Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Lots of Popups
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Lots of Popups  
Forum Quick Jump
 
New Topic Post reply to : Lots of Popups Printable version of : Lots of Popups
[ << Previous Thread | Next Thread >> ]

Aruji
New Member


Date Joined Aug 2007
Total Posts : 15
  		   Posted 12-30-2007 9:49 (GMT +1)    Quote: Lots of PopupsAlert an admin about: Lots of Popups
Well.. I'm back again. I don't even know what happened this time, but I've been getting a lot of pop ups over the past few days. I already did my hijackthis file and the full system superantispyware scan.

Logfile of HijackThis v1.99.1
Scan saved at 3:46:40 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\troy44.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Spruce\X_Spruce.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\My Documents\Virus stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/today/aimtoday.adp?type=2&product=9&platform=1&channel=283&build=3861&SN=CLONGCHJEMCDONGKHJEPDJNL&CC=BINOFCEK&PC=HCLEDICABB&segment=-1&UTC=1198426759<=1198408759&nlogin=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [troy44] C:\WINDOWS\troy44.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dmv] "C:\Documents and Settings\Owner\My Documents\s?mbols\m?hta.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Startup: Spruce - Auto Update.lnk = C:\Program Files\Spruce\Spruce.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Motorola Wireless USB Adapter.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198430471273
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/30/2007 at 03:26 PM

Application Version : 3.9.1008

Core Rules Database Version : 3353
Trace Rules Database Version: 1352

Scan type : Complete Scan
Total Scan Time : 03:28:58

Memory items scanned : 521
Memory threats detected : 2
Registry items scanned : 5614
Registry threats detected : 35
File items scanned : 69788
File threats detected : 84

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\MLLMJ.DLL
C:\WINDOWS\SYSTEM32\MLLMJ.DLL
HKLM\Software\Classes\CLSID\{29604D26-3DD8-4548-AE99-741586A8E4EE}
HKCR\CLSID\{29604D26-3DD8-4548-AE99-741586A8E4EE}
HKCR\CLSID\{29604D26-3DD8-4548-AE99-741586A8E4EE}\InprocServer32
HKCR\CLSID\{29604D26-3DD8-4548-AE99-741586A8E4EE}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29604D26-3DD8-4548-AE99-741586A8E4EE}

Unclassified.Unknown Origin
C:\WINDOWS\Q29YZXKGRWXSAXNVBG\COMMAND.EXE
C:\WINDOWS\Q29YZXKGRWXSAXNVBG\COMMAND.EXE
HKLM\System\ControlSet001\Services\cmdService
HKLM\System\ControlSet002\Services\cmdService
HKLM\System\CurrentControlSet\Services\cmdService
C:\WINDOWS\Prefetch\COMMAND.EXE-01B3F9AE.pf

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@advertising.txt
C:\Documents and Settings\Owner\Cookies\owner@www.advertyz.txt
C:\Documents and Settings\Owner\Cookies\owner@adprofile.txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver.txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket.txt
C:\Documents and Settings\Owner\Cookies\owner@ads.foodbuzz.txt
C:\Documents and Settings\Owner\Cookies\owner@tremor.adbureau.txt
C:\Documents and Settings\Owner\Cookies\owner@directtrack.txt
C:\Documents and Settings\Owner\Cookies\owner@www.popunderserver.txt
C:\Documents and Settings\Owner\Cookies\owner@anti-virus-pro.txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda.txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak.txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion.txt
C:\Documents and Settings\Owner\Cookies\owner@ads3.blastro.txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick.txt
C:\Documents and Settings\Owner\Cookies\owner@eas.apm.emediate.txt
C:\Documents and Settings\Owner\Cookies\owner@zedo.txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick.txt
C:\Documents and Settings\Owner\Cookies\owner@angleinteractive.directtrack.txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix.txt
C:\Documents and Settings\Owner\Cookies\owner@atlas.entrepreneur.txt
C:\Documents and Settings\Owner\Cookies\owner@revsci.txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt.txt
C:\Documents and Settings\Owner\Cookies\owner@tripod.lycos.txt
C:\Documents and Settings\Owner\Cookies\owner@ads.realtechnetwork.txt
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler.txt
C:\Documents and Settings\Owner\Cookies\owner@lynxtrack.txt
C:\Documents and Settings\Owner\Cookies\owner@html.txt
C:\Documents and Settings\Owner\Cookies\owner@adserve.ammgroup.txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick.txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver.txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll.txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia.txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet.txt
C:\Documents and Settings\Owner\Cookies\owner@atwola.txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick.txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager.txt
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda.txt
C:\Documents and Settings\Owner\Cookies\owner@exitexchange.txt
C:\Documents and Settings\Owner\Cookies\owner@aff.primaryads.txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet.txt

