Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » help!!!!! pop ups wont stop

[Fixed] Hijackthis! Logs - help!!!!! pop ups wont stop posted in the Security & Safety forums; I hope I did this correctly. I ran hijack this and this is what I got. Ihave tried norton, mcafee and ad-aware and nothing seems to be able to get ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 01-22-2008
Bronze Member
My PC
 
Join Date: Jan 2008
Posts: 9
PC Experience: Some Experience
stephens23 - See this Members User comments on their Profile page
Default help!!!!! pop ups wont stop
I hope I did this correctly. I ran hijack this and this is what I got. Ihave tried norton, mcafee and ad-aware and nothing seems to be able to get rid of these darn purity scan, Drive Cleaner etc etc pop- ups. I had vundo at one time but I think I got rid of it. My Vundo removal programs no longer detect it at least. Now I think I have something called Isearch-adware? Please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:03 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Kyle.DB4XPK81\Desktop\H.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 5942 bytes
  #2  
Old 01-23-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,087
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: help!!!!! pop ups wont stop
Download SDFix from here and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum.

=========================================

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: A guide and tutorial on using ComboFix
Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Caution...Never run and remove files using ComboFix without being supervised by a security analyst.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 01-23-2008
Bronze Member
My PC
 
Join Date: Jan 2008
Posts: 9
PC Experience: Some Experience
stephens23 - See this Members User comments on their Profile page
Default Re: help!!!!! pop ups wont stop
here is the report after I ran the program " run this" as well as another high jack this log. This did not fix thre problem. I got 5 popups in the 30 secs it took me to type this. I also ran the combo fix


SDFix: Version 1.130
Run by Kyle on Wed 01/23/2008 at 12:59 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...

Normal Mode:
Checking Files:
Trojan Files Found:
C:\PROGRA~1\COMPLU~1\LAWUGEX - Deleted

Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Temp\tn3 - Removed

Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.


Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 01:24:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sat 20 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 27 Feb 2007 146,432 ..SHR --- "C:\Program Files\Sprint music manager\Setup.exe"
Thu 22 Feb 2007 53,248 A.SHR --- "C:\Program Files\Sprint music manager\_Setupx.dll"
Thu 16 Sep 2004 1,949,696 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\LAUNCHER.EXE"
Thu 16 Sep 2004 53,760 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\MNYINSTA.DLL"
Thu 16 Sep 2004 94,208 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RMVSUITE.EXE"
Thu 16 Sep 2004 35,328 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\SETUPLNG.DLL"
Thu 16 Sep 2004 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\UNREGWTR.EXE"
Tue 11 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!


High jack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:08 AM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Kyle.DB4XPK81\Desktop\H.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 5281 bytes
  #4  
Old 01-23-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,087
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: help!!!!! pop ups wont stop
I still need that Combofix log please.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 01-24-2008
Bronze Member
My PC
 
Join Date: Jan 2008
Posts: 9
PC Experience: Some Experience
stephens23 - See this Members User comments on their Profile page
Default Re: help!!!!! pop ups wont stop
here is the combo fix log

