Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Fixed] infamous pop-up "security" problem

[Fixed] Hijackthis! Logs - [Fixed] infamous pop-up "security" problem posted in the Security & Safety forums; Hi - I followed the pre-work sticky instructions before posting this. I have an infection of several pop-ups all under the guise of being windows security alerts. Running AVG and ...

JOIN US NOW to remove these Ads

pc help forum number one in the search engines
Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 01-09-2008
mwinnc's Avatar
Bronze Member
  
Join Date: Jan 2008
Posts: 5
PC Experience: Very Experienced
mwinnc - See this Members User comments on their Profile page
Default [Fixed] infamous pop-up "security" problem
Hi - I followed the pre-work sticky instructions before posting this. I have an infection of several pop-ups all under the guise of being windows security alerts. Running AVG and SuperAV seems to have helped. SAV reports that my IE home page is constantly being changed to: //softwarereferral.comjump.php?wmid=6010mid=MjIO60jg 5lid=2 I also get a separate spyware alert that always puts a blinking red 'X' in the tool bar. Both alerts want to open a web page through IE and take me to a site called: safenavweb.com which promises to clean me up! Another symptom is that I can only print one document from an app and then my printer errors saying there is no paper! If I disconnect the LPT cable and then cycle the printer I can then print one more time and it all happens again. one note: when I ran AVG I had it set to make a report but it did not. I followed through with the quarantine. I then ran a second scan and this time it did file a report .... but the results of the scan are that no new items were found. I do have the quarantine files if they are a help to you? I did attach the Hijack and SAV logs to this post.

thanks so much!
Attached Files
File Type: log SUPERAntiSpyware Scan Log - 01-08-2008 - 21-36-33.log (3.5 KB, 2 views)
File Type: log hijackthis .log (11.6 KB, 1 views)


  #2  
Old 01-09-2008
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,570
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: infamous pop-up "security" problem
hello mwinnc, and welcome to the forums....always good to have another yankee on here....

You may want to print these out. please close all other applications, start hjt again, click 'perform system scan only', place a tick next to the following and click 'fix checked'

 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UltimateCleaner 2007
O3 - Toolbar: The epxonwo - {D94D49D7-31D6-42E1-A5FE-438C7BFD6498} - C:\DOCUME~1\mward\LOCALS~1\Temp\ac8zt2\epxonwo.dll (file missing)
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://asp2.centra.com/SiteRoots/mai...Downloader.cab
O21 - SSODL: asvdnmo - {C21ECD09-132E-4A58-9F86-82534A6F9A6E} - C:\WINNT\asvdnmo.dll
O21 - SSODL: bgntlvo - {B4BC9E2C-4FD0-4260-8889-C58A1C601165} - C:\WINNT\bgntlvo.dll

Next, boot into safe mode, navigate to and delete the below files:

C:\WINNT\bgntlvo.dll
C:\WINNT\asvdnmo.dll

Finally, Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #3  
Old 01-09-2008
mwinnc's Avatar
Bronze Member
  
Join Date: Jan 2008
Posts: 5
PC Experience: Very Experienced
mwinnc - See this Members User comments on their Profile page
Default Re: infamous pop-up "security" problem
well ..... do mean USA-Yankee or north of the Mason-Dixon line Yankee?

I did as you suggested and I went backwards a bit. I completely lost my internet connection capability. I'm now on a different PC to enter this .... and it won't give me an active file-attach capability so I'm forced to do a copy/paste.

1st error: pop3trap: Unable to establish a socket for TCP port 110 used by email scan to listen for incoming connection requests. Email scan is not available

2nd error: Mobile Device Properties: The TCP/IP network transport is not installed



(I also KEPT the suggestion to axe the O16 ... asp2.centra.com entry. Centra is our web training provider. If you think it should go I'll boot it, but I just assumed you didn't recognize it?)

I'll be waiting for your help as I'm now dead in the water on my main machine.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:39 PM, on 1/9/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\TEMP\DN9843.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\XIMETA\NetDisk\Admin.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\MWSnap\MWSnap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146249107\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetDisk Administrator.lnk = C:\Program Files\XIMETA\NetDisk\Admin.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://hqmonitor:4343/officescan/co...l/WinNTChk.cab
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://asp2.centra.com/SiteRoots/mai...aUpdaterAx.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://hqmonitor:4343/officescan/co...l/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://hqmonitor:4343/officescan/co...tall/setup.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://hqmonitor:4343/officescan/co...RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1124301468998
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124301451874
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://asp2.centra.com/SiteRoots/mai...Downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://D:\AUTORUN\Flash\swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C196650-A37D-41FD-83FA-406A805376A3}: Domain = latticesemi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6592FEFD-69B3-471E-9C30-8967B8706D1D}: Domain = latticesemi.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = latticesemi.com,latticesemi.com,latticesemi.com,la tticesemi.com,latticesemi.com,latticesemi.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C196650-A37D-41FD-83FA-406A805376A3}: Domain = latticesemi.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = latticesemi.com,latticesemi.com,latticesemi.com,la tticesemi.com,latticesemi.com,latticesemi.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C196650-A37D-41FD-83FA-406A805376A3}: Domain = latticesemi.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = latticesemi.com,latticesemi.com,latticesemi.com,la tticesemi.com,latticesemi.com,latticesemi.com
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LANSCSI Helper Service (LanScsiHelper) - XIMETA, Inc. - C:\Program Files\XIMETA\NetDisk\LDServ.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINNT\system32\snmptrap.exe (file missing)
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11224 bytes


ComboFix 08-01-09.2 - mward 01/09/2008 13:12:11.1 - NTFSx86 MINIMAL
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.400 [GMT -5:00]
Running from: C:\Temp\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\dat.txt
C:\WINNT\rs.txt
C:\WINNT\system32\drivers\fad.sys

.
((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.

2008-01-09 13:12 . 01/09/08 01:12p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_1d4.dat
2008-01-09 13:11 . 08/31/00 08:00a 51,200 --a------ C:\WINNT\NirCmd.exe
2008-01-09 12:56 . 01/09/08 12:56p 1,495,667 --a------ C:\Temp\ComboFix.exe
2008-01-09 08:36 . 01/09/08 01:02p 1,196,524 ---h----- C:\WINNT\ShellIconCache
2008-01-09 08:35 . 01/09/08 08:35a 118 --a------ C:\WINNT\system32\MRT.INI
2008-01-09 08:28 . 01/09/08 08:28a 1,383 --a------ C:\WINNT\imsins.BAK
2008-01-08 22:07 . 01/08/08 10:07p <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-08 19:20 . 01/08/08 07:20p <DIR> d-------- C:\Program Files\Yahoo!
2008-01-08 19:20 . 01/08/08 07:20p <DIR> d-------- C:\Program Files\CCleaner
2008-01-08 19:16 . 01/09/08 11:01a <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-08 19:16 . 01/08/08 07:16p <DIR> d-------- C:\Documents and Settings\mward\Application Data\SUPERAntiSpyware.com
2008-01-08 19:16 . 01/08/08 07:16p <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-08 15:05 . 01/08/08 03:05p 2,724,328 --a------ C:\Temp\ccsetup203.exe
2008-01-08 15:03 . 01/08/08 03:03p 5,914,648 --a------ C:\Temp\SUPERAntiSpyware.exe
2008-01-08 11:06 . 01/08/08 11:06a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_a4c.dat
2008-01-08 10:53 . 01/08/08 10:53a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_924.dat
2008-01-08 10:48 . 01/08/08 10:48a <DIR> d-------- C:\Documents and Settings\mward\Application Data\Grisoft
2008-01-08 10:47 . 01/08/08 10:47a <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-08 10:47 . 05/30/07 07:10a 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2008-01-08 10:44 . 01/08/08 10:44a <DIR> d-------- C:\Program Files\Lavasoft
2008-01-08 10:44 . 01/08/08 10:44a <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-08 10:43 . 01/08/08 10:43a <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 10:40 . 01/08/08 10:43a 14,113,576 --a------ C:\Temp\avgas-setup-7.5.1.43-3339.exe
2008-01-08 10:39 . 01/08/08 10:42a 21,216,112 --a------ C:\Temp\aaw2007.exe
2008-01-08 08:39 . 09/24/07 11:31p 69,632 --a------ C:\WINNT\system32\javacpl.cpl
2008-01-08 08:37 . 01/08/08 08:37a <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-08 08:06 . 01/08/08 08:06a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_b04.dat
2008-01-08 07:40 . 01/08/08 07:44a <DIR> d-------- C:\Documents and Settings\mward\.SunDownloadManager
2008-01-08 07:18 . 01/08/08 07:18a 812,344 --a------ C:\Temp\HJTInstall.exe
2008-01-07 10:15 . 01/07/08 10:15a <DIR> d-------- C:\Program Files\MediaStarCodec
2008-01-07 10:15 . 01/07/08 05:46a 90,112 --a------ C:\WINNT\fqwmwdn.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-08 13:39 --------- d-----w C:\Program Files\Java
2008-01-08 12:19 --------- d-----w C:\Program Files\Trend Micro
2007-11-14 20:59 --------- d-----w C:\Program Files\RAR Password Cracker
2007-11-03 00:47 15,666 ----a-w C:\initemp.dat
2007-10-31 07:17 230,912 ----a-w C:\WINNT\system32\wmasf.dll
2007-10-28 01:20 1,222,656 ----a-w C:\WINNT\system32\quartz.dll
2007-10-16 11:34 513,808 ----a-w C:\WINNT\system32\LSASRV.DLL
2007-02-23 01:08 925,696 ----a-w C:\Program Files\GSpot.exe
2007-02-19 20:28 117,974 ----a-r C:\Program Files\GSpot27.dat
2005-01-05 19:57 271 ---h--w C:\Program Files\desktop.ini
2005-01-05 19:57 21,952 ---h--w C:\Program Files\folder.htt
2003-06-20 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [02/03/04 04:42p 401491]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/07 02:06p 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/20/03 07:00a 111376 C:\WINNT\system32\mobsync.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [08/21/04 09:04p 155648]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/01/04 12:10a 339968]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [08/04/03 05:28p 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/03 08:38a 241664]
"NeroCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 01:50p 155648]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [02/07/06 06:16p 356352]
"HostManager"="C:\Program Files\Common Files\AOL\1146249107\ee\AOLSoftware.exe" [04/20/06 12:10p 50792]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/17/07 06:26a 1831936]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [07/22/05 09:46p 401408]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [07/22/05 09:47p 385024]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/17/06 05:41p 282624]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/06 11:59a 124520]
"CreateCD50"="C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [12/17/02 01:14p 131157]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/02 12:28p 684032]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [09/09/06 04:16a 196608]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/02 09:32p 53248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/07 01:11a 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/07 04:25a 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/20/03 07:00a 186640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2005-01-06 03:58:09]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]
NetDisk Administrator.lnk - C:\Program Files\XIMETA\NetDisk\Admin.exe [2004-04-30 09:55:26]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-01-06 03:46:01]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/06 01:55p 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/07 01:41p 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/22/05 09:46p 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL

R0 lpx;LPX Protocol;C:\WINNT\system32\DRIVERS\lpx.sys [04/30/04 09:54a]
R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM 1.SYS [05/27/00 03:37a]
R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys [12/17/02 12:29p]
R1 LfsFilt;Lean File Sharing;C:\WINNT\system32\drivers\LfsFilt.sys [04/30/04 09:54a]
R3 lanscsibus;LANSCSI Bus Driver for NetDisk;C:\WINNT\system32\DRIVERS\lanscsibus.sys [04/30/04 09:54a]
R3 usbhub20;USB Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [01/16/04 10:06p]
S1 PacJtag;PacJtag;C:\WINNT\system32\DRIVERS\pacjtag. sys []
S2 ispDev;ispDev;C:\WINNT\system32\drivers\isp.sys [08/19/04 04:13p]
S2 LanScsiHelper;LANSCSI Helper Service;C:\Program Files\XIMETA\NetDisk\LDServ.exe [04/30/04 09:56a]
S2 MLPTDR_Q;MLPTDR_Q;C:\WINNT\system32\MLPTDR_Q.sys [07/22/03 02:44a]
S3 CW10;%CW10.Service.DispName%;C:\WINNT\system32\DRI VERS\CW10.sys [02/14/01 10:51p]
S3 IWCA2K;Intel Wireless Connection Agent Miniport for Win 2K;C:\WINNT\system32\DRIVERS\iwca2k.sys [08/12/04 07:43a]
S3 lanscsiminiport;LANSCSI Miniport Driver for NetDisk;C:\WINNT\system32\DRIVERS\lanscsiminiport. sys [04/30/04 09:54a]
S3 lgatbus;LG USB Composite Device driver (WDM);C:\WINNT\system32\DRIVERS\lgatbus.sys [10/15/02 02:03p]
S3 lgatmdm;LG CDMA USB Modem Drivers;C:\WINNT\system32\DRIVERS\lgatmdm.sys [10/15/02 02:05p]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);C:\WINNT\system32\DRIVERS\lgatserd.sys [10/15/02 02:07p]
S3 ndcprtns;NDC Network Agent;C:\WINNT\system32\drivers\ndcprtns.sys []
S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINNT\system32\DRIVERS\ozscr.sys [10/25/04 05:19p]
S3 w29n50;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows 2000;C:\WINNT\system32\DRIVERS\w29n50.sys [07/19/05 08:16p]

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 13:19:05
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 01/09/2008 13:20:34
ComboFix-quarantined-files.txt 2008-01-09 18:20:09
.
2008-01-09 13:35:11 --- E O F ---
  #4  
Old 01-09-2008
mwinnc's Avatar
Bronze Member
  
Join Date: Jan 2008
Posts: 5
PC Experience: Very Experienced
mwinnc - See this Members User comments on their Profile page
Default Re: infamous pop-up "security" problem
I was able to reinstall the winsock services so I'm beyond the connection issue.

Now, if you have any comment on the logs - but I am currently operating with no more pesky pop-ups (for the moment). Hopefully the three separate packages have successfully quarantined the necessary offenders and I'm good to go?????
  #5  
Old 01-10-2008
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,570
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: infamous pop-up "security" problem
the O16 is just activex, I'd seen it removed before; they are 'essentially' harmless, but malicious sites can inject bad code through them. If you know and trust the site, no big.

Before we go making any more assumptions, is this your ISP?

Domain = latticesemi.com

thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #6  
Old 01-10-2008
mwinnc's Avatar
Bronze Member
  
Join Date: Jan 2008
Posts: 5
PC Experience: Very Experienced
mwinnc - See this Members User comments on their Profile page
Default Re: infamous pop-up "security" problem
yes ... latticesemi.com is my company web and email domain

Reply
New! Norton Internet Security 2008 – Download Now Click Here
Page 1 of 2 1 2 >

Bookmarks

« [Fixed] kernelfault check posted 2 days ago | My HJT log »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Fixed] Problem with: mswinup.exe | winsvcup.exe | winupsvc.exe Irmaxx [Fixed] Hijackthis! Logs 10 09-20-2006 02:55 AM
[Fixed] Geforce 6600gt display problem Zom-B Graphics 13 02-11-2006 07:22 PM
[Fixed] Icon Lnk problem French connection Windows 95, 98 & ME 35 11-15-2005 10:42 AM
[Fixed] Bit of a problem with IDE cables biggie CD/DVD Rom 7 09-07-2004 10:52 AM
[Fixed] Win XP Logon Problem Mugalai Windows XP/2000 13 07-11-2004 08:55 PM

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 11:33 PM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top