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Start
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000\Control#ActiveService

Trojan.NetMon/DNSChange
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Network Monitor
C:\WINDOWS\Prefetch\NETMON.EXE-132C1012.pf

Trojan.WinBo32/Enhance
HKLM\Software\System\sysold
HKLM\Software\System\sysold#troy44
HKU\S-1-5-21-4088652938-500482692-3009401583-1003\Software\System\sysuid

Adware.Web Buying
HKU\S-1-5-21-4088652938-500482692-3009401583-1003\Software\WebBuying

Trojan.TagASaurus
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SEARCHUS.EXE

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\CEMG555077.EXE
C:\WINDOWS\Q29YZXKGRWXSAXNVBG\KZ6VTR40LQUPURHSV0.VBS
C:\WINDOWS\SYSTEM32\MR9\GYREO83122.EXE
C:\WINDOWS\SYSTEM32\WAPIISV.EXE
C:\WINDOWS\TTC-4444.EXE
C:\WINDOWS\UNINSTALL_NMON.VBS
C:\WINDOWS\UNIST1.HTM
C:\WINDOWS\Prefetch\GYREO83122.EXE-0ACA0A19.pf

Trojan.Downloader-CommandDesktop
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\CMDINST.EXE

Adware.WINSHOW
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\WINSHOW.EXE

Adware.ClickSpring/Yazzle
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\YAZZLEBUNDLE-1549.EXE
C:\PROGRAM FILES\COMMON FILES\YAZZLE1549OINADMIN.EXE
C:\PROGRAM FILES\COMMON FILES\YAZZLE1549OINUNINSTALLER.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP115\A0011672.LNK

Trojan.Downloader-Gen/WinAble-Installer
C:\PROGRAM FILES\TEMPORARY\WININSTALL.EXE

Adware.WebBuying Assistant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP115\A0010641.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP115\A0011673.EXE

Trojan.Downloader-Gen/Installer
C:\WINDOWS\B122.EXE

Adware.AdHost/DR
C:\WINDOWS\DF87173.EXE

Trojan.Downloader-Gen/MROFIN
C:\WINDOWS\MROFINU1000106.EXE

Trojan.Downloader-Gen/TaLDrv
C:\WINDOWS\SYSTEM32\AJ2\BUMEBRPL5.EXE
C:\WINDOWS\Prefetch\BUMEBRPL5.EXE-17FF5A55.pf

Trojan.Downloader-Gen/BundleBase
C:\WINDOWS\SYSTEM32\ARDCO02\ARDCO021099.EXE
C:\WINDOWS\Prefetch\ARDCO021099.EXE-067DD753.pf

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\JMLLM.INI

Adware.Adservs
C:\WINDOWS\SYSTEM32\Z1\AROBLCIDR31Z.EXE
C:\WINDOWS\Prefetch\AROBLCIDR31Z.EXE-05EDA2FE.pf

Trojan.ZQuest-Installer
C:\WINDOWS\TK58.EXE

Unclassified.Unknown Origin/System
C:\WINDOWS\UNINST2.HTM

Adware.eZula
D:\WINDOWS\EZINSTALL.EXE

Trojan.NewDotNet
D:\WINDOWS\NDNUNINSTALL4_88.EXE
D:\WINDOWS\NDNUNINSTALL4_94.EXE
D:\WINDOWS\NDNUNINSTALL5_20.EXE

Adware.MyWay
D:\WINDOWS\SYSTEM32\XCITE.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ATC1K9SN\rd-fakeout2-720x300.gif
Back to Top
 

Aruji
New Member


Date Joined Aug 2007
Total Posts : 15
  		   Posted 12-31-2007 7:09 (GMT +1)    Quote: Lots of PopupsAlert an admin about: Lots of Popups
ComboFix 07-12-31.4 - Owner 2007-12-31 0:33:06.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.109 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\My Documents\SMBOLS~1
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ta_start.lnk
C:\Program Files\Spruce
C:\Program Files\Spruce\Spruce.dll
C:\Program Files\Spruce\Spruce.dll.intermediate.manifest
C:\Program Files\Spruce\Spruce.exe
C:\Program Files\Spruce\Spruce.info
C:\Program Files\Spruce\Spruce.original
C:\Program Files\Spruce\SpruceRg.dll
C:\Program Files\Spruce\un_SpruceSetup_17737.exe
C:\Program Files\Spruce\un_SpruceSetup_17737.txt
C:\Program Files\Spruce\X_Spruce.exe
C:\Program Files\Spruce\X_Spruce.log
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fCOe
C:\Temp\fCOe\tOasF.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\hg173.exe
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\mllmj.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\racle~1\?ystem\
C:\WINDOWS\system32\vglagqiw.dll
C:\WINDOWS\system32\wiqgalgv.ini
C:\WINDOWS\system32\z1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
.

