Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Random popups IE 7.0 and Firefox
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 01-15-2009, 12:46 PM   #1 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 4
OS: windows xp home edition


Evil Random popups IE 7.0 and Firefox
New install of XP home edition, all security updates and service packs. I know, I should not have installed SHAREAZA and LIIMEWIRE, I have learned my lesson for the LAST time. Both programs removed. Presently have Avira, but it is not finding the problem.

The exact problem, while using IE and/or Firefox, another window will open to a web site related to all matter of subjects, sometimes to no where at all, just white screen.

Installed and ran AdAware and Spybot, cleaned up what they found, but still did not remove problem. Removed all P2P software and antivirus softwares except Avira. Finally, can not run Trend Micro house call, it just locks up.


DDS (Ver_09-01-07.01) - NTFSx86
Run by David Bell at 14:07:24.75 on Thu 01/15/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.550 [GMT -5:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\david bell\local settings\application data\kkweqgg.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\David Bell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David Bell\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [kkweqgg] "c:\documents and settings\david bell\local settings\application data\kkweqgg.exe" kkweqgg
uRun: [Google Update] "c:\documents and settings\david bell\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [CARPService] carpserv.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [Display Settings] c:\program files\hpq\notebook utilities\hptasks.exe /s
mRun: [QT4HPOT] c:\program files\hpq\one-touch\OneTouch.EXE
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [MULTIMEDIA KEYBOARD] c:\program files\netropa\multimedia keyboard\MMKeybd.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\program files\quicken\billmind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~2.lnk - c:\program files\quicken\QWDLLS.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartw~1.lnk - c:\program files\netgear\wg111 configuration utility\WG111CFG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2008-12-27 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2008-12-27 971552]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-12-24 11840]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2008-12-24 6656]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-12-24 52032]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2008-12-24 291328]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2008-12-24 244608]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-7-16 28280]
R4 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-12-24 68865]
R4 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-12-24 151297]
R4 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2009-1-9 16616]
R4 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-6-28 28952920]
R4 nhksrv;Netropa NHK Server;c:\program files\netropa\multimedia keyboard\nhksrv.exe [2008-12-24 28672]
R4 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S4 mrtRate;mrtRate; [x]

