Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP! Pop-ups from bad site. [CLOSED]


  • This topic is locked This topic is locked

#16
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Where is the attached OTMoveIt2 log? I don't see any attachment. Man, I must be going blind. :)

PS. You forgot to attach it? :)

Edited by Ltangelic, 20 July 2008 - 09:16 PM.

  • 0

Advertisements


#17
MsGPG

MsGPG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
:) Sorry, I didn't realize the attachment was failing. I resaved the log with .txt at the end of the name and was then able to upload it.

Attached Files


  • 0

#18
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Thanks, I'm looking over your logs now, and I'll have a fix soon. :)
  • 0

#19
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey MsGPG,

Good work, your logs are clean! :) A few more steps to this and we're done!

1) Update Java

Your Java is out of date.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
1) Update Adobe Reader

Your current version of Adobe Reader is outdated. Please uninstall it and go here to install the latest version: http://www.adobe.com.../readstep2.html

3) Cleanup with OTMoveIt2

Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

* Click on the CleanUp! button
* A list of tool components used in the Cleanup of malware will be downloaded.
* If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
* Click Yes to begin the Cleanup process and remove these components, including this application.
* You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

4) Clear and Reset System Restore

  • Right click on "My Computer" and click on "Properties".
  • Go to "System Restore" tab and check "Turn off System Restore on all drives". Click "Yes" at the prompt. (Wait a while for it to finish)
  • Then UNcheck "Turn off System Restore on all drives". Click "Yes" at the prompt. (Wait a while for it to finish)
  • Your System Restore is now turned on.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Please post back telling me how your computer is doing so I can ask a staff to mark this as resolved.
  • 0

#20
MsGPG

MsGPG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks. I have done everything in your last post.

Unfortunately, I am still getting pop-ups from that site. http:// fp.pc-on- internet. I am using Mozilla. When these pop ups occur, the top of the browser either says Window Security Center or Spyware-Secure. Also, before the pop-up occurs, I receive a notice at the bottom of my screen that says that my computer has been affected by a virus. There is no way to get rid of the mini screen. When I attempt to shut it it results in directing my to the fp.pc website.
  • 0

#21
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey MsGPG,

Seems like there is something hidden inside your computer, let's run a deeper scan to see what we've got.

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a Hijackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#22
MsGPG

MsGPG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here ya go!


ComboFix 08-07-22.4 - msgwendolyn 2008-07-23 14:39:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.475 [GMT -4:00]
Running from: C:\Documents and Settings\msgwendolyn\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\msgwendolyn\Application Data\FunWebProducts
C:\Documents and Settings\msgwendolyn\Application Data\FunWebProducts\Data\msgwendolyn\avatar.dat
C:\Documents and Settings\msgwendolyn\Application Data\macromedia\Flash Player\#SharedObjects\2QPQRXKK\www.broadcaster.com
C:\Documents and Settings\msgwendolyn\Application Data\macromedia\Flash Player\#SharedObjects\2QPQRXKK\www.broadcaster.com\played_list.sol
C:\Documents and Settings\msgwendolyn\Application Data\macromedia\Flash Player\#SharedObjects\2QPQRXKK\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\msgwendolyn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\msgwendolyn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\msgwendolyn\Local Settings\Application Data\cgmaoio.dat
C:\Documents and Settings\msgwendolyn\Local Settings\Application Data\cgmaoio.exe
c:\Documents and Settings\msgwendolyn\Local Settings\Application Data\cgmaoio_nav.dat
c:\Documents and Settings\msgwendolyn\Local Settings\Application Data\cgmaoio_navps.dat
C:\RECYCLER\RB15.tmp
C:\RECYCLER\RB16.tmp
C:\RECYCLER\RB1F.tmp
C:\RECYCLER\RB20.tmp
C:\RECYCLER\RB21.tmp
C:\RECYCLER\RB2E.tmp
C:\RECYCLER\RB6F.tmp
C:\RECYCLER\RB77.tmp
C:\RECYCLER\RB79.tmp
C:\RECYCLER\RB7F.tmp
C:\RECYCLER\RB94.tmp

