|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
02-22-2009, 02:16 PM
|
#1 (permalink) |
|
Registered User
Join Date: Mar 2008
Location: Utah
Posts: 36
OS: windows xp
|
Numerless Popups
I get numerless popups saying that im infected and should install anti-virus software, and pornography popups and lots of advertising not blocked by my popup blocker.
DDS (Ver_09-02-01.01) - NTFSx86 Run by Gamer at 13:52:11.70 on Sun 02/22/2009 Internet Explorer: 6.0.2900.2180 ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\18.bin\MWSSRCAS.DLL mWinlogon: SFCDisable=-99 (0xffffff9d) BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\cbXRJyxu.dll BHO: Debro IE Helper: {836a4b93-6f4a-4d61-ad3d-b8225d921f42} - c:\program files\debropack\DebroPack.dll BHO: {be7e5594-62b8-4545-bd46-cee82edf6b1e} - c:\windows\system32\byXQIxur.dll TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL EB: Internet Speed Monitor: {1b7f9277-46dc-4938-a28e-910497149e72} - c:\program files\debropack\DebroPack.dll EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: Web Test Recorder: {8c84b9f5-3d9e-4204-bb0b-f85d46455868} - mscoree.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: ShopperReports: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll uRun: [cogad] "c:\documents and settings\gamer\application data\cogad\cogad.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H uRun: [VnrPack25] "c:\program files\vnrpack\VnrPack25.exe" uRun: [GetPack30] "c:\program files\getpack\GetPack30.exe" uRun: [GetModule37] c:\program files\getmodule\GetModule37.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN IE: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZCfox000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll LSP: c:\progra~1\netdog\netd.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102826586116 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Notify: cbXRJyxu - cbXRJyxu.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\cbXRJyxu.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll LSA: Authentication Packages = msv1_0 c:\windows\system32\byXQIxur ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\gamer\applic~1\mozilla\firefox\profiles\wsi2413y.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-02-22 13:48 250 a------- c:\windows\gmer.ini 2009-02-22 13:41 15,360 ac------ c:\windows\system32\dllcache\brmfbidi.dll 2009-02-22 13:40 24,576 ac------ c:\windows\system32\dllcache\agcgauge.ax 2009-02-22 13:39 148,352 ac------ c:\windows\system32\dllcache\3dfxvsm.sys 2009-02-22 13:39 12,288 ac------ c:\windows\system32\dllcache\4mmdat.sys 2009-02-22 13:39 762,780 ac------ c:\windows\system32\dllcache\3cwmcru.sys 2009-02-22 13:39 689,216 ac------ c:\windows\system32\dllcache\3dfxvs.dll 2009-02-22 13:39 11,264 ac------ c:\windows\system32\dllcache\1394vdbg.sys 2009-02-22 13:39 502,272 a------- c:\windows\system32\OLD65.tmp 2009-02-22 13:39 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll 2009-02-22 13:39 2,136,064 ac------ c:\windows\system32\dllcache\OLD5C.tmp 2009-02-21 09:49 <DIR> --d----- c:\program files\VnrPack 2009-02-21 09:49 <DIR> --d----- c:\program files\DebroPack 2009-02-15 13:47 <DIR> --d----- c:\program files\common files\PC Tools 2009-02-15 13:47 28,568 a------- c:\windows\system32\drivers\AVHook.sys 2009-02-15 13:47 21,912 a------- c:\windows\system32\drivers\AVRec.sys 2009-02-15 13:47 21,904 a------- c:\windows\system32\drivers\AVFilter.sys 2009-02-15 13:47 <DIR> --d----- c:\program files\PC Tools AntiVirus 2009-02-15 13:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools 2009-02-14 08:51 <DIR> --d----- c:\program files\GetPack 2009-02-05 18:25 <DIR> --d----- c:\program files\YouTube Downloader 2009-02-04 16:26 <DIR> --d----- c:\program files\TabIt 2009-01-25 12:37 <DIR> --d----- c:\program files\MagicISO 2009-01-24 22:43 11,960 a--sh--- c:\windows\system32\ruxIQXyb.ini2 2009-01-24 22:43 11,960 a--sh--- c:\windows\system32\ruxIQXyb.ini 2009-01-24 22:42 315,904 a------- c:\windows\system32\byXQIxur.dll 2009-01-24 22:37 <DIR> --d----- c:\docume~1\gamer\applic~1\cogad 2009-01-24 22:37 6,386 a------- c:\windows\system32\cbXPiHBt.dll 2009-01-24 22:37 <DIR> --d----- c:\docume~1\gamer\applic~1\GetModule 2009-01-24 22:37 36,352 a------- c:\windows\system32\cbXRJyxu.dll 2009-01-24 22:37 <DIR> --d----- c:\program files\GetModule 2009-01-24 22:37 <DIR> --d----- c:\program files\iCheck 2009-01-24 22:37 198,730 a------- c:\windows\system32\wpv491232809217.cpx 2009-01-24 22:37 20,480 a------- c:\windows\system32\~.exe ==================== Find3M ==================== 2009-01-06 15:50 182 a------- c:\documents and settings\gamer\xrt_log.dat 2009-01-01 11:04 25,280 a------- c:\windows\system32\drivers\hamachi.sys 2008-11-10 18:36 27,136 a------- c:\documents and settings\gamer\xrt_temp1.exe 2008-06-23 12:29 22,328 a------- c:\docume~1\gamer\applic~1\PnkBstrK.sys 2004-12-11 22:43 56 ---shr-- c:\windows\system32\447D957DB0.sys ============= FINISH: 13:58:33.37 =============== |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
02-23-2009, 11:01 AM
|
#2 (permalink) |
|
Analyst, Security Team
|
Re: Numerless Popups
Howdy there and welcome to TSF Forums
I'm Steve and I will be helping you thoughout this fix. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence. Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription Please note that the forum is very busy and if I don't hear from you within three days from this initial post then thread will be closed. Please follow these directions in the order they are set out for you. We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
If we have helped you then please consider donating  Proud Member of ASAP & UNITE Since 2007 |
|
|
|
02-24-2009, 05:27 PM
|
#4 (permalink) |
|
Registered User
Join Date: Mar 2008
Location: Utah
Posts: 36
OS: windows xp
|
Re: Numerless Popups
ComboFix 09-02-24.02 - Gamer 2009-02-24 16:55:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.240 [GMT -7:00] Running from: c:\documents and settings\Gamer\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) AV: PC Tools AntiVirus 5.0.1.1 *On-access scanning enabled* (Outdated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Gamer\Application Data\GetModule c:\documents and settings\Gamer\Application Data\GetModule\dicik.gz c:\documents and settings\Gamer\Application Data\GetModule\kwdik.gz c:\documents and settings\Gamer\Application Data\GetModule\ofadik.gz c:\documents and settings\Gamer\Application Data\ShoppingReport c:\documents and settings\Gamer\Application Data\ShoppingReport\cs\Config.xml c:\documents and settings\Gamer\Local Settings\Temporary Internet Files\fbk.sts C:\install.exe c:\program files\akl c:\program files\akl\akl.dll c:\program files\akl\akl.exe c:\program files\akl\uninstall.exe c:\program files\akl\unsetup.exe c:\program files\GetModule c:\program files\GetModule\GetModule35.exe c:\program files\GetModule\GetModule37.exe c:\program files\GetPack c:\program files\GetPack\dictame.gz c:\program files\GetPack\GetPack30.exe c:\program files\GetPack\trgtame.gz c:\program files\iCheck c:\program files\iCheck\Uninstall.exe c:\program files\Inet Delivery c:\program files\Inet Delivery\inetdl.exe c:\program files\Inet Delivery\intdel.exe c:\program files\ShoppingReport c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll c:\program files\ShoppingReport\Uninst.exe c:\program files\VnrPack c:\program files\VnrPack\dicts.gz c:\program files\VnrPack\trgts.gz c:\program files\VnrPack\Uninstall.exe c:\program files\VnrPack\VnrPack25.exe c:\windows\a.bat c:\windows\base64.tmp c:\windows\bdn.com c:\windows\FVProtect.exe c:\windows\iTunesMusic.exe c:\windows\mslagent c:\windows\mslagent\2_mslagent.dll c:\windows\mslagent\mslagent.exe c:\windows\mslagent\uninstall.exe c:\windows\mssecu.exe c:\windows\system32\~.exe c:\windows\system32\9.tmp c:\windows\system32\akttzn.exe c:\windows\system32\anticipator.dll c:\windows\system32\awtoolb.dll c:\windows\system32\bdn.com c:\windows\system32\bsva-egihsg52.exe c:\windows\system32\byXQIxur.dll c:\windows\system32\cbXRJyxu.dll c:\windows\system32\dpcproxy.exe c:\windows\system32\emesx.dll c:\windows\system32\hoproxy.dll c:\windows\system32\hxiwlgpm.dat c:\windows\system32\hxiwlgpm.exe c:\windows\system32\medup012.dll c:\windows\system32\medup020.dll c:\windows\system32\msgp.exe c:\windows\system32\msnbho.dll c:\windows\system32\mssecu.exe c:\windows\system32\msvchost.exe c:\windows\system32\mtr2.exe c:\windows\system32\mwin32.exe c:\windows\system32\netode.exe c:\windows\system32\newsd32.exe c:\windows\system32\phcenmj0ec2a.bmp c:\windows\system32\ps1.exe c:\windows\system32\psof1.exe c:\windows\system32\psoft1.exe c:\windows\system32\regc64.dll c:\windows\system32\regm64.dll c:\windows\system32\Rundl1.exe c:\windows\system32\ruxIQXyb.ini c:\windows\system32\ruxIQXyb.ini2 c:\windows\system32\smp c:\windows\system32\smp\msrc.exe c:\windows\system32\sncntr.exe c:\windows\system32\ssurf022.dll c:\windows\system32\ssvchost.com c:\windows\system32\ssvchost.exe c:\windows\system32\sysreq.exe c:\windows\system32\taack.dat c:\windows\system32\taack.exe c:\windows\system32\temp#01.exe c:\windows\system32\thun.dll c:\windows\system32\thun32.dll c:\windows\system32\VBIEWER.OCX c:\windows\system32\vbsys2.dll c:\windows\system32\vcatchpi.dll c:\windows\system32\winexy32.dll c:\windows\system32\wini104552663.exe c:\windows\system32\winlogonpc.exe c:\windows\system32\winsystem.exe c:\windows\system32\WINWGPX.EXE c:\windows\system32\wpv491232809217.cpx c:\windows\Sysvxd.exe c:\windows\userconfig9x.dll c:\windows\wiaserviv.log c:\windows\winsystem.exe c:\windows\zip1.tmp c:\windows\zip2.tmp c:\windows\zip3.tmp c:\windows\zipped.tmp . ((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 ))))))))))))))))))))))))))))))) . 2009-02-24 17:18 . 2009-02-24 17:18 <DIR> d-------- c:\windows\LastGood 2009-02-22 13:48 . 2009-02-22 14:02 250 --a------ c:\windows\gmer.ini 2009-02-22 13:41 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll 2009-02-22 13:40 . 2001-08-17 12:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys 2009-02-22 13:39 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys 2009-02-22 13:39 . 2001-08-17 14:55 689,216 --a--c--- c:\windows\system32\dllcache\3dfxvs.dll 2009-02-22 13:39 . 2001-08-17 12:48 148,352 --a--c--- c:\windows\system32\dllcache\3dfxvsm.sys 2009-02-22 13:39 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll 2009-02-22 13:39 . 2004-08-03 23:00 12,288 --a--c--- c:\windows\system32\dllcache\4mmdat.sys 2009-02-22 13:39 . 2001-08-17 14:06 11,264 --a--c--- c:\windows\system32\dllcache\1394vdbg.sys 2009-02-21 09:49 . 2009-02-21 09:49 <DIR> d-------- c:\program files\DebroPack 2009-02-15 13:53 . 2009-02-24 17:19 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-02-15 13:47 . 2009-02-24 17:19 <DIR> d-------- c:\program files\PC Tools AntiVirus 2009-02-15 13:47 . 2009-02-15 13:47 <DIR> d-------- c:\program files\Common Files\PC Tools 2009-02-15 13:47 . 2009-02-15 13:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-02-15 13:47 . 2007-12-06 16:51 28,568 --a------ c:\windows\system32\drivers\AVHook.sys 2009-02-15 13:47 . 2007-12-06 16:51 21,912 --a------ c:\windows\system32\drivers\AVRec.sys 2009-02-15 13:47 . 2008-02-12 11:44 21,904 --a------ c:\windows\system32\drivers\AVFilter.sys 2009-02-05 18:25 . 2009-02-05 18:25 <DIR> d-------- c:\program files\YouTube Downloader 2009-02-04 16:26 . 2009-02-04 16:26 <DIR> d-------- c:\program files\TabIt 2009-01-25 12:37 . 2009-01-25 12:37 <DIR> d-------- c:\program files\MagicISO . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-25 00:13 --------- d-----w c:\program files\Blue Coat K9 Web Protection 2009-02-16 18:01 --------- d-----w c:\documents and settings\Gamer\Application Data\Hamachi 2009-02-15 23:58 --------- d-----w c:\documents and settings\Gamer\Application Data\uTorrent 2009-02-15 22:04 --------- d-----w c:\program files\World of Warcraft 2009-02-15 20:56 --------- d-----w c:\documents and settings\Gamer\Application Data\PC Tools 2009-02-14 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 3 2009-02-02 01:27 --------- d-----w c:\program files\Warcraft III 2009-01-25 05:37 --------- d-----w c:\documents and settings\Gamer\Application Data\cogad 2009-01-24 20:13 --------- d-----w c:\documents and settings\Gamer\Application Data\U3 2009-01-23 01:24 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-23 01:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-23 01:19 --------- d-----w c:\program files\Microsoft Visual Studio 9.0 2009-01-23 01:19 --------- d-----w c:\program files\LucasArts 2009-01-23 01:13 --------- d-----w c:\program files\Google 2009-01-23 01:12 --------- d-----w c:\program files\Microsoft Games 2009-01-21 23:01 --------- d-----w c:\program files\EscSoft 2009-01-14 23:11 --------- d-----w c:\documents and settings\Gamer\Application Data\Ulead Systems 2009-01-10 20:02 --------- d-----w c:\program files\Common Files\Ulead Systems 2009-01-10 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems 2009-01-10 19:59 --------- d-----w c:\program files\Corel 2009-01-10 16:32 --------- d-----w c:\program files\uTorrent 2009-01-07 23:20 --------- d-----w c:\program files\NetDog 2009-01-06 23:10 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 2009-01-06 22:55 --------- d-----w c:\program files\Hitman Pro 3 2009-01-06 22:50 182 ----a-w c:\documents and settings\Gamer\xrt_log.dat 2009-01-06 02:39 --------- d-----w c:\documents and settings\NetworkService\Application Data\PC Tools 2009-01-02 17:26 --------- d-----w c:\documents and settings\Gamer\Application Data\teamspeak2 2009-01-02 16:02 --------- d-----w c:\program files\StepVoice Recorder 2009-01-02 15:46 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU 2009-01-02 15:45 --------- d-----w c:\program files\Common Files\AVSMedia 2009-01-01 18:04 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys 2009-01-01 18:04 --------- d-----w c:\program files\Hamachi 2008-12-27 16:32 --------- d-----w c:\program files\Microsoft Silverlight 2008-11-11 01:36 27,136 ----a-w c:\documents and settings\Gamer\xrt_temp1.exe 2008-06-23 19:29 22,328 ----a-w c:\documents and settings\Gamer\Application Data\PnkBstrK.sys 2004-12-12 05:43 56 --sh--r c:\windows\system32\447D957DB0.sys . ------- Sigcheck ------- 2002-08-29 13:00 200192 fe84e045a09a4abc4deef7270448b64e c:\windows\$NtServicePackUninstall$\termsrv.dll 2004-08-04 00:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\ServicePackFiles\i386\termsrv.dll 2008-04-13 17:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll 2008-10-14 15:34 295424 40ffc19a8d4875e9e19cecdc76ef9201 c:\windows\system32\termsrv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{836A4B93-6F4A-4d61-AD3D-B8225D921F42}] 2009-02-17 13:02 133120 --a------ c:\program files\DebroPack\DebroPack.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cogad"="c:\documents and settings\Gamer\Application Data\cogad\cogad.exe" [2009-01-24 56832] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504] "PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-12-04 1370000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Gamer^Start Menu^Programs^Startup^hamachi.lnk] path=c:\documents and settings\Gamer\Start Menu\Programs\Startup\hamachi.lnk backup=c:\windows\pss\hamachi.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro3] --a------ 2009-01-06 15:54 4590200 c:\program files\Hitman Pro 3\hitmanpro3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-10-22 11:22 7700480 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2] --a------ 2004-01-05 18:34 40960 c:\windows\vsnpstd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-10-22 11:22 1622016 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2008-11-21 72992] R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2008-11-21 1078560] R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [2008-06-23 65536] R3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [2006-06-15 347648] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S3 VSPerfDrv;Performance Tools Driver;c:\program files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2005-09-23 54464] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42d0059a-e373-11dd-baef-0060b3f821b9}] \Shell\AutoRun\command - I:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - BHO-{90DD4329-0DD6-466D-A169-83FE16FC66D5} - c:\windows\system32\byXQIxur.dll HKCU-Run-VnrPack25 - c:\program files\VnrPack\VnrPack25.exe HKCU-Run-GetPack30 - c:\program files\GetPack\GetPack30.exe HKCU-Run-GetModule37 - c:\program files\GetModule\GetModule37.exe MSConfigStartUp-brastk - c:\windows\system32\brastk.exe MSConfigStartUp-GetModule35 - c:\program files\GetModule\GetModule35.exe MSConfigStartUp-GetPack30 - c:\program files\GetPack\GetPack30.exe MSConfigStartUp-HlpCfg - c:\windows\system32\slitehqd.exe MSConfigStartUp-IST Service - c:\program files\ISTsvc\istsvc.exe MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\e.bin\mwsoemon.exe MSConfigStartUp-Parallel Tasking - c:\program files\Parallel Tasking\ptask.exe MSConfigStartUp-Somefox - c:\docume~1\Gamer\LOCALS~1\Temp\setup1018.exe MSConfigStartUp-Spyware Doctor - c:\progra~1\SPYWAR~1\swdoctor.exe MSConfigStartUp-SVCHOST - c:\windows\system32\drivers\svchost.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MSConfigStartUp-V0dF - c:\windows\xetbmwmj.exe MSConfigStartUp-WeatherDPA - c:\program files\Zango\bin\10.3.75.0\Weather.exe MSConfigStartUp-ZangoOE - c:\program files\Zango\bin\10.3.75.0\OEAddOn.exe MSConfigStartUp-ZangoSA - c:\program files\Zango\bin\10.3.75.0\ZangoSA.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZCfox000 IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll LSP: c:\progra~1\NetDog\netd.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Gamer\Application Data\Mozilla\Firefox\Profiles\wsi2413y.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-24 17:19:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1020) c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'lsass.exe'(1080) c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'csrss.exe'(996) c:\program files\PC Tools AntiVirus\PCTAVHook.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe c:\program files\iDumpPro\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\program files\PC Tools AntiVirus\PCTAVSvc.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\wscntfy.exe c:\windows\system32\devldr32.exe . ************************************************************************** . Completion time: 2009-02-24 17:25:48 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-25 00:25:41 Pre-Run: 4,321,128,448 bytes free Post-Run: 4,176,240,640 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 353 --- E O F --- 2009-01-15 14:34:17 |
|
|
|
|
02-25-2009, 09:16 AM
|
#5 (permalink) | |
|
Analyst, Security Team
|
Re: Numerless Popups
Howdy there
Go to start menu - Select Run and in the command box type in notepad Next - copy/paste the text in the code box below into it: Quote:
- Drag the CFScript.txt over onto Combofix.exe and release.  Combofix will then execute the script and produce a fresh log ============================ Download and scan with CCleaner Slim 1.Double click the file and install ccleaner 2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours" 3. Then select the items you wish to clean up. In the Windows Tab:
5. A pop up box will appear advising this process will permanently delete files from your system. 6. Click "OK" and it will scan and clean your system. 7. Click "exit" when done. ============================ Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner. Click Accept, when prompted to download and install the program files and database of malware definitions.
This animation will guide you through the process:  **Note** To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. Please post back with the log from combofix and Kaspersky in your next reply
__________________
If we have helped you then please consider donating Proud Member of ASAP & UNITE Since 2007 |
|
|
|
|
|
02-26-2009, 03:23 PM
|
#6 (permalink) |
|
Registered User
Join Date: Mar 2008
Location: Utah
Posts: 36
OS: windows xp
|
Re: Numerless Popups
ComboFix here and I didn't save the Kaspersky log as a txt file but i just copied and pasted what it said in the html file and attached it
ComboFix 09-02-25.02 - Gamer 2009-02-25 18:12:42.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.130 [GMT -7:00] Running from: c:\documents and settings\Gamer\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Gamer\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) AV: PC Tools AntiVirus 5.0.1.1 *On-access scanning enabled* (Outdated) * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Gamer\Application Data\cogad c:\documents and settings\Gamer\Application Data\cogad\cogad.exe c:\documents and settings\Gamer\Local Settings\Temporary Internet Files\fbk.sts . ((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 ))))))))))))))))))))))))))))))) . 2009-02-25 18:02 . 2009-02-25 18:02 <DIR> d-------- c:\program files\CCleaner 2009-02-24 19:06 . 2009-02-24 19:06 <DIR> d-------- c:\windows\SQLTools9_KB960089_ENU 2009-02-24 19:02 . 2009-02-24 19:02 <DIR> d-------- c:\windows\SQL9_KB960089_ENU 2009-02-24 17:20 . 2009-01-09 12:18 1,089,601 -----c--- c:\windows\system32\dllcache\ntprint.cat 2009-02-22 13:48 . 2009-02-22 14:02 250 --a------ c:\windows\gmer.ini 2009-02-22 13:41 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll 2009-02-22 13:40 . 2001-08-17 12:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys 2009-02-22 13:39 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys 2009-02-22 13:39 . 2001-08-17 14:55 689,216 --a--c--- c:\windows\system32\dllcache\3dfxvs.dll 2009-02-22 13:39 . 2001-08-17 12:48 148,352 --a--c--- c:\windows\system32\dllcache\3dfxvsm.sys 2009-02-22 13:39 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll 2009-02-22 13:39 . 2004-08-03 23:00 12,288 --a--c--- c:\windows\system32\dllcache\4mmdat.sys 2009-02-22 13:39 . 2001-08-17 14:06 11,264 --a--c--- c:\windows\system32\dllcache\1394vdbg.sys 2009-02-21 09:49 . 2009-02-21 09:49 <DIR> d-------- c:\program files\DebroPack 2009-02-15 13:53 . 2009-02-25 18:01 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-02-15 13:47 . 2009-02-25 17:54 <DIR> d-------- c:\program files\PC Tools AntiVirus 2009-02-15 13:47 . 2009-02-15 13:47 <DIR> d-------- c:\program files\Common Files\PC Tools 2009-02-15 13:47 . 2009-02-15 13:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-02-15 13:47 . 2007-12-06 16:51 28,568 --a------ c:\windows\system32\drivers\AVHook.sys 2009-02-15 13:47 . 2007-12-06 16:51 21,912 --a------ c:\windows\system32\drivers\AVRec.sys 2009-02-15 13:47 . 2008-02-12 11:44 21,904 --a------ c:\windows\system32\drivers\AVFilter.sys 2009-02-05 18:25 . 2009-02-05 18:25 <DIR> d-------- c:\program files\YouTube Downloader 2009-02-04 16:26 . 2009-02-04 16:26 <DIR> d-------- c:\program files\TabIt . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-26 00:52 --------- d-----w c:\program files\Blue Coat K9 Web Protection 2009-02-25 02:06 --------- d-----w c:\program files\Microsoft SQL Server 2009-02-25 01:57 --------- d-----w c:\documents and settings\Gamer\Application Data\uTorrent 2009-02-16 18:01 --------- d-----w c:\documents and settings\Gamer\Application Data\Hamachi 2009-02-15 22:04 --------- d-----w c:\program files\World of Warcraft 2009-02-15 20:56 --------- d-----w c:\documents and settings\Gamer\Application Data\PC Tools 2009-02-14 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 3 2009-02-02 01:27 --------- d-----w c:\program files\Warcraft III 2009-01-25 19:37 --------- d-----w c:\program files\MagicISO 2009-01-25 05:37 6,386 ----a-w c:\windows\system32\cbXPiHBt.dll 2009-01-24 20:13 --------- d-----w c:\documents and settings\Gamer\Application Data\U3 2009-01-23 01:24 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-23 01:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-23 01:19 --------- d-----w c:\program files\Microsoft Visual Studio 9.0 2009-01-23 01:19 --------- d-----w c:\program files\LucasArts 2009-01-23 01:13 --------- d-----w c:\program files\Google 2009-01-23 01:12 --------- d-----w c:\program files\Microsoft Games 2009-01-21 23:01 --------- d-----w c:\program files\EscSoft 2009-01-14 23:11 --------- d-----w c:\documents and settings\Gamer\Application Data\Ulead Systems 2009-01-10 20:02 --------- d-----w c:\program files\Common Files\Ulead Systems 2009-01-10 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems 2009-01-10 19:59 --------- d-----w c:\program files\Corel 2009-01-10 16:32 --------- d-----w c:\program files\uTorrent 2009-01-07 23:20 --------- d-----w c:\program files\NetDog 2009-01-06 23:10 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 2009-01-06 22:55 --------- d-----w c:\program files\Hitman Pro 3 2009-01-06 22:50 182 ----a-w c:\documents and settings\Gamer\xrt_log.dat 2009-01-06 02:39 --------- d-----w c:\documents and settings\NetworkService\Application Data\PC Tools 2009-01-02 17:26 --------- d-----w c:\documents and settings\Gamer\Application Data\teamspeak2 2009-01-02 16:02 --------- d-----w c:\program files\StepVoice Recorder 2009-01-02 15:46 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU 2009-01-02 15:45 --------- d-----w c:\program files\Common Files\AVSMedia 2009-01-01 18:04 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys 2009-01-01 18:04 --------- d-----w c:\program files\Hamachi 2008-12-27 16:32 --------- d-----w c:\program files\Microsoft Silverlight 2008-11-11 01:36 27,136 ----a-w c:\documents and settings\Gamer\xrt_temp1.exe 2008-06-23 19:29 22,328 ----a-w c:\documents and settings\Gamer\Application Data\PnkBstrK.sys 2004-12-12 05:43 56 --sh--r c:\windows\system32\447D957DB0.sys . ------- Sigcheck ------- 2002-08-29 13:00 200192 fe84e045a09a4abc4deef7270448b64e c:\windows\$NtServicePackUninstall$\termsrv.dll 2004-08-04 00:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\ServicePackFiles\i386\termsrv.dll 2008-04-13 17:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll 2008-10-14 15:34 295424 40ffc19a8d4875e9e19cecdc76ef9201 c:\windows\system32\termsrv.dll . ((((((((((((((((((((((((((((( SnapShot@2009-02-24_17.23.29.00 ))))))))))))))))))))))))))))))))))))))))) . + 2007-02-10 12:09:12 127,856 ----a-w c:\windows\SQL9_KB960089_ENU\batchparser90.dll + 2007-02-10 12:09:20 1,039,728 ----a-w c:\windows\SQL9_KB960089_ENU\dbghelp.dll + 2007-02-10 12:15:30 1,160,560 ----a-w c:\windows\SQL9_KB960089_ENU\dumpdatastore.dll + 2008-12-18 11:24:10 2,538,848 ----a-w c:\windows\SQL9_KB960089_ENU\hotfix.exe + 2005-10-14 06:26:42 548,864 ----a-w c:\windows\SQL9_KB960089_ENU\msvcp80.dll + 2005-10-14 06:26:42 626,688 ----a-w c:\windows\SQL9_KB960089_ENU\msvcr80.dll + 2007-02-10 12:29:52 143,728 ----a-w c:\windows\SQL9_KB960089_ENU\sqlcmd.exe + 2007-02-10 12:29:52 533,872 ----a-w c:\windows\SQL9_KB960089_ENU\sqldiscoveryapi.dll + 2007-02-10 12:29:54 230,256 ----a-w c:\windows\SQL9_KB960089_ENU\sqlsetupvista.dll + 2007-02-10 12:09:12 127,856 ----a-w c:\windows\SQLTools9_KB960089_ENU\batchparser90.dll + 2007-02-10 12:09:20 1,039,728 ----a-w c:\windows\SQLTools9_KB960089_ENU\dbghelp.dll + 2007-02-10 12:15:30 1,160,560 ----a-w c:\windows\SQLTools9_KB960089_ENU\dumpdatastore.dll + 2008-12-18 11:24:10 2,538,848 ----a-w c:\windows\SQLTools9_KB960089_ENU\hotfix.exe + 2005-10-14 06:26:42 548,864 ----a-w c:\windows\SQLTools9_KB960089_ENU\msvcp80.dll + 2005-10-14 06:26:42 626,688 ----a-w c:\windows\SQLTools9_KB960089_ENU\msvcr80.dll + 2007-02-10 12:29:52 143,728 ----a-w c:\windows\SQLTools9_KB960089_ENU\sqlcmd.exe + 2007-02-10 12:29:52 533,872 ----a-w c:\windows\SQLTools9_KB960089_ENU\sqldiscoveryapi.dll + 2007-02-10 12:29:54 230,256 ----a-w c:\windows\SQLTools9_KB960089_ENU\sqlsetupvista.dll - 2007-10-26 03:36:51 8,454,656 -c----w c:\windows\system32\dllcache\shell32.dll + 2008-07-03 13:16:57 8,454,656 -c----w c:\windows\system32\dllcache\shell32.dll - 2008-12-23 17:31:18 84,954 ----a-w c:\windows\system32\perfc009.dat + 2009-02-25 02:04:36 84,954 ----a-w c:\windows\system32\perfc009.dat - 2008-12-23 17:31:18 479,064 ----a-w c:\windows\system32\perfh009.dat + 2009-02-25 02:04:36 479,064 ----a-w c:\windows\system32\perfh009.dat - 2007-10-26 03:36:51 8,454,656 ----a-w c:\windows\system32\shell32.dll + 2008-07-03 13:16:57 8,454,656 ----a-w c:\windows\system32\shell32.dll - 2007-11-30 12:39:22 17,272 ----a-w c:\windows\system32\spmsg.dll + 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{836A4B93-6F4A-4d61-AD3D-B8225D921F42}] 2009-02-17 13:02 133120 --a------ c:\program files\DebroPack\DebroPack.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504] "PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-12-04 1370000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Gamer^Start Menu^Programs^Startup^hamachi.lnk] path=c:\documents and settings\Gamer\Start Menu\Programs\Startup\hamachi.lnk backup=c:\windows\pss\hamachi.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro3] --a------ 2009-01-06 15:54 4590200 c:\program files\Hitman Pro 3\hitmanpro3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-10-22 11:22 7700480 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2] --a------ 2004-01-05 18:34 40960 c:\windows\vsnpstd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-10-22 11:22 1622016 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2008-11-21 72992] R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2008-11-21 1078560] R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [2008-06-23 65536] R3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [2006-06-15 347648] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S3 VSPerfDrv;Performance Tools Driver;c:\program files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2005-09-23 54464] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42d0059a-e373-11dd-baef-0060b3f821b9}] \Shell\AutoRun\command - I:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZCfox000 IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll LSP: c:\progra~1\NetDog\netd.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Gamer\Application Data\Mozilla\Firefox\Profiles\wsi2413y.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-25 18:16:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(988) c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'lsass.exe'(1068) c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'csrss.exe'(964) c:\program files\PC Tools AntiVirus\PCTAVHook.dll . Completion time: 2009-02-25 18:19:02 ComboFix-quarantined-files.txt 2009-02-26 01:18:59 ComboFix2.txt 2009-02-25 00:25:52 Pre-Run: 3,939,643,392 bytes free Post-Run: 3,923,165,184 bytes free 243 --- E O F --- 2009-02-25 02:08:35 KASPERSKY ONLINE SCANNER 7 REPORT Thursday, February 26, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, February 26, 2009 14:32:52 Records in database: 1848216 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ F:\ G:\ H:\ Scan statistics Files scanned 102756 Threat name 14 Infected objects 31 Suspicious objects 0 Duration of the scan 02:58:52 File name Threat name Threats count C:\Program Files\DebroPack\DebroPack.dll/C:\Program Files\DebroPack\DebroPack.dll Infected: Trojan.Win32.BHO.mtt 1 C:\Documents and Settings\All Users\Application Data\lcxkzsno\jaxwtkpy.exe Infected: Trojan-Downloader.Win32.Obfuscated.dyq 1 C:\Program Files\DebroPack\DebroPack.dll Infected: Trojan.Win32.BHO.mtt 1 C:\Qoobox\Quarantine\C\Documents and Settings\Gamer\Application Data\cogad\cogad.exe.vir Infected: Trojan.Win32.Agent.bgbt 1 C:\Qoobox\Quarantine\C\Program Files\GetModule\GetModule35.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.kku 1 C:\Qoobox\Quarantine\C\Program Files\GetPack\GetPack30.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.ksz 1 C:\Qoobox\Quarantine\C\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll.vir Infected: not-a-virus:AdWare.Win32.Shopper.v 1 C:\Qoobox\Quarantine\C\Program Files\VnrPack\VnrPack25.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.kvs 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXRJyxu.dll.vir Infected: Trojan.Win32.Monder.aswk 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\winexy32.dll.vir Infected: Trojan.Win32.Obfuscated.abeh 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\wpv491232809217.cpx.vir Infected: not-a-virus:AdWare.Win32.Agent.kku 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir Infected: Trojan-Downloader.Win32.Small.jeh 1 D:\demo pc\Mindgate\TheSlideShow.exe Infected: Trojan-Proxy.Win32.Wopla.ac 1 E:\Downloads\drivers\befaster\befas252.exe Infected: not-a-virus:AdWare.Win32.WebHancer.16 8 E:\Downloads\drivers\befaster.zip Infected: not-a-virus:AdWare.Win32.WebHancer.16 8 E:\Downloads\ramidle.zip Infected: not-a-virus:AdWare.Win32.OnFlow 1 E:\Downloads\WxBugUpgrade27.exe Infected: not-a-virus:AdWare.Win32.Gator.1023 1 The selected area was scanned. Sorry for any inconvenience |
|
|
|
|
02-26-2009, 10:23 PM
|
#7 (permalink) | |
|
Analyst, Security Team
|
Re: Numerless Popups
Hi there
I do notice that you have 2 anti virus applications running, although this may seem like a sound idea to double your protection, you are actually putting your system at risk from conflicts and slowdowns. I would choose from just one from what you are running and uninstall the other. Go to start menu - Select Run and in the command box type in notepad Next - copy/paste the text in the code box below into it: Quote:
- Drag the CFScript.txt over onto Combofix.exe and release. Combofix will then execute the script and produce a fresh log, post this log back in your next reply.
__________________
If we have helped you then please consider donating Proud Member of ASAP & UNITE Since 2007 |
|
|
|
|
|
02-28-2009, 10:28 AM
|
#8 (permalink) |
|
Registered User
Join Date: Mar 2008
Location: Utah
Posts: 36
OS: windows xp
|
Re: Numerless Popups
I uninstalled AVG a while back and it should not be there anymore
ComboFix 09-02-27.01 - Gamer 2009-02-28 10:24:27.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.151 [GMT -7:00] Running from: c:\documents and settings\Gamer\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Gamer\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) AV: PC Tools AntiVirus 5.0.1.1 *On-access scanning enabled* (Outdated) * Created a new restore point . - REDUCED FUNCTIONALITY MODE - FILE :: c:\documents and settings\All Users\Application Data\lcxkzsno\jaxwtkpy.exe d:\demo pc\Mindgate\TheSlideShow.exe e:\downloads\drivers\befaster.zip e:\downloads\drivers\befaster\befas252.exe e:\downloads\ramidle.zip e:\downloads\WxBugUpgrade27.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\lcxkzsno\jaxwtkpy.exe c:\program files\DebroPack c:\program files\DebroPack\DebroPack.dll c:\program files\DebroPack\qdrloader.exe c:\program files\DebroPack\Uninstall.exe d:\demo pc\Mindgate\TheSlideShow.exe e:\downloads\drivers\befaster.zip e:\downloads\drivers\befaster\befas252.exe e:\downloads\ramidle.zip e:\downloads\WxBugUpgrade27.exe . ((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 ))))))))))))))))))))))))))))))) . 2009-02-28 09:59 . 2009-02-28 10:03 <DIR> d-------- c:\program files\FinalUninstaller 2009-02-25 19:16 . 2009-02-25 19:16 <DIR> d-------- c:\windows\Sun 2009-02-25 19:06 . 2009-02-25 19:06 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-25 19:06 . 2009-02-25 19:06 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-25 19:05 . 2009-02-25 19:05 <DIR> d-------- c:\program files\Java 2009-02-25 18:02 . 2009-02-25 18:02 <DIR> d-------- c:\program files\CCleaner 2009-02-24 19:06 . 2009-02-24 19:06 <DIR> d-------- c:\windows\SQLTools9_KB960089_ENU 2009-02-24 19:02 . 2009-02-24 19:02 <DIR> d-------- c:\windows\SQL9_KB960089_ENU 2009-02-24 17:20 . 2009-01-09 12:18 1,089,601 -----c--- c:\windows\system32\dllcache\ntprint.cat 2009-02-22 13:48 . 2009-02-22 14:02 250 --a------ c:\windows\gmer.ini 2009-02-22 13:41 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll 2009-02-22 13:40 . 2001-08-17 12:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys 2009-02-22 13:39 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys 2009-02-22 13:39 . 2001-08-17 14:55 689,216 --a--c--- c:\windows\system32\dllcache\3dfxvs.dll 2009-02-22 13:39 . 2001-08-17 12:48 148,352 --a--c--- c:\windows\system32\dllcache\3dfxvsm.sys 2009-02-22 13:39 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll 2009-02-22 13:39 . 2004-08-03 23:00 12,288 --a--c--- c:\windows\system32\dllcache\4mmdat.sys 2009-02-22 13:39 . 2001-08-17 14:06 11,264 --a--c--- c:\windows\system32\dllcache\1394vdbg.sys 2009-02-15 13:53 . 2009-02-28 10:13 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-02-15 13:47 . 2009-02-28 09:48 <DIR> d-------- c:\program files\PC Tools AntiVirus 2009-02-15 13:47 . 2009-02-15 13:47 <DIR> d-------- c:\program files\Common Files\PC Tools 2009-02-15 13:47 . 2009-02-15 13:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-02-15 13:47 . 2007-12-06 16:51 28,568 --a------ c:\windows\system32\drivers\AVHook.sys 2009-02-15 13:47 . 2007-12-06 16:51 21,912 --a------ c:\windows\system32\drivers\AVRec.sys 2009-02-15 13:47 . 2008-02-12 11:44 21,904 --a------ c:\windows\system32\drivers\AVFilter.sys 2009-02-05 18:25 . 2009-02-05 18:25 <DIR> d-------- c:\program files\YouTube Downloader 2009-02-04 16:26 . 2009-02-04 16:26 <DIR> d-------- c:\program files\TabIt . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-28 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\lcxkzsno 2009-02-28 17:11 --------- d-----w c:\program files\Yahoo! 2009-02-28 17:09 --------- d-----w c:\program files\Bonjour 2009-02-28 17:09 --------- d-----w c:\documents and settings\Gamer\Application Data\PC Tools 2009-02-28 16:40 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-28 16:40 --------- d-----w c:\program files\Blue Coat K9 Web Protection 2009-02-25 02:06 --------- d-----w c:\program files\Microsoft SQL Server 2009-02-16 18:01 --------- d-----w c:\documents and settings\Gamer\Application Data\Hamachi 2009-02-15 22:04 --------- d-----w c:\program files\World of Warcraft 2009-02-14 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 3 2009-02-02 01:27 --------- d-----w c:\program files\Warcraft III 2009-01-25 19:37 --------- d-----w c:\program files\MagicISO 2009-01-25 05:37 6,386 ----a-w c:\windows\system32\cbXPiHBt.dll 2009-01-24 20:13 --------- d-----w c:\documents and settings\Gamer\Application Data\U3 2009-01-23 01:24 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-23 01:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-23 01:19 --------- d-----w c:\program files\Microsoft Visual Studio 9.0 2009-01-23 01:19 --------- d-----w c:\program files\LucasArts 2009-01-23 01:13 --------- d-----w c:\program files\Google 2009-01-23 01:12 --------- d-----w c:\program files\Microsoft Games 2009-01-21 23:01 --------- d-----w c:\program files\EscSoft 2009-01-14 23:11 --------- d-----w c:\documents and settings\Gamer\Application Data\Ulead Systems 2009-01-10 20:02 --------- d-----w c:\program files\Common Files\Ulead Systems 2009-01-10 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems 2009-01-10 19:59 --------- d-----w c:\program files\Corel 2009-01-07 23:20 --------- d-----w c:\program files\NetDog 2009-01-06 23:10 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 2009-01-06 22:55 --------- d-----w c:\program files\Hitman Pro 3 2009-01-06 22:50 182 ----a-w c:\documents and settings\Gamer\xrt_log.dat 2009-01-06 02:39 --------- d-----w c:\documents and settings\NetworkService\Application Data\PC Tools 2009-01-02 17:26 --------- d-----w c:\documents and settings\Gamer\Application Data\teamspeak2 2009-01-02 16:02 --------- d-----w c:\program files\StepVoice Recorder 2009-01-02 15:46 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU 2009-01-02 15:45 --------- d-----w c:\program files\Common Files\AVSMedia 2009-01-01 18:04 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys 2009-01-01 18:04 --------- d-----w c:\program files\Hamachi 2008-11-11 01:36 27,136 ----a-w c:\documents and settings\Gamer\xrt_temp1.exe 2008-06-23 19:29 22,328 ----a-w c:\documents and settings\Gamer\Application Data\PnkBstrK.sys 2004-12-12 05:43 56 --sh--r c:\windows\system32\447D957DB0.sys . ------- Sigcheck ------- 2002-08-29 13:00 200192 fe84e045a09a4abc4deef7270448b64e c:\windows\$NtServicePackUninstall$\termsrv.dll 2004-08-04 00:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\ServicePackFiles\i386\termsrv.dll 2008-04-13 17:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll 2008-10-14 15:34 295424 40ffc19a8d4875e9e19cecdc76ef9201 c:\windows\system32\termsrv.dll . ((((((((((((((((((((((((((((( SnapShot@2009-02-24_17.23.29.00 ))))))))))))))))))))))))))))))))))))))))) . + 2007-02-10 12:09:12 127,856 ----a-w c:\windows\SQL9_KB960089_ENU\batchparser90.dll + 2007-02-10 12:09:20 1,039,728 ----a-w c:\windows\SQL9_KB960089_ENU\dbghelp.dll + 2007-02-10 12:15:30 1,160,560 ----a-w c:\windows\SQL9_KB960089_ENU\dumpdatastore.dll + 2008-12-18 11:24:10 2,538,848 ----a-w c:\windows\SQL9_KB960089_ENU\hotfix.exe + 2005-10-14 06:26:42 548,864 ----a-w c:\windows\SQL9_KB960089_ENU\msvcp80.dll + 2005-10-14 06:26:42 626,688 ----a-w c:\windows\SQL9_KB960089_ENU\msvcr80.dll + 2007-02-10 12:29:52 143,728 ----a-w c:\windows\SQL9_KB960089_ENU\sqlcmd.exe + 2007-02-10 12:29:52 533,872 ----a-w c:\windows\SQL9_KB960089_ENU\sqldiscoveryapi.dll + 2007-02-10 12:29:54 230,256 ----a-w c:\windows\SQL9_KB960089_ENU\sqlsetupvista.dll + 2007-02-10 12:09:12 127,856 ----a-w c:\windows\SQLTools9_KB960089_ENU\batchparser90.dll + 2007-02-10 12:09:20 1,039,728 ----a-w c:\windows\SQLTools9_KB960089_ENU\dbghelp.dll + 2007-02-10 12:15:30 1,160,560 ----a-w c:\windows\SQLTools9_KB960089_ENU\dumpdatastore.dll + 2008-12-18 11:24:10 2,538,848 ----a-w c:\windows\SQLTools9_KB960089_ENU\hotfix.exe + 2005-10-14 06:26:42 548,864 ----a-w c:\windows\SQLTools9_KB960089_ENU\msvcp80.dll + 2005-10-14 06:26:42 626,688 ----a-w c:\windows\SQLTools9_KB960089_ENU\msvcr80.dll + 2007-02-10 12:29:52 143,728 ----a-w c:\windows\SQLTools9_KB960089_ENU\sqlcmd.exe + 2007-02-10 12:29:52 533,872 ----a-w c:\windows\SQLTools9_KB960089_ENU\sqldiscoveryapi.dll + 2007-02-10 12:29:54 230,256 ----a-w c:\windows\SQLTools9_KB960089_ENU\sqlsetupvista.dll - 2007-10-26 03:36:51 8,454,656 -c----w c:\windows\system32\dllcache\shell32.dll + 2008-07-03 13:16:57 8,454,656 -c----w c:\windows\system32\dllcache\shell32.dll + 2009-02-26 02  02 144,792 ----a-w c:\windows\system32\java.exe+ 2009-02-26 02 03 144,792 ----a-w c:\windows\system32\javaw.exe+ 2009-02-26 02 03 148,888 ----a-w c:\windows\system32\javaws.exe- 2008-12-23 17:31:18 84,954 ----a-w c:\windows\system32\perfc009.dat + 2009-02-25 02:04:36 84,954 ----a-w c:\windows\system32\perfc009.dat - 2008-12-23 17:31:18 479,064 ----a-w c:\windows\system32\perfh009.dat + 2009-02-25 02:04:36 479,064 ----a-w c:\windows\system32\perfh009.dat - 2007-10-26 03:36:51 8,454,656 ----a-w c:\windows\system32\shell32.dll + 2008-07-03 13:16:57 8,454,656 ----a-w c:\windows\system32\shell32.dll - 2007-11-30 12:39:22 17,272 ----a-w c:\windows\system32\spmsg.dll + 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll + 2009-02-28 16:40:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_22c.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504] "PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-12-04 1370000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-25 148888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Gamer^Start Menu^Programs^Startup^hamachi.lnk] path=c:\documents and settings\Gamer\Start Menu\Programs\Startup\hamachi.lnk backup=c:\windows\pss\hamachi.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro3] --a------ 2009-01-06 15:54 4590200 c:\program files\Hitman Pro 3\hitmanpro3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-10-22 11:22 7700480 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2] --a------ 2004-01-05 18:34 40960 c:\windows\vsnpstd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-10-22 11:22 1622016 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2008-11-21 72992] R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2008-11-21 1078560] R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [2008-06-23 65536] R3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [2006-06-15 347648] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S3 VSPerfDrv;Performance Tools Driver;c:\program files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2005-09-23 54464] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808] --- Other Services/Drivers In Memory --- *Deregistered* - Bonjour Service *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42d0059a-e373-11dd-baef-0060b3f821b9}] \Shell\AutoRun\command - I:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - BHO-{836A4B93-6F4A-4d61-AD3D-B8225D921F42} - c:\program files\DebroPack\DebroPack.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZCfox000 IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll LSP: c:\progra~1\NetDog\netd.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Gamer\Application Data\Mozilla\Firefox\Profiles\wsi2413y.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-28 10:25:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1008) c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'lsass.exe'(1064) c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'csrss.exe'(984) c:\program files\PC Tools AntiVirus\PCTAVHook.dll . Completion time: 2009-02-28 10:27:47 ComboFix-quarantined-files.txt 2009-02-28 17:27:45 ComboFix2.txt 2009-02-26 01:19:05 ComboFix3.txt 2009-02-25 00:25:52 Pre-Run: 3,528,544,256 bytes free Post-Run: 3,609,280,512 bytes free 270 --- E O F --- 2009-02-26 14:16:32 |
|
|
|
|
02-28-2009, 10:29 AM
|
#9 (permalink) |
|
Registered User
Join Date: Mar 2008
Location: Utah
Posts: 36
OS: windows xp
|
Re: Numerless Popups
I uninstalled AVG a while back and it should not be there anymore
ComboFix 09-02-27.01 - Gamer 2009-02-28 10:24:27.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.151 [GMT -7:00] Running from: c:\documents and settings\Gamer\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Gamer\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) AV: PC Tools AntiVirus 5.0.1.1 *On-access scanning enabled* (Outdated) * Created a new restore point . - REDUCED FUNCTIONALITY MODE - FILE :: c:\documents and settings\All Users\Application Data\lcxkzsno\jaxwtkpy.exe d:\demo pc\Mindgate\TheSlideShow.exe e:\downloads\drivers\befaster.zip e:\downloads\drivers\befaster\befas252.exe e:\downloads\ramidle.zip e:\downloads\WxBugUpgrade27.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\lcxkzsno\jaxwtkpy.exe c:\program files\DebroPack c:\program files\DebroPack\DebroPack.dll c:\program files\DebroPack\qdrloader.exe c:\program files\DebroPack\Uninstall.exe d:\demo pc\Mindgate\TheSlideShow.exe e:\downloads\drivers\befaster.zip e:\downloads\drivers\befaster\befas252.exe e:\downloads\ramidle.zip e:\downloads\WxBugUpgrade27.exe . ((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 ))))))))))))))))))))))))))))))) . 2009-02-28 09:59 . 2009-02-28 10:03 <DIR> d-------- c:\program files\FinalUninstaller 2009-02-25 19:16 . 2009-02-25 19:16 <DIR> d-------- c:\windows\Sun 2009-02-25 19:06 . 2009-02-25 19:06 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-25 19:06 . 2009-02-25 19:06 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-25 19:05 . 2009-02-25 19:05 <DIR> d-------- c:\program files\Java 2009-02-25 18:02 . 2009-02-25 18:02 <DIR> d-------- c:\program files\CCleaner 2009-02-24 19:06 . 2009-02-24 19:06 <DIR> d-------- c:\windows\SQLTools9_KB960089_ENU 2009-02-24 19:02 . 2009-02-24 19:02 <DIR> d-------- c:\windows\SQL9_KB960089_ENU 2009-02-24 17:20 . 2009-01-09 12:18 1,089,601 -----c--- c:\windows\system32\dllcache\ntprint.cat 2009-02-22 13:48 . 2009-02-22 14:02 250 --a------ c:\windows\gmer.ini 2009-02-22 13:41 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll 2009-02-22 13:40 . 2001-08-17 12:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys 2009-02-22 13:39 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys 2009-02-22 13:39 . 2001-08-17 14:55 689,216 --a--c--- c:\windows\system32\dllcache\3dfxvs.dll 2009-02-22 13:39 . 2001-08-17 12:48 148,352 --a--c--- c:\windows\system32\dllcache\3dfxvsm.sys 2009-02-22 13:39 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll 2009-02-22 13:39 . 2004-08-03 23:00 12,288 --a--c--- c:\windows\system32\dllcache\4mmdat.sys 2009-02-22 13:39 . 2001-08-17 14:06 11,264 --a--c--- c:\windows\system32\dllcache\1394vdbg.sys 2009-02-15 13:53 . 2009-02-28 10:13 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-02-15 13:47 . 2009-02-28 09:48 <DIR> d-------- c:\program files\PC Tools AntiVirus 2009-02-15 13:47 . 2009-02-15 13:47 <DIR> d-------- c:\program files\Common Files\PC Tools 2009-02-15 13:47 . 2009-02-15 13:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-02-15 13:47 . 2007-12-06 16:51 28,568 --a------ c:\windows\system32\drivers\AVHook.sys 2009-02-15 13:47 . 2007-12-06 16:51 21,912 --a------ c:\windows\system32\drivers\AVRec.sys 2009-02-15 13:47 . 2008-02-12 11:44 21,904 --a------ c:\windows\system32\drivers\AVFilter.sys 2009-02-05 18:25 . 2009-02-05 18:25 <DIR> d-------- c:\program files\YouTube Downloader 2009-02-04 16:26 . 2009-02-04 16:26 <DIR> d-------- c:\program files\TabIt . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-28 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\lcxkzsno 2009-02-28 17:11 --------- d-----w c:\program files\Yahoo! 2009-02-28 17:09 --------- d-----w c:\program files\Bonjour 2009-02-28 17:09 --------- d-----w c:\documents and settings\Gamer\Application Data\PC Tools 2009-02-28 16:40 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-28 16:40 --------- d-----w c:\program files\Blue Coat K9 Web Protection 2009-02-25 02:06 --------- d-----w c:\program files\Microsoft SQL Server 2009-02-16 18:01 --------- d-----w c:\documents and settings\Gamer\Application Data\Hamachi 2009-02-15 22:04 --------- d-----w c:\program files\World of Warcraft 2009-02-14 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 3 2009-02-02 01:27 --------- d-----w c:\program files\Warcraft III 2009-01-25 19:37 --------- d-----w c:\program files\MagicISO 2009-01-25 05:37 6,386 ----a-w c:\windows\system32\cbXPiHBt.dll 2009-01-24 20:13 --------- d-----w c:\documents and settings\Gamer\Application Data\U3 2009-01-23 01:24 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-23 01:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-23 01:19 --------- d-----w c:\program files\Microsoft Visual Studio 9.0 2009-01-23 01:19 --------- d-----w c:\program files\LucasArts 2009-01-23 01:13 --------- d-----w c:\program files\Google 2009-01-23 01:12 --------- d-----w c:\program files\Microsoft Games 2009-01-21 23:01 --------- d-----w c:\program files\EscSoft 2009-01-14 23:11 --------- d-----w c:\documents and settings\Gamer\Application Data\Ulead Systems 2009-01-10 20:02 --------- d-----w c:\program files\Common Files\Ulead Systems 2009-01-10 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems 2009-01-10 19:59 --------- d-----w c:\program files\Corel 2009-01-07 23:20 --------- d-----w c:\program files\NetDog 2009-01-06 23:10 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 2009-01-06 22:55 --------- d-----w c:\program files\Hitman Pro 3 2009-01-06 22:50 182 ----a-w c:\documents and settings\Gamer\xrt_log.dat 2009-01-06 02:39 --------- d-----w c:\documents and settings\NetworkService\Application Data\PC Tools 2009-01-02 17:26 --------- d-----w c:\documents and settings\Gamer\Application Data\teamspeak2 2009-01-02 16:02 --------- d-----w c:\program files\StepVoice Recorder 2009-01-02 15:46 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU 2009-01-02 15:45 --------- d-----w c:\program files\Common Files\AVSMedia 2009-01-01 18:04 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys 2009-01-01 18:04 --------- d-----w c:\program files\Hamachi 2008-11-11 01:36 27,136 ----a-w c:\documents and settings\Gamer\xrt_temp1.exe 2008-06-23 19:29 22,328 ----a-w c:\documents and settings\Gamer\Application Data\PnkBstrK.sys 2004-12-12 05:43 56 --sh--r c:\windows\system32\447D957DB0.sys . ------- Sigcheck ------- 2002-08-29 13:00 200192 fe84e045a09a4abc4deef7270448b64e c:\windows\$NtServicePackUninstall$\termsrv.dll 2004-08-04 00:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\ServicePackFiles\i386\termsrv.dll 2008-04-13 17:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll 2008-10-14 15:34 295424 40ffc19a8d4875e9e19cecdc76ef9201 c:\windows\system32\termsrv.dll . ((((((((((((((((((((((((((((( SnapShot@2009-02-24_17.23.29.00 ))))))))))))))))))))))))))))))))))))))))) . + 2007-02-10 12:09:12 127,856 ----a-w c:\windows\SQL9_KB960089_ENU\batchparser90.dll + 2007-02-10 12:09:20 1,039,728 ----a-w c:\windows\SQL9_KB960089_ENU\dbghelp.dll + 2007-02-10 12:15:30 1,160,560 ----a-w c:\windows\SQL9_KB960089_ENU\dumpdatastore.dll + 2008-12-18 11:24:10 2,538,848 ----a-w c:\windows\SQL9_KB960089_ENU\hotfix.exe + 2005-10-14 06:26:42 548,864 ----a-w c:\windows\SQL9_KB960089_ENU\msvcp80.dll + 2005-10-14 06:26:42 626,688 ----a-w c:\windows\SQL9_KB960089_ENU\msvcr80.dll + 2007-02-10 12:29:52 143,728 ----a-w c:\windows\SQL9_KB960089_ENU\sqlcmd.exe + 2007-02-10 12:29:52 533,872 ----a-w c:\windows\SQL9_KB960089_ENU\sqldiscoveryapi.dll + 2007-02-10 12:29:54 230,256 ----a-w c:\windows\SQL9_KB960089_ENU\sqlsetupvista.dll + 2007-02-10 12:09:12 127,856 ----a-w c:\windows\SQLTools9_KB960089_ENU\batchparser90.dll + 2007-02-10 12:09:20 1,039,728 ----a-w c:\windows\SQLTools9_KB960089_ENU\dbghelp.dll + 2007-02-10 12:15:30 1,160,560 ----a-w c:\windows\SQLTools9_KB960089_ENU\dumpdatastore.dll + 2008-12-18 11:24:10 2,538,848 ----a-w c:\windows\SQLTools9_KB960089_ENU\hotfix.exe + 2005-10-14 06:26:42 548,864 ----a-w c:\windows\SQLTools9_KB960089_ENU\msvcp80.dll + 2005-10-14 06:26:42 626,688 ----a-w c:\windows\SQLTools9_KB960089_ENU\msvcr80.dll + 2007-02-10 12:29:52 143,728 ----a-w c:\windows\SQLTools9_KB960089_ENU\sqlcmd.exe + 2007-02-10 12:29:52 533,872 ----a-w c:\windows\SQLTools9_KB960089_ENU\sqldiscoveryapi.dll + 2007-02-10 12:29:54 230,256 ----a-w c:\windows\SQLTools9_KB960089_ENU\sqlsetupvista.dll - 2007-10-26 03:36:51 8,454,656 -c----w c:\windows\system32\dllcache\shell32.dll + 2008-07-03 13:16:57 8,454,656 -c----w c:\windows\system32\dllcache\shell32.dll + 2009-02-26 02 02 144,792 ----a-w c:\windows\system32\java.exe+ 2009-02-26 02 03 144,792 ----a-w c:\windows\system32\javaw.exe+ 2009-02-26 02 03 148,888 ----a-w c:\windows\system32\javaws.exe- 2008-12-23 17:31:18 84,954 ----a-w c:\windows\system32\perfc009.dat + 2009-02-25 02:04:36 84,954 ----a-w c:\windows\system32\perfc009.dat - 2008-12-23 17:31:18 479,064 ----a-w c:\windows\system32\perfh009.dat + 2009-02-25 02:04:36 479,064 ----a-w c:\windows\system32\perfh009.dat - 2007-10-26 03:36:51 8,454,656 ----a-w c:\windows\system32\shell32.dll + 2008-07-03 13:16:57 8,454,656 ----a-w c:\windows\system32\shell32.dll - 2007-11-30 12:39:22 17,272 ----a-w c:\windows\system32\spmsg.dll + 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll + 2009-02-28 16:40:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_22c.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504] "PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-12-04 1370000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-25 148888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Gamer^Start Menu^Programs^Startup^hamachi.lnk] path=c:\documents and settings\Gamer\Start Menu\Programs\Startup\hamachi.lnk backup=c:\windows\pss\hamachi.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro3] --a------ 2009-01-06 15:54 4590200 c:\program files\Hitman Pro 3\hitmanpro3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-10-22 11:22 7700480 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2] --a------ 2004-01-05 18:34 40960 c:\windows\vsnpstd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-10-22 11:22 1622016 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2008-11-21 72992] R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2008-11-21 1078560] R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [2008-06-23 65536] R3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [2006-06-15 347648] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S3 VSPerfDrv;Performance Tools Driver;c:\program files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2005-09-23 54464] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808] --- Other Services/Drivers In Memory --- *Deregistered* - Bonjour Service *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42d0059a-e373-11dd-baef-0060b3f821b9}] \Shell\AutoRun\command - I:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - BHO-{836A4B93-6F4A-4d61-AD3D-B8225D921F42} - c:\program files\DebroPack\DebroPack.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZCfox000 IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll LSP: c:\progra~1\NetDog\netd.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Gamer\Application Data\Mozilla\Firefox\Profiles\wsi2413y.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-28 10:25:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1008) c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'lsass.exe'(1064) c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'csrss.exe'(984) c:\program files\PC Tools AntiVirus\PCTAVHook.dll . Completion time: 2009-02-28 10:27:47 ComboFix-quarantined-files.txt 2009-02-28 17:27:45 ComboFix2.txt 2009-02-26 01:19:05 ComboFix3.txt 2009-02-25 00:25:52 Pre-Run: 3,528,544,256 bytes free Post-Run: 3,609,280,512 bytes free 270 --- E O F --- 2009-02-26 14:16:32 |
|
|
|
|
03-01-2009, 01:51 AM
|
#10 (permalink) | |
|
Analyst, Security Team
|
Re: Numerless Popups
Hi there
Great work, so far so good, just a couple of left over entries to sort and your good to go.... Open NOTEPAD.exe and copy/paste the text in the quotebox below into it: Quote:
It should look like this:  Double click on fix.bat & allow it to run Post back and tell me what it says Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system. There is a newer version of Adobe Acrobat Reader available.
When the installation is complete go to Add/Remove Programs and uninstall all previous versions. Lets tidy up after ourselves The following will implement some cleanup procedures as well as reset System Restore points: Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /u Now that you appear to be free from malware lets help you stay that way! Update windows on a regular basis - If you do not have automatic updates enabled then Visit Microsoft's Update Page and update your computer from there Update your virus checker on a regular basis - It is no use having a virus checker with out of date definitions. Keep an eye on your firewall. check what it wants to allow, do not simply allow everything, If there is any processes that you are unsure of then dont be afraid to ask for advice. For more information on firewalls read this article here Make your Internet Explorer more secure - This can be done by following these simple instructions: Open Internet Explorer, click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialise and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Safer Browsing Use software such as Trendprotect or Sitehound to help you stay away from unsuspecting sites that have malicious purposes. Use Spywareblaster to help prevent the installation of unwanted BHO's (Browser Helper Objects) Use an alternative browser Other browsers tend to be more secure than IE as they do not make use of active x objects, active x objects can be used by spyware as an infection point on your computer. Safer non active x browsers include Opera browser and, more recently, Firefox browser. Computer Maintenance Malware can breed in temporary locations. Use a program such as ccleaner slim to clear out temporary files your computer on a regular basis. Scan your computer regularly for malware Scan on a regular basis to keep your computer clean, free software such as Spybot's Search & Destroy and Adaware 2007 Free by Lavasoft can help you keep clear. These products are scan on demand and do not have active back ground scanning. These two products can be installed together without any complications. Other alternative software that runs under licience and monitors your computer continuously in the background for malware is Malwarebytes Anti-Malware (MBAM) - Please note that this product can also be run as free without a licience but the background protection will not be active. Secure your router Change your routers default username and password, do not leave it at factory preset, doing so makes it easy for unauthorised access. Encrypt your network. Set your wireless network encryption to a minimum level of WPA-PSK [TKIP]. This will help prevent any unauthorised users "piggybacking" onto your network and stealing your bandwidth which you have rightly paid for. I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preveting malware, and how to stay safe whilst browsing the internet. -> So How Did I Get Infected In First Place - By TonyKlein -> How to prevent Malware - By miekiemoes -> I'm not pulling your leg, honest - By Sandi Hardmeie **Kindly respond one more time and let me know if we may consider this thread resolved.
__________________
If we have helped you then please consider donating Proud Member of ASAP & UNITE Since 2007 |
|
|
|
|
|
03-06-2009, 12:43 AM
|
#14 (permalink) |
|
Analyst, Security Team
|
Re: Numerless Popups
Now this issue is resolved I will now discontinue monitoring this thread for replies. Should you require any further assistance please start a new topic in the relevant section of the forums
Good luck and happy safe surfing!
__________________
If we have helped you then please consider donating Proud Member of ASAP & UNITE Since 2007 |
|
|
|
| Thread Tools | |
|
|