=============== Created Last 30 ================

2009-01-14 14:29 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-01-14 13:05 <DIR> --d----- c:\documents and settings\david bell\.housecall6.6
2009-01-11 08:45 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-11 08:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-11 07:57 <DIR> --d----- c:\program files\VideoLAN
2009-01-11 07:32 <DIR> --d----- c:\program files\Lavasoft
2009-01-11 01:29 <DIR> --d----- c:\program files\Yeosoft
2009-01-10 23:04 <DIR> --d----- c:\docume~1\davidb~1\applic~1\LimeWire
2009-01-10 23:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-10 23:02 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-10 22:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\92E6
2009-01-10 12:12 74,240 a------- c:\windows\system32\drivers\msqpdxgrvppjbn.sys
2009-01-10 10:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\271A
2009-01-10 04:25 <DIR> --d----- c:\docume~1\davidb~1\applic~1\Wireshark
2009-01-10 04:23 <DIR> --d----- c:\program files\WinPcap
2009-01-10 04:22 <DIR> --d----- c:\program files\Wireshark
2009-01-10 04:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\122FC
2009-01-09 23:37 60,968 a------- c:\documents and settings\david bell\GoToAssistDownloadHelper.exe
2009-01-09 22:15 <DIR> --d-h--- c:\program files\InstallJammer Registry
2009-01-09 22:13 <DIR> --d----- c:\program files\Endless Ages
2009-01-09 15:18 1,024 a------- C:\.rnd
2009-01-09 14:14 <DIR> --d----- c:\windows\speech
2009-01-09 14:13 <DIR> --d----- c:\program files\TextToMp3
2009-01-09 14:13 7,883 a------- c:\windows\Eng_UK.gpl
2009-01-09 14:13 796,672 a------- c:\windows\GPInstall.exe
2009-01-09 13:50 <DIR> --d----- c:\windows\Downloaded Installations
2009-01-09 13:06 <DIR> --d----- c:\program files\HWiNFO32
2009-01-08 19:49 0 a------- C:\testwma.raw
2009-01-08 19:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\39349
2009-01-08 19:27 483,328 a------- c:\windows\system32\actskn45.ocx
2009-01-08 18:17 <DIR> --d----- c:\program files\eMule
2009-01-08 15:56 <DIR> --d----- c:\docume~1\davidb~1\applic~1\Joomla Remote
2009-01-08 15:56 <DIR> --d----- c:\program files\Joomla Remote
2009-01-08 15:47 <DIR> --d----- c:\docume~1\davidb~1\applic~1\uTorrent
2009-01-07 23:46 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-07 23:45 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-07 23:45 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-07 23:45 117,760 -------- c:\windows\system32\prntvpt.dll
2009-01-07 23:45 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-01-07 23:45 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-07 23:45 <DIR> --d----- C:\122267ce23d9c49e306754
2009-01-07 23:45 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-01-07 23:45 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-01-07 23:44 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-07 22:46 <DIR> --d----- C:\CodeRED Alien Arena
2009-01-05 17:54 20,648 a------- c:\docume~1\davidb~1\applic~1\GDIPFONTCACHEV1.DAT
2009-01-05 13:13 <DIR> --d----- c:\program files\SyberiaDemo
2009-01-01 00:02 <DIR> --d----- c:\windows\system32\NtmsData
2008-12-31 23:58 540,000 a------- c:\windows\system32\drivers\timntr.sys
2008-12-31 23:57 <DIR> --d----- c:\program files\common files\Seagate
2008-12-31 23:57 <DIR> --d----- c:\program files\Seagate
2008-12-30 11:44 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-30 11:44 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-28 18:37 <DIR> --d----- c:\program files\PokerStars
2008-12-28 16:37 41 a------- c:\windows\loc2.INI
2008-12-28 16:37 41 a------- c:\windows\FindServ.INI
2008-12-28 15:44 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2008-12-28 15:44 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-28 09:21 198,656 a------- c:\windows\system32\CNMLM7I.DLL
2008-12-28 09:21 195,072 a------- c:\windows\system32\CNCC450.DLL
2008-12-28 09:21 139,264 a------- c:\windows\system32\CNCL450.DLL
2008-12-28 09:21 106,496 a------- c:\windows\system32\cncisco.dll
2008-12-28 09:21 37,888 a------- c:\windows\system32\CNCI450.DLL
2008-12-27 22:07 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2008-12-27 22:07 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2008-12-27 22:07 91,136 ac------ c:\windows\system32\dllcache\kswdmcap.ax
2008-12-27 22:07 61,952 ac------ c:\windows\system32\dllcache\kstvtune.ax
2008-12-27 22:07 53,760 ac------ c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-27 22:07 43,008 ac------ c:\windows\system32\dllcache\ksxbar.ax
2008-12-27 22:07 91,136 a------- c:\windows\system32\kswdmcap.ax
2008-12-27 22:07 61,952 a------- c:\windows\system32\kstvtune.ax
2008-12-27 22:07 53,760 a------- c:\windows\system32\vfwwdm32.dll
2008-12-27 22:07 43,008 a------- c:\windows\system32\ksxbar.ax
2008-12-27 20:54 971,552 a------- c:\windows\system32\drivers\tdrpm174.sys
2008-12-27 20:54 134,272 a------- c:\windows\system32\drivers\snman380.sys
2008-12-27 20:39 <DIR> --d----- c:\docume~1\davidb~1\applic~1\Foxit
2008-12-27 20:39 <DIR> --d----- c:\program files\Foxit Software
2008-12-27 20:30 <DIR> --d----- c:\program files\common files\Protexis
2008-12-25 03:31 98,304 a------- c:\windows\system32\CmdLineExt.dll
2008-12-25 01:27 37,888 a------- c:\windows\system32\setupnt.dll
2008-12-25 00:59 <DIR> --d----- c:\program files\Areca
2008-12-24 22:07 262,328 -------- c:\windows\system32\MSDatGrd.ocx
2008-12-24 22:07 118,976 -------- c:\windows\system32\msadodc.ocx
2008-12-24 22:07 103,744 -------- c:\windows\system32\MSCOMM32.OCX
2008-12-24 22:06 415,504 -------- c:\windows\system32\msrepl35.dll
2008-12-24 22:06 252,176 -------- c:\windows\system32\MSRD2X35.DLL
2008-12-24 22:06 123,664 -------- c:\windows\system32\MSJINT35.DLL
2008-12-24 22:06 24,848 -------- c:\windows\system32\MSJTER35.DLL
2008-12-24 22:06 1,046,288 -------- c:\windows\system32\Msjet35.dll
2008-12-24 22:06 54,784 -------- c:\windows\system32\INETWH32.DLL
2008-12-24 22:06 368,912 -------- c:\windows\system32\VBAR332.DLL
2008-12-24 22:04 46 a------- c:\windows\SA2005Plus.ini
2008-12-24 22:04 106,496 -----r-- c:\windows\system32\atl71.dll
2008-12-24 22:04 57,344 -----r-- c:\windows\system32\MFC71ENU.DLL
2008-12-24 22:04 244,416 -------- c:\windows\system32\msflxgrd.ocx
2008-12-24 22:01 <DIR> --d----- c:\program files\DeLorme
2008-12-24 22:01 <DIR> --d----- c:\program files\common files\DeLorme
2008-12-24 22:01 <DIR> --d----- C:\DeLorme Docs
2008-12-24 21:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sage Software SB, Inc
2008-12-24 21:24 <DIR> --d----- c:\program files\Yahoo!
2008-12-24 20:20 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-12-24 20:20 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-24 20:20 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-12-24 20:20 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-12-24 20:20 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-24 20:20 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-12-24 20:19 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-12-24 20:19 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-12-24 20:19 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-12-24 19:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
2008-12-24 19:46 44,704 a------- c:\windows\system32\drivers\tifsfilt.sys
2008-12-24 19:46 81,280 a------- c:\windows\system32\drivers\snapman.sys
2008-12-24 19:45 368,480 a------- c:\windows\system32\drivers\tdrpman.sys
2008-12-24 19:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2008-12-24 19:35 <DIR> --d----- c:\program files\Avira
2008-12-24 19:29 19,188 a------- c:\windows\Q883956Readme.rtf
2008-12-24 19:19 <DIR> --d----- C:\SBS
2008-12-24 19:16 599 a------- c:\windows\videoimp.ini
2008-12-24 19:16 140,800 a------- c:\windows\system32\tm20dec.ax
2008-12-24 19:16 38,160 a------- c:\windows\system32\LMRTREND.dll
2008-12-24 19:16 182,032 a------- c:\windows\system32\dxtmsft3.dll
2008-12-24 19:16 63,488 a------- c:\windows\system32\unam4ie.exe
2008-12-24 19:16 10,240 a------- c:\windows\system32\vidx16.dll
2008-12-24 19:16 5,672 a------- c:\windows\system32\quartz.vxd
2008-12-24 19:16 194,320 a------- c:\windows\system32\qcut.dll
2008-12-24 19:16 11,776 a------- c:\windows\system32\mciqtz.drv
2008-12-24 19:16 4,608 a------- c:\windows\system32\w95inf32.dll
2008-12-24 19:16 2,272 a------- c:\windows\system32\w95inf16.dll
2008-12-24 19:14 <DIR> --d----- c:\program files\directx
2008-12-24 19:14 <DIR> --d----- c:\program files\D-Link
2008-12-24 19:11 0 a------- c:\windows\WININIT.INI
2008-12-24 19:11 98,304 a------- c:\windows\system32\Msikbd.dll
2008-12-24 19:11 28,672 a------- c:\windows\system32\msiosd32.dll
2008-12-24 19:11 6,656 a------- c:\windows\system32\drivers\Msikbd2k.sys
2008-12-24 19:11 245 a------- c:\windows\Msiosd.ini
2008-12-24 19:11 <DIR> --d----- c:\program files\Netropa
2008-12-24 19:09 636 a------- c:\windows\ODBC.INI
2008-12-24 19:08 <DIR> --d----- c:\program files\Microsoft ActiveSync
2008-12-24 19:06 <DIR> --d----- c:\windows\ShellNew
2008-12-24 19:06 <DIR> --d----- c:\program files\common files\L&H
2008-12-24 18:37 1,890 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-24 18:37 88 ---shr-- c:\windows\system32\3D87154364.sys
2008-12-24 18:36 <DIR> --d----- c:\docume~1\davidb~1\applic~1\IsolatedStorage
2008-12-24 18:35 536,576 a------- c:\windows\system32\msvcr70d.dll
2008-12-24 18:35 344,064 a------- c:\windows\system32\msvcr70.dll
2008-12-24 18:35 94,208 a------- c:\windows\system32\msvci70d.dll
2008-12-24 18:34 457 a------- c:\windows\system32\MAPISVC.INF
2008-12-24 18:26 <DIR> --d----- c:\docume~1\davidb~1\applic~1\ACT
2008-12-24 18:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ACT
2008-12-24 18:25 <DIR> --d----- c:\program files\Microsoft SQL Server
2008-12-24 18:25 <DIR> --d----- c:\program files\ACT
2008-12-24 18:12 <DIR> --d----- c:\windows\system32\scripting
2008-12-24 18:12 <DIR> --d----- c:\windows\system32\en
2008-12-24 18:12 <DIR> --d----- c:\windows\l2schemas
2008-12-24 18:06 <DIR> --d----- c:\windows\network diagnostic
2008-12-24 16:20 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2008-12-24 16:20 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2008-12-24 16:19 333,824 -c------ c:\windows\system32\dllcache\srv.sys
2008-12-24 16:18 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2008-12-24 16:17 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-24 16:17 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-24 16:17 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-24 16:17 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-24 16:15 375,519 -c------ c:\windows\system32\dllcache\nuskin.wmv
2008-12-24 16:10 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2008-12-24 16:09 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2008-12-24 16:07 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-12-24 16:06 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-12-24 15:37 221,184 a------- c:\windows\system32\wmpns.dll
2008-12-24 15:37 316,640 a------- c:\windows\WMSysPr9.prx
2008-12-24 15:37 <DIR> --d----- c:\windows\provisioning
2008-12-24 15:37 <DIR> --d----- c:\windows\peernet
2008-12-24 15:35 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-24 15:26 <DIR> --d----- c:\windows\EHome
2008-12-24 15:22 11,264 -------- c:\windows\system32\spnpinst.exe
2008-12-24 15:22 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2008-12-24 15:22 7,208 -------- c:\windows\system32\secupd.sig
2008-12-24 15:22 4,569 -------- c:\windows\system32\secupd.dat
2008-12-24 14:56 <DIR> --d----- c:\windows\system32\PreInstall
2008-12-24 14:56 26,488 a------- c:\windows\system32\spupdsvc.exe
2008-12-24 14:56 <DIR> --d-h--- c:\windows\$hf_mig$
2008-12-24 14:55 <DIR> --d----- c:\windows\system32\bits
2008-12-24 14:54 354,304 a------- c:\windows\system32\winhttp.dll
2008-12-24 14:54 18,944 a------- c:\windows\system32\qmgrprxy.dll
2008-12-24 14:54 438,784 -------- c:\windows\system32\xpob2res.dll
2008-12-24 14:54 8,192 -------- c:\windows\system32\bitsprx2.dll
2008-12-24 14:54 7,168 -------- c:\windows\system32\bitsprx3.dll
2008-12-24 14:52 31,768 a------- c:\windows\system32\wucltui.dll.mui
2008-12-24 14:52 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2008-12-24 14:52 213,528 a------- c:\windows\system32\wuaucpl.cpl
2008-12-24 14:52 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2008-12-24 14:52 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-12-24 14:49 <DIR> --dsh--- c:\documents and settings\david bell\UserData
2008-12-24 14:30 147,456 a------- c:\windows\system32\ssleay32.dll
2008-12-24 14:30 929,792 a------- c:\windows\system32\AegisE5.dll
2008-12-24 14:30 651,264 a------- c:\windows\system32\libeay32.dll
2008-12-24 14:30 15,781 a------- c:\windows\system32\drivers\mdc8021x.sys
2008-12-24 14:30 379,488 a------- c:\windows\system32\drivers\wg111nd5.sys
2008-12-24 14:30 61,440 a------- c:\windows\system32\W32N50.dll
2008-12-24 14:30 <DIR> --d----- c:\program files\NETGEAR
2008-12-24 14:30 16,292 a------- c:\windows\system32\PCANDIS5.SYS
2008-12-24 14:30 15,577 a------- c:\windows\system32\PCANDIS3.VXD
2008-12-24 14:29 1,808 a--shr-- c:\windows\system32\drivers\HP_Presario 2100 (DZ414U)_YN_Pres_QCNF414_E_4_I0024_SHP_VPQ1A83_BKAM1.57_T040219_WXH1_L409_M959_J40_7AMD_8mobile Athlon XP2800+_92.12_1_N100B0020_P104CAC50_Z10B95457_K_A10B95451_U10B95237_G10024336.MRK
2008-12-24 14:27 <DIR> --ds---- c:\windows\system32\Microsoft
2008-12-24 14:27 52 a------- c:\windows\intuprof.ini
2008-12-24 14:25 669 a------- c:\windows\QUICKEN.INI
2008-12-24 14:25 <DIR> --d----- c:\program files\common files\Intuit
2008-12-24 14:25 <DIR> --d----- c:\program files\Quicken
2008-12-24 14:23 82 a------- c:\windows\QT4HPOT.UNI
2008-12-24 14:22 151,552 a------- c:\windows\system32\HPConfig.exe
2008-12-24 14:22 73,728 -------- c:\windows\system32\InstHpci.dll
2008-12-24 14:22 14,504 a------- c:\windows\system32\drivers\hpci.sys
2008-12-24 14:21 <DIR> --d----- c:\program files\MUSICMATCH
2008-12-24 14:20 <DIR> --d----- c:\program files\InterVideo
2008-12-24 14:20 <DIR> --d----- c:\program files\MSN Encarta Plus
2008-12-24 14:20 306,688 a------- c:\windows\IsUninst.exe
2008-12-24 14:19 8,040 a----r-- c:\windows\system32\OEMLogo.bmp
2008-12-24 14:19 5,760,056 a----r-- c:\windows\Amber Flow.bmp
2008-12-24 14:16 <DIR> --d----- c:\program files\ATI Technologies
2008-12-24 14:16 229,376 a----r-- c:\windows\system32\atiiiexx.dll
2008-12-24 14:16 23,570 a----r-- c:\windows\system32\drivers\atisgkaf.SYS
2008-12-24 14:15 65,536 a------- c:\windows\system32\SynTPFcs.dll
2008-12-24 14:15 273,072 a------- c:\windows\system32\drivers\SynTP.sys
2008-12-24 14:15 94,208 a------- c:\windows\system32\SynTPAPI.dll
2008-12-24 14:15 77,824 a------- c:\windows\system32\SynTPCoI.dll
2008-12-24 14:15 110,592 a------- c:\windows\system32\SynCtrl.dll
2008-12-24 14:15 77,824 a------- c:\windows\system32\SynCOM.dll
2008-12-24 14:15 <DIR> --d----- c:\program files\Synaptics
2008-12-24 14:15 <DIR> --d----- c:\windows\system32\ReinstallBackups
2008-12-24 14:15 <DIR> --d----- c:\program files\NSC
2008-12-24 14:14 16,128 ac------ c:\windows\system32\dllcache\modemcsa.sys
2008-12-24 14:14 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2008-12-24 14:13 231,867 a------- c:\windows\system32\drivers\hpm0850.cty
2008-12-24 14:13 153,380 a------- c:\windows\system32\drivers\HSFHWALI.sys
2008-12-24 14:13 57,344 a------- c:\windows\system32\mdmxsdk.dll
2008-12-24 14:13 51,712 a------- c:\windows\system32\carpdll.dll
2008-12-24 14:13 34,224 a------- c:\windows\system32\drivers\strmdisp.sys
2008-12-24 14:13 12,074 a------- c:\windows\system32\hsfinst.dll
2008-12-24 14:13 9,855 a------- c:\windows\system32\drivers\mdmxsdk.sys
2008-12-24 14:13 4,608 a------- c:\windows\system32\carpserv.exe
2008-12-24 14:13 1,171,616 a------- c:\windows\system32\drivers\HSF_DP.sys
2008-12-24 14:13 594,960 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2008-12-24 14:12 57,344 a------- c:\windows\system32\drivers\Express.sys
2008-12-24 14:12 <DIR> --d----- c:\program files\HP
2008-12-24 14:12 173,056 -------- c:\windows\system32\drivers\BCMWL5.SYS
2008-12-24 14:12 77,824 -------- c:\windows\system32\BCMWLU00.EXE
2008-12-24 14:12 45,056 -------- c:\windows\system32\BCMWLD2K.EXE
2008-12-24 14:08 <DIR> --d----- c:\windows\system32\URTTemp
2008-12-24 14:07 244,608 a------- c:\windows\system32\drivers\calihal.sys
2008-12-24 14:07 28,672 a------- c:\windows\ciaunwdm.exe
2008-12-24 14:07 291,328 a------- c:\windows\system32\drivers\caliaud.sys
2008-12-24 14:07 <DIR> --d----- c:\program files\CONEXANT
2008-12-24 14:06 <DIR> --d----- C:\bc60bdaba41dbef338fd6150cc6b8180
2008-12-24 14:06 <DIR> --d----- c:\program files\HPQ
2008-12-24 14:05 <DIR> --d----- C:\SYSTEM.SAV
2008-12-24 14:01 <DIR> --dsh--- c:\windows\Installer
2008-12-24 14:01 <DIR> --d----- c:\documents and settings\David Bell
2008-12-24 13:56 8,192 a------- c:\windows\REGLOCS.OLD
2008-12-24 13:53 716,856 ac------ c:\windows\system32\dllcache\imjpcus.dll
2008-12-24 13:52 2,577 a------- c:\windows\system32\CONFIG.NT
2008-12-24 13:52 0 a------- c:\windows\control.ini
2008-12-24 13:52 25,065 a------- c:\windows\system32\wmpscheme.xml
2008-12-24 13:52 299,552 a------- c:\windows\WMSysPrx.prx
2008-12-24 13:52 <DIR> --dsh--- c:\documents and settings\all users\DRM
2008-12-24 13:51 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2008-12-24 13:51 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2008-12-24 13:51 <DIR> --ds---- c:\windows\Downloaded Program Files
2008-12-24 13:51 <DIR> --d--r-- c:\windows\Offline Web Pages
2008-12-24 13:51 749 a---hr-- c:\windows\WindowsShell.Manifest
2008-12-24 13:51 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-24 13:51 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2008-12-24 13:51 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2008-12-24 13:51 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2008-12-24 13:51 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2008-12-24 13:51 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2008-12-24 13:51 <DIR> --d----- c:\windows\system32\DirectX
2008-12-24 13:50 <DIR> --d----- c:\program files\common files\MSSoap
2008-12-24 13:49 <DIR> --d-h--- c:\program files\WindowsUpdate
2008-12-24 13:49 <DIR> --d----- c:\program files\Online Services
2008-12-24 13:49 <DIR> --d----- c:\program files\Messenger
2008-12-24 13:49 <DIR> --d----- c:\program files\MSN Gaming Zone
2008-12-24 13:48 <DIR> --d----- c:\program files\Windows NT
2008-12-24 08:40 <DIR> --d----- c:\program files\common files\ODBC
2008-12-24 08:40 <DIR> --d----- c:\program files\common files\SpeechEngines
2008-12-24 08:40 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2008-12-24 18:16 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-24 13:50 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll

============= FINISH: 14:07:54.77 ===============
Attached Files
File Type: zip ark.zip (1.1 KB, 2 views)
File Type: zip Attach.zip (2.6 KB, 1 views)
File Type: txt DDS.txt (27.2 KB, 2 views)
davidbell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 01-16-2009, 07:03 PM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,543
OS: 2000 Pro; XP Pro; XP Home


Re: Random popups IE 7.0 and Firefox
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-17-2009, 02:06 AM   #3 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 4
OS: windows xp home edition


combofix report... per instructions...
ComboFix 09-01-16.03 - David Bell 2009-01-17 3:54:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.552 [GMT -5:00]
Running from: c:\documents and settings\David Bell\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\David Bell\Local Settings\Application Data\kkweqgg.dat
c:\documents and settings\David Bell\Local Settings\Application Data\kkweqgg.exe
c:\documents and settings\David Bell\Local Settings\Application Data\kkweqgg_nav.dat
c:\documents and settings\David Bell\Local Settings\Application Data\kkweqgg_navps.dat
c:\windows\system32\_003514_.tmp.dll
c:\windows\system32\_003516_.tmp.dll
c:\windows\system32\drivers\msqpdxgrvppjbn.sys

.
((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.

2009-01-16 16:35 . 2009-01-16 16:35 <DIR> d-------- c:\program files\Audacity
2009-01-15 14:11 . 2009-01-15 14:11 250 --a------ c:\windows\gmer.ini
2009-01-14 14:29 . 2007-08-01 22:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-14 13:05 . 2009-01-14 15:27 <DIR> d-------- c:\documents and settings\David Bell\.housecall6.6
2009-01-12 14:09 . 2009-01-12 14:09 0 --a------ c:\windows\nsreg.dat
2009-01-11 08:45 . 2009-01-12 15:06 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-11 08:45 . 2009-01-12 15:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 08:03 . 2009-01-11 08:03 <DIR> d-------- c:\documents and settings\David Bell\Application Data\vlc
2009-01-11 07:57 . 2009-01-11 07:57 <DIR> d-------- c:\program files\VideoLAN
2009-01-11 07:32 . 2009-01-11 07:32 <DIR> d-------- c:\program files\Lavasoft
2009-01-11 07:32 . 2009-01-12 15:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-11 01:29 . 2009-01-11 01:29 <DIR> d-------- c:\program files\Yeosoft
2009-01-10 23:04 . 2009-01-12 19:28 <DIR> d-------- c:\documents and settings\David Bell\Application Data\LimeWire
2009-01-10 23:02 . 2009-01-10 23:01 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-10 23:02 . 2009-01-10 23:01 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-10 22:04 . 2009-01-10 22:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\92E6
2009-01-10 10:51 . 2009-01-10 10:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\271A
2009-01-10 04:25 . 2009-01-10 04:25 <DIR> d-------- c:\documents and settings\David Bell\Application Data\Wireshark
2009-01-10 04:23 . 2009-01-10 04:23 <DIR> d-------- c:\program files\WinPcap
2009-01-10 04:22 . 2009-01-10 04:24 <DIR> d-------- c:\program files\Wireshark
2009-01-10 04:20 . 2009-01-10 04:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\122FC
2009-01-09 23:37 . 2009-01-09 23:37 60,968 --a------ c:\documents and settings\David Bell\GoToAssistDownloadHelper.exe
2009-01-09 22:15 . 2009-01-09 22:28 <DIR> d--h----- c:\program files\InstallJammer Registry
2009-01-09 22:13 . 2009-01-09 22:28 <DIR> d-------- c:\program files\Endless Ages
2009-01-09 16:45 . 2009-01-10 19:11 <DIR> d-------- c:\documents and settings\David Bell\Application Data\VMware
2009-01-09 15:43 . 2009-01-10 22:08 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\VMware
2009-01-09 15:19 . 2009-01-09 15:19 <DIR> d-------- c:\documents and settings\LocalService\Application Data\VMware
2009-01-09 15:18 . 2009-01-09 15:18 1,024 --a------ C:\.rnd
2009-01-09 15:15 . 2009-01-10 22:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\VMware
2009-01-09 14:14 . 2009-01-09 14:14 <DIR> d-------- c:\windows\speech
2009-01-09 14:13 . 2009-01-09 14:18 <DIR> d-------- c:\program files\TextToMp3
2009-01-09 14:13 . 2009-01-09 14:13 796,672 --a------ c:\windows\GPInstall.exe
2009-01-09 14:13 . 2000-08-10 23:06 7,883 --a------ c:\windows\Eng_UK.gpl
2009-01-09 13:50 . 2009-01-09 13:50 <DIR> d-------- c:\windows\Downloaded Installations
2009-01-09 13:06 . 2009-01-09 13:06 <DIR> d-------- c:\program files\HWiNFO32
2009-01-08 19:49 . 2009-01-08 19:49 0 --a------ C:\testwma.raw
2009-01-08 19:32 . 2009-01-08 19:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\39349
2009-01-08 19:27 . 2008-09-25 08:20 483,328 --a------ c:\windows\system32\actskn45.ocx
2009-01-08 18:17 . 2009-01-08 18:37 <DIR> d-------- c:\program files\eMule
2009-01-08 15:56 . 2009-01-08 15:56 <DIR> d-------- c:\program files\Joomla Remote
2009-01-08 15:56 . 2009-01-08 15:56 <DIR> d-------- c:\documents and settings\David Bell\Application Data\Joomla Remote
2009-01-08 15:47 . 2009-01-08 15:55 <DIR> d-------- c:\documents and settings\David Bell\Application Data\uTorrent
2009-01-07 23:46 . 2009-01-07 23:46 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-07 23:46 . 2009-01-07 23:46 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-07 23:46 . 2009-01-07 23:46 <DIR> d-------- c:\program files\MSBuild
2009-01-07 23:45 . 2009-01-07 23:45 <DIR> d-------- C:\122267ce23d9c49e306754
2009-01-07 23:45 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-07 23:45 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-07 23:45 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-07 23:45 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-07 23:45 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-07 23:45 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-07 23:45 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-07 23:44 . 2009-01-08 00:40 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-07 22:46 . 2009-01-07 22:47 <DIR> d-------- C:\CodeRED Alien Arena
2009-01-07 18:55 . 2009-01-07 18:55 <DIR> d-------- c:\program files\Ubisoft
2009-01-05 17:54 . 2009-01-13 10:46 20,648 --a------ c:\documents and settings\David Bell\Application Data\GDIPFONTCACHEV1.DAT
2009-01-05 13:13 . 2009-01-07 05:04 <DIR> d-------- c:\program files\SyberiaDemo
2009-01-01 00:02 . 2009-01-01 16:19 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-31 23:58 . 2008-12-27 20:54 540,000 --a------ c:\windows\system32\drivers\timntr.sys
2008-12-31 23:57 . 2008-12-31 23:57 <DIR> d-------- c:\program files\Seagate
2008-12-31 23:57 . 2008-12-31 23:57 <DIR> d-------- c:\program files\Common Files\Seagate
2008-12-30 11:44 . 2008-04-13 19:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-30 11:44 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-29 16:32 . 2008-12-29 17:05 <DIR> d-------- c:\documents and settings\David Bell\Application Data\ImgBurn
2008-12-29 16:22 . 2008-12-29 16:22 <DIR> d-------- c:\program files\ImgBurn
2008-12-28 18:37 . 2009-01-05 00:03 <DIR> d-------- c:\program files\PokerStars
2008-12-28 16:37 . 2009-01-16 12:35 41 --a------ c:\windows\loc2.INI
2008-12-28 16:37 . 2009-01-16 12:34 41 --a------ c:\windows\FindServ.INI
2008-12-28 15:44 . 2008-04-13 13:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-28 15:44 . 2008-04-13 13:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-28 09:21 . 2008-12-28 09:21 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2008-12-28 09:21 . 2008-12-28 09:21 <DIR> d--h----- c:\program files\CanonBJ
2008-12-28 09:21 . 2008-12-28 09:21 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2008-12-28 09:21 . 2008-04-03 05:00 198,656 --a------ c:\windows\system32\CNMLM7I.DLL
2008-12-28 09:21 . 2008-02-07 15:59 195,072 --a------ c:\windows\system32\CNCC450.DLL
2008-12-28 09:21 . 2005-05-30 19:46 139,264 --a------ c:\windows\system32\CNCL450.DLL
2008-12-28 09:21 . 2006-06-29 14:29 106,496 --a------ c:\windows\system32\cncisco.dll
2008-12-28 09:21 . 2008-02-07 15:59 37,888 --a------ c:\windows\system32\CNCI450.DLL
2008-12-27 22:07 . 2008-04-13 19:12 91,136 --a------ c:\windows\system32\kswdmcap.ax
2008-12-27 22:07 . 2008-04-13 19:12 91,136 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-12-27 22:07 . 2008-04-13 19:12 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-12-27 22:07 . 2008-04-13 19:12 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-12-27 22:07 . 2008-04-13 13:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-12-27 22:07 . 2008-04-13 13:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-12-27 22:07 . 2008-04-13 19:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-27 22:07 . 2008-04-13 19:12 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-27 22:07 . 2008-04-13 19:12 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-12-27 22:07 . 2008-04-13 19:12 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-12-27 20:57 . 2008-12-27 20:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Acronis
2008-12-27 20:54 . 2008-12-27 20:54 971,552 --a------ c:\windows\system32\drivers\tdrpm174.sys
2008-12-27 20:54 . 2008-12-27 20:54 134,272 --a------ c:\windows\system32\drivers\snman380.sys
2008-12-27 20:53 . 2008-12-27 20:53 <DIR> d-------- c:\program files\Acronis
2008-12-27 20:39 . 2008-12-27 20:39 <DIR> d-------- c:\program files\Foxit Software
2008-12-27 20:39 . 2008-12-27 20:39 <DIR> d-------- c:\documents and settings\David Bell\Application Data\Foxit
2008-12-27 20:30 . 2008-12-27 20:30 <DIR> d-------- c:\program files\Common Files\Protexis
2008-12-25 03:31 . 2008-12-25 03:31 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-25 01:57 . 2008-12-25 01:57 <DIR> d-------- c:\documents and settings\David Bell\Application Data\InterVideo
2008-12-25 01:33 . 2009-01-10 13:22 <DIR> d-------- c:\documents and settings\David Bell\Application Data\Acronis
2008-12-25 01:27 . 2008-12-27 20:53 <DIR> d-------- c:\program files\Common Files\Acronis
2008-12-25 01:27 . 2008-12-25 01:27 37,888 --a------ c:\windows\system32\setupnt.dll
2008-12-25 00:59 . 2008-12-25 00:59 <DIR> d-------- c:\program files\Areca
2008-12-24 23:19 . 2009-01-11 13:35 <DIR> d-------- c:\program files\Google
2008-12-24 23:19 . 2009-01-16 23:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-12-24 22:07 . 2000-12-06 13:02 262,328 --------- c:\windows\system32\MSDatGrd.ocx
2008-12-24 22:07 . 2000-05-22 15:58 118,976 --------- c:\windows\system32\msadodc.ocx
2008-12-24 22:07 . 1998-06-24 10:56 103,744 --------- c:\windows\system32\MSCOMM32.OCX
2008-12-24 22:06 . 2000-06-13 10:44 1,046,288 --------- c:\windows\system32\Msjet35.dll
2008-12-24 22:06 . 2000-06-13 10:44 415,504 --------- c:\windows\system32\msrepl35.dll
2008-12-24 22:06 . 1998-04-24 19:09 368,912 --------- c:\windows\system32\VBAR332.DLL
2008-12-24 22:06 . 1998-04-24 19:40 252,176 --------- c:\windows\system32\MSRD2X35.DLL
2008-12-24 22:06 . 1998-04-24 19:40 123,664 --------- c:\windows\system32\MSJINT35.DLL
2008-12-24 22:06 . 1998-10-20 16:05 54,784 --------- c:\windows\system32\INETWH32.DLL
2008-12-24 22:06 . 1998-04-24 19:40 24,848 --------- c:\windows\system32\MSJTER35.DLL
2008-12-24 22:04 . 2000-05-22 15:58 244,416 --------- c:\windows\system32\msflxgrd.ocx
2008-12-24 22:04 . 2003-03-18 21:05 106,496 -r------- c:\windows\system32\atl71.dll
2008-12-24 22:04 . 2003-03-18 22:44 57,344 -r------- c:\windows\system32\MFC71ENU.DLL
2008-12-24 22:04 . 2008-12-24 22:06 46 --a------ c:\windows\SA2005Plus.ini
2008-12-24 22:01 . 2008-12-24 22:01 <DIR> d-------- c:\program files\DeLorme
2008-12-24 22:01 . 2008-12-24 22:18 <DIR> d-------- c:\program files\Common Files\DeLorme
2008-12-24 22:01 . 2008-12-24 22:04 <DIR> d-------- C:\DeLorme Docs
2008-12-24 21:45 . 2008-12-24 21:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sage Software SB, Inc
2008-12-24 21:24 . 2008-12-24 21:24 <DIR> d-------- c:\program files\Yahoo!
2008-12-24 21:24 . 2008-12-24 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-24 20:20 . 2008-10-16 15:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 18:53 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-22 610304]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-07-17 184412]
"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]
"QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-10-03 106496]
"Act.Outlook.Service"="c:\program files\ACT\ACT for Windows\Act.Outlook.Service.exe" [2007-03-28 9728]
"Act! Preloader"="c:\program files\ACT\ACT for Windows\ActSage.exe" [2007-03-28 1015808]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-21 4352832]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-24 904768]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-21 165144]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-24 1325848]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
"CARPService"="carpserv.exe" [2003-04-14 c:\windows\system32\carpserv.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - c:\program files\Quicken\billmind.exe [2002-09-20 36864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-09-20 53248]
Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-09-20 36864]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2008-12-24 1056864]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\David Bell\\Desktop\\aircrack-ng-1.0-rc1-win\\aircrack-ng-1.0-rc1-win\\bin\\buddy-ng.exe"=
"c:\\CodeRED Alien Arena\\crx.exe"=

R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2008-12-27 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2008-12-27 971552]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2008-12-24 6656]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2008-12-24 291328]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2008-12-24 244608]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-07-16 28280]
R4 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2009-01-09 16616]
R4 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-06-28 28952920]
R4 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2008-12-24 28672]
R4 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2008-06-24 431384]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S4 mrtRate;mrtRate; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PCANDIS5

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b295d64-d249-11dd-b2f2-000fb570cf22}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL INDEX.html
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKCU-Run-kkweqgg - c:\documents and settings\david bell\local settings\application data\kkweqgg.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 04:00:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?1?7?1??????? ?deB???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1052)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\HPConfig.exe
c:\program files\HPQ\Notebook Utilities\HPWirelessMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\system32\wscntfy.exe
c:\program files\Netropa\Multimedia Keyboard\Traymon.exe
c:\program files\Netropa\Onscreen Display\osd.exe
.
**************************************************************************
.
Completion time: 2009-01-17 4:03:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-17 09:03:06

Pre-Run: 11,658,772,480 bytes free
Post-Run: 12,453,142,528 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

261 --- E O F --- 2008-12-24 20:59:50
davidbell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-17-2009, 08:52 AM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,543
OS: 2000 Pro; XP Pro; XP Home


Re: Random popups IE 7.0 and Firefox
Looks much better.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 11. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please perform this online scan to help look for remnants

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on Settings. Uncheck Mail databases.
  • Next, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------------------------------------------------------------------------------------

How is the machine behaving?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-17-2009, 03:25 PM   #5 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 4
OS: windows xp home edition


kaspersky report
Below is my kaspersky report, which came up negative.

I would like to offer my sincere thanks for your quick assistance. The problem has not manifested itself in a single occurence since running COMBOFIX. I am seriously humbled at the extraordinary amount of knowledge individuals like yourself have regarding these issues and your generosity in helping strangers with their PC problems. I have never wanted to participate in these forums, but have become a life long subscriber since this experience. Much thanks!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 17, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 17, 2009 17:02:26
Records in database: 1637528
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: no

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Files scanned: 41958
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:23:04

No malware has been detected. The scan area is clean.

The selected area was scanned.
davidbell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-17-2009, 05:11 PM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,543
OS: 2000 Pro; XP Pro; XP Home


Re: Random popups IE 7.0 and Firefox
Thanks for the kind words, it's truly appreciated. Much of the thanks goes to the author of ComboFix.

Now for my favorite part:

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u



This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update - http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.
  • Winpatrol

    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

  • http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-18-2009, 12:36 PM   #7 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 4
OS: windows xp home edition


Last stages of protections...
Please note screen shot from secunia scan, referencing ADOBE nested in a program I use for mapping and GPS naviation. I currently used FOXIT for reveiwing PDF's and do not wish to download ADOBE if I can avoid it.

I use YAHOO IM version 9.0.0.2034, and do not talk to too many people, but do talk to someone in LONDON through voice and video, do you think that version is problematic?

I have followed all of your other instructions and am reading the procedures for each, if I should have trouble.

Again, the machine is running very well. Thank you again for the considerable help.
Attached Images
File Type: jpg secunia scan.JPG (116.2 KB, 2 views)
davidbell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-18-2009, 12:43 PM   #8 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,543
OS: 2000 Pro; XP Pro; XP Home


Re: Random popups IE 7.0 and Firefox
If the application you use requires that version of Adobe, then I guess that's what you need. Secunia is an advisory. How you act upon those advisories is up to you. Were it me, if I used Street Atlas 2005, and it was compatible with newer Adobe, I'd probably use the newer Adobe. If there was an update available for Street Atlas, I'd look into that.

I don't use Yahoo IM, but if it's the latest version, you should be fine.

Hope that helps.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-26-2009, 09:17 PM   #9 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,543
OS: 2000 Pro; XP Pro; XP Home


Re: Random popups IE 7.0 and Firefox
Surf Safely, and Think Prevention!

Since this issue appears to be resolved, this topic will be archived.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:13 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85