.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-22 23:21 . 2008-07-22 23:21 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-22 22:59 . 2008-07-23 08:44 <DIR> d-------- C:\Program Files\NOS
2008-07-22 22:59 . 2008-07-23 08:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-22 16:14 . 2008-07-22 22:53 3,678 --a------ C:\WINDOWS\system32\EPPICResdb0000
2008-07-22 16:14 . 2008-07-22 22:53 115 --a------ C:\WINDOWS\system32\EPPICResdb
2008-07-22 15:44 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-22 15:42 . 2008-07-22 15:42 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-20 16:02 . 2008-07-20 16:02 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-07-20 15:45 . 2008-07-20 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2008-07-20 11:52 . 2008-07-20 11:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-20 11:52 . 2008-07-20 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-17 19:25 . 2008-07-17 19:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-17 19:25 . 2008-07-17 19:25 <DIR> d-------- C:\Documents and Settings\msgwendolyn\Application Data\Malwarebytes
2008-07-17 19:25 . 2008-07-17 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-17 19:25 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-17 19:25 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-15 11:34 . 2008-07-15 11:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 23:33 . 2008-07-13 23:33 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 03:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-22 19:44 --------- d-----w C:\Program Files\Java
2008-07-20 15:02 --------- d-----w C:\Documents and Settings\msgwendolyn\Application Data\AdobeUM
2008-07-15 15:36 --------- d-----w C:\Program Files\Lavasoft
2008-07-15 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-15 12:56 --------- d-----w C:\Program Files\MSN Messenger
2008-06-21 20:18 --------- d-----w C:\Documents and Settings\msgwendolyn\Application Data\Simple Star
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 02:49 --------- d-----w C:\Documents and Settings\msgwendolyn\Application Data\deskPDF
2008-06-16 02:46 --------- d-----w C:\Program Files\Docudesk
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-25 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star
2008-05-25 01:36 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
2008-05-25 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star Shared
2008-05-25 01:19 --------- d-----w C:\Program Files\Simple Star
2007-03-14 23:14 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-06-16 14:37 3334144]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 16:54 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"Pop up Blocker Pro"="C:\Documents and Settings\msgwendolyn\Desktop\pdie.exe" [2007-02-14 15:35 1309184]
"Simple Star PhotoShow Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2008-05-09 15:59 353784]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 17:40 24576 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 09:47 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 07:42 1159168]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 07:32 1836544]
"EPSON Stylus CX4600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 04:00 98304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-06 14:02 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-25 21:15 185896]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 14:12 2061816]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 17:09 310000]
"-FreedomNeedsReboot"="C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe" [2007-06-28 17:09 13552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2005-05-19 08:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-06 13:58:01 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S3 Radialpoint Security Services;AT&T Internet Security Suite;C:\WINDOWS\system32\dllhost.exe [2004-08-10 05:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b0f168a-0cb9-11dc-b865-00038a000015}]
\Shell\AutoRun\command - K:\LaunchU3.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Local Page = \blank.htm
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Search
O8 -: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 -: Display All Images with Full Quality - "C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 -: Display Image with Full Quality - "C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 -: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 -: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 -: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 14:45:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterr.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-23 14:51:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-23 18:50:53

Pre-Run: 228,153,085,952 bytes free
Post-Run: 228,347,498,496 bytes free

191 --- E O F --- 2008-07-10 02:08:31
  • 0

#23
MsGPG

MsGPG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:39 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\msgwendolyn\Desktop\pdie.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Pop up Blocker Pro] "C:\Documents and Settings\msgwendolyn\Desktop\pdie.exe" Minimize
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 12594 bytes
  • 0

#24
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey MsGPG,

Your log doesn't seem so bad, are you still getting pop-ups?

Install Recovery Console

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.


Posted Image

SP3 users select the download for SP2

Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
  • 0

#25
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP