23:21 10,368 -ra------ C:\WINDOWS\system32\drivers\SiWinAcc.sys
2008-03-13 17:27 . 2006-04-17 22:49 5,504 -ra------ C:\WINDOWS\system32\drivers\SiRemFil.sys
2008-03-08 00:57 . 2008-03-08 00:57 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-08 00:57 . 2008-03-08 00:57 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-08 00:56 . 2008-03-08 00:56 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-08 00:56 . 2008-03-29 01:22 5,738,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-08 00:56 . 2008-03-29 01:22 113,952 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-08 00:56 . 2008-03-29 01:20 82,052 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-08 00:56 . 2008-03-29 01:20 13,772 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-08 00:19 . 2008-03-08 00:19 <DIR> d-------- C:\kav
2008-03-08 00:06 . 2008-03-29 01:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-07 23:59 . 2008-03-08 00:02 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-03-04 23:47 . 2007-06-05 11:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-02-29 20:34 . 2008-03-04 23:42 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-02-29 14:14 . 2008-03-01 22:34 <DIR> d-------- C:\WINDOWS\system32\DRIVERS2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 14:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-28 06:47 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-28 01:08 --------- d-----w C:\Program Files\SmartFTP
2008-03-21 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-21 05:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-21 03:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-18 21:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-08 19:54 --------- d-----w C:\Program Files\Pinnacle
2008-03-01 02:59 --------- d-----w C:\Program Files\SpamBayes
2008-03-01 02:59 --------- d-----w C:\Program Files\Real Alternative
2008-03-01 02:59 --------- d-----w C:\Program Files\Oriens Solution
2008-02-09 00:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-02-06 15:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-06 01:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-06 01:50 --------- d-----w C:\Program Files\Java Web Start
2008-02-06 01:50 --------- d-----w C:\Program Files\ICQ
2008-02-06 01:50 --------- d-----w C:\Program Files\FinePixViewer
2008-02-06 01:50 --------- d-----w C:\Program Files\AIM
2007-12-30 23:12 155 ----a-w C:\DelUS.bat
2004-01-30 23:23 60,816 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-03-28_ 2.26.57.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-20 03:54:13 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-29 06:21:24 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-20 03:54:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-29 06:21:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-20 03:54:13 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-29 06:21:24 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 19:36 227856]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 21:24 1169744]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 21:38 1945688]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 21:29 149024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec Network Driver Update Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" [2004-04-30 18:02 91256]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
"TraySantaCruz"=C:\WINDOWS\system32\tbctray.exe
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\ICQ\\Icq.exe"=
"C:\\Program Files\\Java\\j2re1.4.1_02\\bin\\javaw.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Documents and Settings\\Administrator\\Desktop\\iexplore.exe"=
"C:\\kav\\kav7\\setup.exe"=

R0 SI3112;SiI-3512 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3112.sys [2006-06-20 02:44]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]
R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys [2002-04-17 15:51]
R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys [2002-04-17 15:51]
R3 USBFVNETR;NETGEAR MA101 USB Adapter;C:\WINDOWS\system32\DRIVERS\ma101rndxp.sys [2002-02-28 07:12]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);C:\WINDOWS\system32\DRIVERS\ADSFilter.sys []
S3 iMSPQMn;iMSPQMn;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iMSPQMn.sys []
S3 RivaTuner;RivaTuner;C:\Program Files\RivaTuner\RivaTuner.sys []
S3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 22:31]
S3 vtdg46xx;vtdg46xx;C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [2002-03-21 20:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53d30d56-b753-11dc-8817-00095b2880ef}]
\Shell\AutoRun\command - E:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 06:22:31 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 01:22:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-29 1:24:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 06:24:03
ComboFix2.txt 2008-03-28 07:27:40
.
2008-03-19 20:05:50 --- E O F ---


DSS/HJT Log

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-29 21:48:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:17 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\dss(3).exe
C:\DOCUME~1\ADMINI~1\Desktop\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://corner-carvers.com/forums/index.php?s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://usa.kaspersky.com
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://*.kasperskyusa.com
O15 - Trusted Zone: http://www.pandasecurity.com
O15 - Trusted Zone: http://housecall65.trendmicro.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130982446750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199056992937
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 6544 bytes

-- Files created between 2008-02-29 and 2008-03-29 -----------------------------

2008-03-29 16:50:06 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-29 16:50:05 0 d-------- C:\WINDOWS\LastGood
2008-03-28 02:14:12 0 d-------- C:\cmdcons
2008-03-28 02:13:16 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-28 02:13:16 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-28 02:13:16 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-28 02:13:16 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-21 00:42:48 0 d-------- C:\Program Files\SpywareBlaster
2008-03-21 00:28:59 0 d-------- C:\WINDOWS\pss
2008-03-20 22:53:14 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-19 15:05:43 0 d-------- C:\Program Files\MSXML 6.0
2008-03-18 17:15:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
2008-03-18 17:15:24 0 d-------- C:\Program Files\NCH Software
2008-03-18 17:14:48 0 d-------- C:\Program Files\NCH Swift Sound
2008-03-18 16:10:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-03-18 16:10:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-03-18 16:09:47 256 --a------ C:\WINDOWS\system32\pool.bin
2008-03-18 16:09:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Research In Motion
2008-03-18 16:03:37 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-18 16:03:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-18 16:00:08 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-18 16:00:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-18 16:00:07 0 d-------- C:\Program Files\Roxio
2008-03-18 15:59:42 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-18 15:51:04 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-03-18 15:51:03 0 d-------- C:\Program Files\Research In Motion
2008-03-13 18:02:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Seagate
2008-03-13 17:58:31 392320 --a------ C:\WINDOWS\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
2008-03-13 17:58:31 32768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>
2008-03-13 17:56:52 0 d-------- C:\Program Files\Common Files\Seagate
2008-03-13 17:56:51 0 d-------- C:\Program Files\Seagate
2008-03-08 00:57:58 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-08 00:57:58 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-08 00:56:05 118048 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-08 00:56:05 5781024 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-08 00:56:03 0 d-------- C:\Program Files\Kaspersky Lab
2008-03-08 00:19:55 0 d-------- C:\kav
2008-03-08 00:06:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-07 23:59:49 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-03-04 23:47:49 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-29 20:34:20 0 d-------- C:\Program Files\FileASSASSIN
2008-02-29 14:14:47 0 d-------- C:\WINDOWS\system32\DRIVERS2


-- Find3M Report ---------------------------------------------------------------

2008-03-29 16:55:28 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-28 02:21:30 0 d-------- C:\Program Files\Common Files
2008-03-27 20:08:27 0 d-------- C:\Program Files\SmartFTP
2008-03-20 22:39:46 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-18 16:00:08 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-08 14:54:08 0 d-------- C:\Program Files\Pinnacle
2008-02-29 21:59:34 0 d-------- C:\Program Files\Real Alternative
2008-02-29 21:59:32 0 d-------- C:\Program Files\SpamBayes
2008-02-29 21:59:31 0 d-------- C:\Program Files\Oriens Solution
2008-02-06 10:14:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-05 20:50:32 0 d-------- C:\Program Files\Movie Maker
2008-02-05 20:50:31 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-05 20:50:30 0 d-------- C:\Program Files\messenger
2008-02-05 20:50:29 0 d-------- C:\Program Files\Java Web Start
2008-02-05 20:50:28 0 d-------- C:\Program Files\ICQ
2008-02-05 20:50:28 0 d-------- C:\Program Files\AIM
2008-02-05 20:50:27 0 d-------- C:\Program Files\FinePixViewer
2007-12-30 18:12:09 155 --a------ C:\DelUS.bat
2007-12-30 16:26:20 4 --a------ C:\WINDOWS\vx86036.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [10/29/2004 05:50 PM C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 07:36 PM]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [04/19/2007 09:24 PM]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [04/19/2007 09:38 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [04/19/2007 09:29 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/29/2004 05:50 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec Network Driver Update Warning"=C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
"TraySantaCruz"=C:\WINDOWS\system32\tbctray.exe
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53d30d56-b753-11dc-8817-00095b2880ef}]
AutoRun\command- E:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-03-29 21:48:46 ------------


Kaspersky Log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 29, 2008 7:44:24 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/03/2008
Kaspersky Anti-Virus database records: 672629
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
Z:\

Scan Statistics:
Total number of scanned objects: 63132
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 4
Duration of the scan process: 01:25:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.zow\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.zow\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.zow\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.zow\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.zow\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.zow\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.zow\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\default.lbe\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\default.lbe\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\default.lbe\Mail\Local Folders\Inbox.msf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\default.lbe\Mail\Local Folders\Trash.msf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\default.lbe\Mail\mail.mindspring-6.com\Inbox.msf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\default.lbe\Mail\mail.mindspring-6.com\Junk.msf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\default.lbe\Mail\mail.mindspring-6.com\Trash.msf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\default.lbe\panacea.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\default.lbe\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Junk Suspects/17 May 2004 13:51 from Postmaster:Message has a suspicious part .eml/[From lewistanner@mindspring.com][Date Mon, 17 May 2004 09:33:48 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Junk Suspects/17 May 2004 13:51 from Postmaster:Message has a suspicious part .eml/[From lewistanner@mindspring.com][Date Mon, 17 May 2004 09:33:48 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Junk Suspects/17 May 2004 13:51 from Postmaster:Message has a suspicious part .eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: suspicious - 3 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.zow\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.zow\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.zow\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.zow\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\catchme2008-03-28_ 22540.96.zip/wanarpp.sys Infected: Rootkit.Win32.Agent.to skipped
C:\QooBox\Quarantine\catchme2008-03-28_ 22540.96.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{80FA8041-95C2-44DD-876D-0F4AF3E80500}\RP29\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\Logfiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Thanks for the congrats, it's been an exciting week!

System behavior is much improved, not displaying any overt signs of infection, but it would appear that there are some things left behind as the scans are still picking things up.

Thanks again for the assist on this, your help has been tremendous!
Lewis Tanner is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2008, 11:51 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista


Re: Constant IE popups, core.cache.dsk, vundo, and more! Please help!
You're welcome, Lewis. No doubt it's been an exciting week for you both. (but be prepared for when the adrenalin wears off, both of you will collapse.... )

You're in real good shape now. Kaspersky is only reporting backups that were created during the course of this fix. We'll take care of that shortly.

It also reporte an old e-mail from 2004. Simply empty your Outlook Express Deleted Items folder. To do so:
  • Open Outlook Express
  • Right click on Deleted Items
  • Select 'Empty Deleted Items folder'.
  • Click 'Yes' at the next popup box to succesfully empty the Deleted Items folder.

You may want to consider using these settings for your Outlook Express, which will automatically empty the deleted items folder upon exit:

Go to Tools > Options
Under the Maintenance Tab, checkmark the following boxes:

* Empty messages from 'Deleted item' folder on exit
* Purge deleted messages when leaving IMAP folders

-------------------------------------------

If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out ComboFix.exe, as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-30-2008, 10:09 PM   #8 (permalink)
Registered User
 
Join Date: Mar 2008
Posts: 5
OS: XP


Re: Constant IE popups, core.cache.dsk, vundo, and more! Please help!
Looks like we're good to go! I haven't used outlook in years, so it will just go away when I uninstall it.

Thanks again for the help, Ried! Trying to view family pictures with the wife while dozens of popups for porn sites and cheap ****** appeared was not entertaining... :)
Lewis Tanner is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:23 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85