Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Fixed] Pop ups...

[Fixed] Hijackthis! Logs - [Fixed] Pop ups... posted in the Security & Safety forums; You may want to print these out. please close all other applications, start hjt again, click 'perform system scan only', place a tick next to the following and click 'fix ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 2 of 4 < 1 2 3 4 >
  #8  
Old 11-26-2007
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,627
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Pop ups...
You may want to print these out. please close all other applications, start hjt again, click 'perform system scan only', place a tick next to the following and click 'fix checked'
O2 - BHO: (no name) - {C8051AD0-37A6-4C0D-AD25-7A57BA2162B1} - (no file)
O2 - BHO: (no name) - {D4388A41-8B2B-43BB-A836-AE5A0DE599F9} - (no file)
O15 - Trusted Zone: *.adxgate.net (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.snipenet.net (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:
C:\WINDOWS\system32\jcraosbx.dll
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #9  
Old 11-26-2007
Dumb Guy's Avatar
Bronze Member
  
Join Date: Nov 2007
Posts: 97
PC Experience: Beginner
Dumb Guy - See this Members User comments on their Profile page
Default Re: Pop ups...
Thank you so much, valis! I really appreciate your help.

I tried to do everything you instructed. The only possible anomolies were that I didn't have a 'perform system scan only' option on my HJT program, at least not that I noticed. I only had a "scan" option (I poked around and looked for a 'perform system scan only' option).

Additionally, when I attempted to drag CFScript.txt to ComboFix, I envisioned the CFScript.txt document would "disappear" into the Combofix program, like when you drag a word document into a folder... It didn't. Instead it just started Combofix, which I ran as instructed:

ComboFix log 11-26-07

ComboFix 07-11-19.3 - HP_Owner 2007-11-26 8:35:06.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.161 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))))
.
2007-11-25 00:27 9,472 --a------ C:\WINDOWS\system32\drivers\SnopFree.sys
2007-11-23 17:30 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-11-23 17:30 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-23 17:30 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-23 17:30 10,652 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-23 17:30 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-23 11:18 83,520 --a------ C:\WINDOWS\system32\jcraosbx.dll
2007-11-22 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-22 11:22 79,936 --a------ C:\WINDOWS\system32\cjnybhll.dll
2007-11-22 07:04 1,024 --a------ C:\WINDOWS\system32\drivers\3E42C2F4-D5ED-47D5-92AC-9DD5A66FE46B.cxv
2007-11-22 06:59 <DIR> d-------- C:\Program Files\STOPzilla!
2007-11-22 06:59 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-11-22 06:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-07 18:09 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\DivX
2007-11-07 17:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-11-07 17:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-07 17:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-02 07:12 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-02 07:07 4 -rahs---- C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
2007-11-02 07:06 <DIR> d-------- C:\Program Files\plasq
2007-11-02 07:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-01 19:57 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Move Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-26 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-25 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-25 13:07 --------- d-----w C:\Program Files\SwiftView
2007-11-25 12:14 90,112 ----a-w C:\WINDOWS\system32\SnoopFreeSvc.exe
2007-11-25 12:14 45,056 ----a-w C:\WINDOWS\SnoopFreeDll.dll
2007-11-25 12:14 221,184 ----a-w C:\WINDOWS\SnoopFreeUI.exe
2007-11-25 02:04 --------- d-----w C:\Program Files\Easy MP3 Cutter
2007-11-24 13:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-23 23:00 --------- d-----w C:\Program Files\Symantec
2007-11-23 22:35 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-23 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-23 19:49 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\SiteAdvisor
2007-11-22 14:35 --------- d-----w C:\Program Files\Whale Communications
2007-11-22 00:39 --------- d-----w C:\Program Files\Apple Software Update
2007-11-21 15:18 80,960 ----a-w C:\WINDOWS\system32\svnfiyvv.dll
2007-11-20 17:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 22:52 --------- d-----w C:\Program Files\DivX
2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 43,528 -c----w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:02 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-11 16:51 --------- d-----w C:\Program Files\PAS-Products
2007-10-08 13:17 --------- d-----w C:\Program Files\Google
2007-08-29 19:18 577,928 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-14 10:04 82 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-04-20 19:47 1,372,070 --sha-w C:\WINDOWS\system32\ihkmp.bak1
2007-04-28 02:46 1,384,907 --sha-w C:\WINDOWS\system32\ihkmp.bak2
2007-04-28 19:58 1,379,818 --sha-w C:\WINDOWS\system32\ihkmp.ini2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{081c6800-b4d1-4093-b443-4c42babc3118}]
2007-11-23 11:18 83520 --a------ C:\WINDOWS\system32\jcraosbx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-11-23 17:33 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 15:48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-16 19:25]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2005-02-16 19:03]
"SoundMan"="SOUNDMAN.EXE" [2005-04-06 17:57 C:\WINDOWS\SOUNDMAN.EXE]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 21:23]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 15:43]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 16:17]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwat cher.exe" [2004-10-14 16:54]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 14:02]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 11:04]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 10:59]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 19:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-06 17:53 C:\WINDOWS\ALCWZRD.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 10:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 10:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 23:53]
"SnoopFreeUI"="SnoopFreeUI.exe" [2007-11-25 07:14 C:\WINDOWS\SnoopFreeUI.exe]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM. sys
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys
S3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 22:36:57 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job"
- C:\Program Files\Norton AntiVirus\Navw32.exe
.
************************************************** ************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 08:37:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-11-26 8:38:31
C:\ComboFix2.txt ... 2007-11-24 10:48
.
--- E O F ---

HiJackThis log 11-26-07

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:39:57 AM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {8113cbab-24c4-344b-3904-1d4b0086c180} - {081c6800-b4d1-4093-b443-4c42babc3118} - C:\WINDOWS\system32\jcraosbx.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2CFB52FD-7CF2-479C-BF65-B27F8A834F31} (SecureSession Class) - http://www.samsungtechwin.com/includ...ecuiTechIE.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/act...a/nprdtinf.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129999347750
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - Cell Phones, Cell Phone Plans, Cell Phone Accessories - Verizon Wireless
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SnoopFree Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11135 bytes

THANK YOU SO MUCH!
  #10  
Old 11-26-2007
Dumb Guy's Avatar
Bronze Member
  
Join Date: Nov 2007
Posts: 97
PC Experience: Beginner
Dumb Guy - See this Members User comments on their Profile page
Default Re: Pop ups...
Also - if you have time to comment on this - I noticed in my add/remove programs a program called 'PS2'. There is no information associated with this entry (i.e. when highlighted, it provides no info re: product support, frequency of use, when installed, etc...). I am a little suspicious of this program since on the list of malware on this board, and at majorgeeks.com from the link provided here in another thread, I see malware called PSGuard. Should I uninstall this?
  #11  
Old 11-26-2007
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,627
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Pop ups...
that ps2 is usually associated with certain multimedia keyboards, I think HP. If you are using one of those, keep it, if you have in the past but don't know, you can lose it, but it's nothing to worry about.

Please download VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please attach C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #12  
Old 11-27-2007
Dumb Guy's Avatar
Bronze Member
  
Join Date: Nov 2007
Posts: 97
PC Experience: Beginner
Dumb Guy - See this Members User comments on their Profile page
Default Re: Pop ups...
Hmm...this is the same Virus I had in June '07. I already have VundoFix.Exe 6.5.0.0 installed and I had run it prior to posting in your thread (I will follow your link to make sure I have the most recent installments or update). Could the problem be, and I apologize: I just got around today to reading that I should turn off my system restore while following your instructions. I did this only today. Perhaps the virus is located on my back up drive?

btw...your description regarding the ps2 is quite accurate - in fact, I do use an HP keyboard.

Since you are not requesting that I upload another log, I infer that the Vundo scan will take care of my problem. This time, I will run it with my system backup turned off. Thank you sincerely for your help. You do excellent work.

EDIT: For some reason, the link you provided to Vundo did not work for me. It turns out that the version I have is 6.5.0. I turned off my Norton protections and ran VundoFix. No infection found. No restart. I will run it again, although I have turned Norton back on.

Norton provided me what looks like a significant update earlier today and just after I ran VundoFix, unprompted, it commenced a full system scan. I stopped it to post my results here, but as I am leaving for a bit, I will run it. I wonder if I should turn system backup back on. I am not doing any significant work that can't be saved on a disk in the next day or so since the machine must have recently updated, I will keep it off until you instruct otherwise. Thanks again for all your attention.

Jeff (dumb guy)


Last edited by Dumb Guy; 11-27-2007 at 02:20 AM. Reason: want to get it right without post-hogging
  #13  
Old 11-27-2007
Dumb Guy's Avatar
Bronze Member
  
Join Date: Nov 2007
Posts: 97
PC Experience: Beginner
Dumb Guy - See this Members User comments on their Profile page
Default Re: Pop ups...
Correction: the version of VundoFix I have is 6.6.0.2. It found no infection upon several scans.
  #14  
Old 11-27-2007
MadGamer's Avatar
Elite Member
My PC
 
Join Date: May 2004
Location: UK
Posts: 2,312
PC Experience: Experienced
MadGamer - See this Members User comments on their Profile page MadGamer - See this Members User comments on their Profile page MadGamer - See this Members User comments on their Profile page MadGamer - See this Members User comments on their Profile page MadGamer - See this Members User comments on their Profile page MadGamer - See this Members User comments on their Profile page
Default Re: Pop ups...
You may also want to update to the latest version of HiJackThis as version 2.00 was a BETA (testing version). The latest is v2.0.2.



Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 2 of 4 < 1 2 3 4 >

Bookmarks

« no internet/ virus | [Fixed] Help needed ASAP »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top
All times are GMT +1. The time now is 05:15 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top