ComboFix 08-01-21.7 - Kyle 2008-01-23 17:57:43.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.284 [GMT -6:00]
Running from: C:\Documents and Settings\Kyle.DB4XPK81\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
.
2008-01-23 18:00 . 2008-01-23 18:00 <DIR> d-------- C:\Temp\tn3
2008-01-23 01:23 . 2008-01-23 18:01 58,883 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-23 00:58 . 2008-01-23 00:58 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-23 00:49 . 2008-01-23 00:49 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-01-22 09:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-21 21:53 . 2007-10-10 17:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-21 21:53 . 2007-10-10 17:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-21 21:52 . 2007-10-10 17:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-21 21:52 . 2007-06-30 21:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-21 21:52 . 2007-06-30 21:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-21 21:52 . 2007-10-10 17:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-21 21:52 . 2007-10-10 17:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-21 21:52 . 2007-10-10 17:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-21 21:52 . 2007-10-10 04:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-19 07:02 . 2008-01-19 07:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 07:02 . 2008-01-19 07:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 22:29 . 2008-01-16 22:42 <DIR> d-------- C:\N360_BACKUP
2008-01-16 22:07 . 2008-01-16 22:25 <DIR> d-------- C:\Program Files\Norton 360
2008-01-16 22:06 . 2008-01-16 22:19 <DIR> d-------- C:\Program Files\Symantec
2008-01-16 22:06 . 2008-01-16 22:18 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-16 22:06 . 2008-01-16 22:18 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-16 22:06 . 2008-01-16 22:18 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-16 22:06 . 2008-01-16 22:18 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-16 21:01 . 2008-01-21 22:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-16 19:32 . 2008-01-16 19:32 <DIR> d-------- C:\WINDOWS\system32\0B131214110F18
2008-01-16 19:32 . 2007-12-14 06:40 120,832 --a------ C:\WINDOWS\system32\D5DDDCDEDBD9E2.exe
2008-01-16 18:03 . 2008-01-16 18:03 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-16 18:02 . 2008-01-21 22:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-16 16:51 . 2008-01-20 16:45 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-01-16 07:02 . 2008-01-16 07:02 1,061,376 ---hs---- C:\WINDOWS\system32\arbilbfa.ini
2008-01-16 06:53 . 2008-01-16 16:26 15,677 --a------ C:\WINDOWS\BM872575f2.xml
2008-01-16 06:53 . 2008-01-16 06:53 22 --a------ C:\WINDOWS\pskt.ini
2008-01-15 06:45 . 2008-01-15 06:45 86,016 --a------ C:\WINDOWS\system32\drivers\atmarpcc.sys
2008-01-15 06:44 . 2008-01-16 21:57 <DIR> d-------- C:\WINDOWS\system32\edcA01
2008-01-15 06:44 . 2008-01-15 06:45 <DIR> d-------- C:\Temp\Ryuan1
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-23 21:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-22 04:26 --------- d-----w C:\Program Files\Java
2008-01-16 22:51 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-16 22:50 --------- d-----w C:\Program Files\Yahoo!
2008-01-15 15:09 --------- d-----w C:\Program Files\MUSICMATCH
2008-01-10 01:14 --------- d-----w C:\Program Files\Dl_cats
2007-12-18 01:27 --------- d-----w C:\Program Files\XoftSpySE
2007-12-17 22:22 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 19:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-31 11:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-22_ 9.52.25.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-22 10:53:33 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-23 06:58:49 2,224,128 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-23 06:58:49 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-22 10:53:33 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-23 06:58:39 2,224,128 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-01-23 06:58:39 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2007-09-05 15:23 221184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 19:54 116072]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle.DB4XPK81^Start Menu^Programs^Startup^MEMonitor.lnk.lnk]
path=C:\Documents and Settings\Kyle.DB4XPK81\Start Menu\Programs\Startup\MEMonitor.lnk.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnk.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2007-09-05 15:23 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 15:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 15:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 15:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-12-20 19:54 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
--a------ 2004-11-11 09:26 26112 C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-09-28 18:41 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2007-09-05 15:23 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-16 17:54 32768 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
R1 atmarpcc;atmarpcc;C:\WINDOWS\system32\drivers\atma rpcc.sys [2008-01-15 06:45]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM. sys []
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 17:20:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 18:15:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-01-23 18:17:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-24 00:17:11
ComboFix2.txt 2008-01-23 06:55:38
ComboFix3.txt 2008-01-22 15:52:47
.
2008-01-22 09:01:10 --- E O F ---
  #6  
Old 01-24-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,087
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: help!!!!! pop ups wont stop
No doubt you noticed the warning in the log???

We need to download the installation package from Microsoft so that it can be used to install the Recovery Console on your computer.The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. No validation required! Please select the download link below that's appropriate for your Operating System then download and save the setup package to your desktop. If necessary, change the language version to match your installation. Do NOT change the name of the downloaded file!

Microsoft Windows XP Home Edition
Service Pack 1
Download details: Windows XP Home Edition with Service Pack 1 Utility: Setup Disks for Floppy Boot Install
Service Pack 2
Download details: Windows XP Home Edition with Service Pack 2 Utility: Setup Disks for Floppy Boot Install
Microsoft Windows XP Professional
Without Service Packs
Download details: Windows XP Professional Utility: Setup Disks for Floppy Boot Install
Service Pack 1
Download details: Windows XP Professional with Service Pack 1 Utility: Setup Disks for Floppy Boot Install
Service Pack 2
Download details: Windows XP Professional with Service Pack 2 Utility: Setup Disks for Floppy Boot Install

Download the file & save it as it's originally named, next to the ComboFix.exe.

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it.


Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.
Please do not reboot your machine until we have reviewed the log.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #7  
Old 01-24-2008
Bronze Member
My PC
 
Join Date: Jan 2008
Posts: 9
PC Experience: Some Experience
stephens23 - See this Members User comments on their Profile page
Default Re: help!!!!! pop ups wont stop
here is the log you requested.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 2 1 2 >

Bookmarks

« Please Help...Hijack...What can I delete? | Help Please???? »
Thread Tools
Display Modes
Linear Mode Linear Mode