2007-12-30 08:09 . 2007-12-30 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-30 07:55 . 2007-12-30 07:55 39,936 --a------ C:\WINDOWS\system32\cbxxxvt.dll.vir
2007-12-30 07:54 . 2007-12-30 07:54 <DIR> d-------- C:\WINDOWS\system32\pp1
2007-12-30 07:54 . 2007-12-30 15:30 <DIR> d-------- C:\WINDOWS\system32\mr9
2007-12-30 07:54 . 2007-12-30 08:19 <DIR> d-------- C:\WINDOWS\system32\cc9
2007-12-30 07:54 . 2007-12-30 15:30 <DIR> d-------- C:\WINDOWS\system32\ardCo02
2007-12-30 07:54 . 2007-12-30 15:30 <DIR> d-------- C:\WINDOWS\system32\aj2
2007-12-30 07:54 . 2007-12-30 07:55 <DIR> d-------- C:\Temp\cEeer12
2007-12-29 05:28 . 2007-12-29 05:28 784 --a------ C:\Documents and Settings\Owner\Application Data\mpauth.dat
2007-12-25 15:39 . 2007-12-25 15:39 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-12-25 06:30 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-12-25 03:33 . 2006-08-21 04:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-12-25 03:33 . 2006-08-21 04:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-12-25 03:33 . 2006-08-21 07:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-12-25 02:44 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-25 00:59 . 2007-02-28 04:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-12-25 00:59 . 2007-02-28 04:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-12-25 00:59 . 2007-02-28 03:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-12-25 00:59 . 2007-02-28 03:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-12-25 00:52 . 2007-10-29 17:43 1,287,680 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2007-12-24 23:30 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-24 23:30 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-24 23:30 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-24 23:21 . 2007-12-24 23:21 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-24 23:21 . 2007-12-24 23:23 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-24 23:03 . 2007-12-24 23:03 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-24 22:23 . 2004-08-20 15:50 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2007-12-24 12:46 . 2007-12-26 07:23 <DIR> d-------- C:\Documents and Settings\Owner\.limewire
2007-12-24 05:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-24 05:58 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-23 22:28 . 2007-12-23 22:28 <DIR> d-------- C:\WINDOWS\system32\custom matrices
2007-12-23 22:27 . 2007-12-23 22:27 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-23 22:27 . 2007-12-23 22:28 <DIR> d-------- C:\WINDOWS\system32\C2MP
2007-12-23 21:10 . 2003-06-18 16:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-12-23 15:17 . 2004-03-25 07:49 336,256 -ra------ C:\WINDOWS\system32\drivers\wind502u.sys
2007-12-23 15:12 . 2007-12-23 15:12 3,714 -rahs---- C:\WINDOWS\system32\drivers\HP_DM181A-ABA a305w_YUU_Pavi_QCNC344_E34NAheBLU2_4_IGlendale motherboard_STriGem Computer Inc._V_B3.24_T031014_WXH1_L409_M248_J40_7Intel_8Celeron_92.68_1_N10EC8139_P_Z11C1044C_K_A808624C5_U808624C2_G80862562.MRK
2007-12-23 15:08 . 2003-08-23 09:34 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2007-12-23 15:07 . 2007-12-23 15:07 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\.javaws
2007-12-23 15:07 . 2003-02-20 16:42 229,487 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2007-12-23 15:05 . 2004-08-03 22:14 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-12-23 15:05 . 2004-08-03 21:58 24,576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2007-12-23 15:04 . 2007-12-23 15:04 0 --a------ C:\WINDOWS\system32\iAlmcoin.dll
2007-12-23 15:02 . 2004-08-03 23:56 23,552 --a------ C:\WINDOWS\system32\wdmaud.drv
2007-12-23 14:56 . 2004-08-03 22:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-12-23 14:56 . 2001-08-17 17:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-12-23 14:56 . 2004-08-03 22:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-12-23 14:56 . 2004-08-03 22:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-12-23 14:44 . 2004-08-03 23:56 148,480 --------- C:\WINDOWS\system32\wscui.cpl
2007-12-23 14:44 . 2004-08-03 23:56 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-12-23 14:44 . 2004-08-03 23:56 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2007-12-23 14:44 . 2004-08-03 23:56 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-12-23 14:44 . 2004-08-03 23:56 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-12-23 14:44 . 2004-08-03 23:56 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-12-23 14:44 . 2004-08-03 23:56 13,824 --a--c--- C:\WINDOWS\system32\dllcache\wscntfy.exe
2007-12-23 14:42 . 2004-08-03 23:56 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-12-23 14:41 . 2004-08-03 23:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2007-12-23 14:40 . 2004-08-03 22:07 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-12-23 14:40 . 2004-08-03 22:07 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-12-23 14:40 . 2004-08-03 22:07 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-12-23 14:40 . 2004-08-03 23:56 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-12-23 14:40 . 2004-08-03 23:56 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-12-23 14:40 . 2004-08-03 23:56 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-12-23 14:40 . 2004-08-03 23:56 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-12-23 14:40 . 2004-08-03 23:56 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-12-23 14:40 . 2004-08-03 23:56 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-12-23 14:40 . 2004-08-03 23:56 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-12-23 14:15 . 2007-12-30 19:33 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-12-23 13:36 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-23 13:07 . 2007-03-08 10:36 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-12-23 13:07 . 2004-03-29 20:48 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2007-12-23 13:06 . 2004-08-03 23:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-12-23 13:06 . 2004-08-03 23:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-12-23 13:06 . 2004-08-03 23:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2007-12-23 13:04 . 2004-08-03 22:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-12-23 13:04 . 2004-08-03 22:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-12-23 12:56 . 2007-06-26 01:08 1,104,896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-12-23 12:55 . 2005-07-08 11:27 249,344 --a------ C:\WINDOWS\system32\tapisrv.dll
2007-12-23 12:55 . 2006-01-03 22:35 68,096 --a------ C:\WINDOWS\system32\webclnt.dll
2007-12-23 12:53 . 2005-07-25 23:39 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2007-12-23 12:53 . 2005-10-20 17:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-12-23 12:53 . 2007-07-09 08:09 584,192 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-12-23 12:53 . 2007-07-09 08:09 584,192 --a--c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-23 12:53 . 2005-07-25 23:39 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2007-12-23 12:53 . 2005-07-25 23:39 397,824 --a--c--- C:\WINDOWS\system32\dllcache\rpcss.dll
2007-12-23 12:53 . 2005-07-25 23:39 74,752 --a------ C:\WINDOWS\system32\olecli32.dll
2007-12-23 12:51 . 2007-10-25 22:36 8,454,656 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
2007-12-23 12:51 . 2004-08-03 23:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2007-12-23 12:51 . 2006-10-19 08:56 713,216 --a------ C:\WINDOWS\system32\sxs.dll
2007-12-23 12:51 . 2004-08-03 23:56 87,552 --a------ C:\WINDOWS\system32\fldrclnr.dll
2007-12-23 12:49 . 2005-08-22 22:35 123,392 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2007-12-23 12:49 . 2006-03-01 14:42 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-12-23 12:49 . 2006-03-01 14:42 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-12-23 12:49 . 2006-03-16 19:38 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2007-12-23 12:48 . 2004-08-03 23:56 101,888 --a------ C:\WINDOWS\system32\cscdll.dll
2007-12-23 12:47 . 2005-03-02 13:09 56,832 --a------ C:\WINDOWS\system32\authz.dll
2007-12-23 12:27 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-23 12:25 . 2007-12-23 12:25 <DIR> d-------- C:\WINDOWS\system32\bits
2007-12-23 11:32 . 2007-12-23 11:32 <DIR> d-------- C:\Program Files\MetaStream
2007-12-23 11:29 . 2004-08-03 23:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-12-23 11:29 . 2004-08-03 23:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-08-29 03:16 32 --sha-w C:\WINDOWS\{14B431FF-99E9-4C1E-8574-051F227CB5BD}.dat
2003-08-29 03:16 32 --sha-w C:\WINDOWS\system32\{C6B785D4-A2EC-4320-AADD-7778E174E81D}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4989E14F-6B4E-47A2-9F38-970559ED1BB0}]
C:\Program Files\WindowsUpdate\honewac4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db070f14-839b-4ef0-94b5-081ab91b1b94}]
C:\WINDOWS\system32\yywurvk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 23:25 24576]
"NVIEW"="nview.dll" [2003-05-03 01:19 835654 C:\WINDOWS\system32\nview.dll]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Dmv"="C:\Documents and Settings\Owner\My Documents\s?mbols\m?hta.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 09:23 90112]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-14 01:53 49152]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 05:03 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 10:01 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-08-23 09:14 151597]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 21:19 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 01:19 4640768]
"nwiz"="nwiz.exe" [2003-05-03 01:19 323584 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-11-15 04:29 54976]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-15 04:29 59072]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-17 20:13 118784]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 21:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
"troy44"="C:\WINDOWS\troy44.exe" [2007-12-19 17:05 212992]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 21:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 21:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 21:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-08-28 22:19:10]
Spruce - Auto Update.lnk - C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir [2007-12-30 08:00:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-06-13 06:08:16]
Motorola Wireless USB Adapter.lnk - C:\Program Files\Motorola Wireless\WU830G USB Adapter\Startup.EXE [2007-12-23 08:35:19]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-09-20 21:20:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

R3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;C:\WINDOWS\system32\DRIVERS\wind502u.sys [2004-03-25 07:49]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-30 07:23:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-31 06:01:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 00:46:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31 1:01:28 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 06:01:17
C:\qoobox\ComboFix2.txt 2007-10-28 08:56:00
C:\qoobox\ComboFix3.txt 2007-10-26 13:51:54
C:\qoobox\ComboFix4.txt 2007-10-26 11:49:55
.
2007-12-26 08:18:39 --- E O F ---

Combofix log. The pop ups aren't as bad but they still happen.
Back to Top
 

Aruji
New Member


Date Joined Aug 2007
Total Posts : 15
  		   Posted 1-1-2008 9:26 (GMT +1)    Quote: Lots of PopupsAlert an admin about: Lots of Popups
Logfile of HijackThis v1.99.1
Scan saved at 3:24:37 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\Creator\Remind_XP.exe
C:\WINDOWS\system32\igfxtray.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\troy44.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Motorola Wireless\WU830G USB Adapter\OdHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\My Documents\Virus stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/today/aimtoday.adp?type=2&product=9&platform=1&channel=283&build=3861&SN=CLONGCHJEMCDONGKHJEPDJNL&CC=BINOFCEK&PC=HCLEDICABB&segment=-1&UTC=1198426759<=1198408759&nlogin=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {4989E14F-6B4E-47A2-9F38-970559ED1BB0} - C:\Program Files\WindowsUpdate\honewac4444.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {db070f14-839b-4ef0-94b5-081ab91b1b94} - C:\WINDOWS\system32\yywurvk.dll (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [troy44] C:\WINDOWS\troy44.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dmv] "C:\Documents and Settings\Owner\My Documents\s?mbols\m?hta.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Startup: Spruce - Auto Update.lnk = C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Motorola Wireless USB Adapter.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198430471273
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

That's my latest hijackthis file. I've been just running a few of the programs from last time, finding some viruses and getting rid of them, and I wanted to show the latest one.
Back to Top
 

Aruji
New Member


Date Joined Aug 2007
Total Posts : 15
  		   Posted 1-3-2008 9:50 (GMT +1)    Quote: Lots of PopupsAlert an admin about: Lots of Popups
ComboFix 07-12-31.4 - Owner 2008-01-03 1:09:26.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-02 03:12 . 2008-01-02 08:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-01-02 02:56 . 2008-01-02 02:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-02 02:53 . 2008-01-02 03:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-30 08:09 . 2007-12-30 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-30 07:54 . 2008-01-02 15:16 <DIR> d-------- C:\WINDOWS\system32\pp1
2007-12-30 07:54 . 2007-12-30 15:30 <DIR> d-------- C:\WINDOWS\system32\mr9
2007-12-30 07:54 . 2007-12-30 08:19 <DIR> d-------- C:\WINDOWS\system32\cc9
2007-12-30 07:54 . 2007-12-30 15:30 <DIR> d-------- C:\WINDOWS\system32\ardCo02
2007-12-30 07:54 . 2007-12-30 15:30 <DIR> d-------- C:\WINDOWS\system32\aj2
2007-12-30 07:54 . 2007-12-30 07:55 <DIR> d-------- C:\Temp\cEeer12
2007-12-29 05:28 . 2007-12-31 06:25 784 --a------ C:\Documents and Settings\Owner\Application Data\mpauth.dat
2007-12-25 15:39 . 2007-12-25 15:39 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-12-25 06:30 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-12-25 03:33 . 2006-08-21 04:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-12-25 03:33 . 2006-08-21 04:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-12-25 03:33 . 2006-08-21 07:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-12-25 02:44 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-25 00:59 . 2007-02-28 04:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-12-25 00:59 . 2007-02-28 04:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-12-25 00:59 . 2007-02-28 03:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-12-25 00:59 . 2007-02-28 03:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-12-25 00:52 . 2007-10-29 17:43 1,287,680 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2007-12-24 23:30 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-24 23:30 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-24 23:30 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-24 23:21 . 2007-12-24 23:21 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-24 23:21 . 2007-12-24 23:23 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-24 23:03 . 2007-12-24 23:03 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-24 22:23 . 2004-08-20 15:50 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2007-12-24 12:46 . 2007-12-31 16:11 <DIR> d-------- C:\Documents and Settings\Owner\.limewire
2007-12-24 05:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-24 05:58 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-23 22:28 . 2007-12-23 22:28 <DIR> d-------- C:\WINDOWS\system32\custom matrices
2007-12-23 22:27 . 2007-12-23 22:27 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-23 22:27 . 2007-12-23 22:28 <DIR> d-------- C:\WINDOWS\system32\C2MP
2007-12-23 21:10 . 2003-06-18 16:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-12-23 15:17 . 2004-03-25 07:49 336,256 -ra------ C:\WINDOWS\system32\drivers\wind502u.sys
2007-12-23 15:12 . 2007-12-23 15:12 3,714 -rahs---- C:\WINDOWS\system32\drivers\HP_DM181A-ABA a305w_YUU_Pavi_QCNC344_E34NAheBLU2_4_IGlendale motherboard_STriGem Computer Inc._V_B3.24_T031014_WXH1_L409_M248_J40_7Intel_8Celeron_92.68_1_N10EC8139_P_Z11C1044C_K_A808624C5_U808624C2_G80862562.MRK
2007-12-23 15:08 . 2003-08-23 09:34 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2007-12-23 15:07 . 2007-12-23 15:07 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\.javaws
2007-12-23 15:07 . 2003-02-20 16:42 229,487 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2007-12-23 15:05 . 2004-08-03 22:14 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-12-23 15:05 . 2004-08-03 21:58 24,576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2007-12-23 15:04 . 2007-12-23 15:04 0 --a------ C:\WINDOWS\system32\iAlmcoin.dll
2007-12-23 15:02 . 2004-08-03 23:56 23,552 --a------ C:\WINDOWS\system32\wdmaud.drv
2007-12-23 15:02 . 2004-08-03 23:56 23,552 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.drv
2007-12-23 14:56 . 2004-08-03 22:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-12-23 14:56 . 2001-08-17 17:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-12-23 14:56 . 2004-08-03 22:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-12-23 14:56 . 2004-08-03 22:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-12-23 14:44 . 2004-08-03 23:56 148,480 --------- C:\WINDOWS\system32\wscui.cpl
2007-12-23 14:44 . 2004-08-03 23:56 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-12-23 14:44 . 2004-08-03 23:56 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2007-12-23 14:44 . 2004-08-03 23:56 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-12-23 14:44 . 2004-08-03 23:56 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-12-23 14:44 . 2004-08-03 23:56 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-12-23 14:44 . 2004-08-03 23:56 13,824 --a--c--- C:\WINDOWS\system32\dllcache\wscntfy.exe
2007-12-23 14:42 . 2004-08-03 23:56 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-12-23 14:41 . 2004-08-03 23:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2007-12-23 14:40 . 2004-08-03 22:07 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-12-23 14:40 . 2004-08-03 22:07 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-12-23 14:40 . 2004-08-03 22:07 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-12-23 14:40 . 2004-08-03 23:56 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-12-23 14:40 . 2004-08-03 23:56 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-12-23 14:40 . 2004-08-03 23:56 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-12-23 14:40 . 2004-08-03 23:56 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-12-23 14:40 . 2004-08-03 23:56 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-12-23 14:40 . 2004-08-03 23:56 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-12-23 14:40 . 2004-08-03 23:56 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-12-23 14:15 . 2008-01-03 01:21 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-12-23 13:36 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-23 13:07 . 2007-03-08 10:36 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-12-23 13:07 . 2004-03-29 20:48 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2007-12-23 13:06 . 2004-08-03 23:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-12-23 13:06 . 2004-08-03 23:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-12-23 13:06 . 2004-08-03 23:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2007-12-23 13:04 . 2004-08-03 22:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-12-23 13:04 . 2004-08-03 22:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-12-23 12:56 . 2007-06-26 01:08 1,104,896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-12-23 12:55 . 2005-07-08 11:27 249,344 --a------ C:\WINDOWS\system32\tapisrv.dll
2007-12-23 12:55 . 2006-01-03 22:35 68,096 --a------ C:\WINDOWS\system32\webclnt.dll
2007-12-23 12:53 . 2005-07-25 23:39 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2007-12-23 12:53 . 2005-07-25 23:39 1,285,120 --a--c--- C:\WINDOWS\system32\dllcache\ole32.dll
2007-12-23 12:53 . 2005-10-20 17:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-12-23 12:53 . 2007-07-09 08:09 584,192 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-12-23 12:53 . 2007-07-09 08:09 584,192 --a--c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-23 12:53 . 2005-07-25 23:39 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2007-12-23 12:53 . 2005-07-25 23:39 397,824 --a--c--- C:\WINDOWS\system32\dllcache\rpcss.dll
2007-12-23 12:53 . 2005-07-25 23:39 74,752 --a------ C:\WINDOWS\system32\olecli32.dll
2007-12-23 12:51 . 2007-10-25 22:36 8,454,656 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
2007-12-23 12:51 . 2004-08-03 23:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2007-12-23 12:51 . 2006-10-19 08:56 713,216 --a------ C:\WINDOWS\system32\sxs.dll
2007-12-23 12:51 . 2006-10-19 08:56 713,216 --a--c--- C:\WINDOWS\system32\dllcache\sxs.dll
2007-12-23 12:51 . 2004-08-03 23:56 87,552 --a------ C:\WINDOWS\system32\fldrclnr.dll
2007-12-23 12:49 . 2005-08-22 22:35 123,392 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2007-12-23 12:49 . 2006-03-01 14:42 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-12-23 12:49 . 2006-03-01 14:42 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-12-23 12:49 . 2006-03-16 19:38 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2007-12-23 12:48 . 2004-08-03 23:56 101,888 --a------ C:\WINDOWS\system32\cscdll.dll
2007-12-23 12:47 . 2005-03-02 13:09 56,832 --a------ C:\WINDOWS\system32\authz.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-08-29 03:16 32 --sha-w C:\WINDOWS\{14B431FF-99E9-4C1E-8574-051F227CB5BD}.dat
2003-08-29 03:16 32 --sha-w C:\WINDOWS\system32\{C6B785D4-A2EC-4320-AADD-7778E174E81D}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4989E14F-6B4E-47A2-9F38-970559ED1BB0}]
C:\Program Files\WindowsUpdate\honewac4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db070f14-839b-4ef0-94b5-081ab91b1b94}]
C:\WINDOWS\system32\yywurvk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 23:25 24576]
"NVIEW"="nview.dll" [2003-05-03 01:19 835654 C:\WINDOWS\system32\nview.dll]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Dmv"="C:\Documents and Settings\Owner\My Documents\s?mbols\m?hta.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 09:23 90112]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-14 01:53 49152]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 05:03 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 10:01 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-08-23 09:14 151597]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 21:19 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 01:19 4640768]
"nwiz"="nwiz.exe" [2003-05-03 01:19 323584 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-11-15 04:29 54976]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-15 04:29 59072]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 21:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
"troy44"="C:\WINDOWS\troy44.exe" [2007-12-19 17:05 212992]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-02 02:54 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-02 02:54 219136]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 21:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 21:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 21:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-08-28 22:19:10]
Spruce - Auto Update.lnk - C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir [2007-12-30 08:00:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-06-13 06:08:16]
Motorola Wireless USB Adapter.lnk - C:\Program Files\Motorola Wireless\WU830G USB Adapter\Startup.EXE [2007-12-23 08:35:19]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-09-20 21:20:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;C:\WINDOWS\system32\DRIVERS\wind502u.sys [2004-03-25 07:49]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 06:29:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-03 06:46:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 01:27:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 1:49:57 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-03 06:49:46
C:\qoobox\ComboFix2.txt 2007-12-31 06:01:29
C:\qoobox\ComboFix3.txt 2007-10-28 08:56:00
C:\qoobox\ComboFix4.txt 2007-10-26 13:51:54
C:\qoobox\ComboFix5.txt 2007-10-26 11:49:55
.
2007-12-26 08:18:39 --- E O F ---

Results from a recent Combo Fix run. Pop ups still happening.
Back to Top
 
New Topic Post reply to : Lots of Popups Printable version of : Lots of Popups
 
Forum Information
Currently it is Saturday, January 10, 2009 12:46 AM (GMT +1)
There are a total of 66.010 posts in 16.187 threads.
In the last 3 days there were 18 new threads and 109 reply posts. View Active Threads
Who's Online
This forum has 27804 registered members. Please welcome our newest member, revmrf.
47 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Getting taken by multiple bad guys (9)09-01-2009 23:28:11 (Derrack)
Windows antivirus 2009 (4)09-01-2009 22:25:35 (castleclan)
Google redirect virus help (6)09-01-2009 20:36:39 (phinfan)
Connection to server timeout (0)09-01-2009 20:35:36 (revmrf)
Hijackthis (2)09-01-2009 19:41:14 (fingers101)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard