Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

please help me scrape these pop-ups off my pc

Started by tartanfrogs , Dec 23 2008 04:05 PM

  • Please log in to reply

#1
tartanfrogs
Posted 23 December 2008 - 04:05 PM

tartanfrogs

    New Member

  • Member
  • Pip
  • 8 posts
my machine is a 3 year old Dell Dimension 5150, running Win Xp



I have something nasty on my pc which keeps randomly generating popup ads and sometimes opens up Explorer (which I don't ever use) on random web pages, including:

Blinkx.com
c5.zedo.com
and others

I have tried to manually delete what I though were suspect entries found using Hijack this
I've also scanned with Spywaredoctor - which didn't find anything other than low risk cookie collecting files

Downloaded freeware malwarebytes ANti Malware - this found 20 files which it removed but the problem didn't go

the file I thought it was looking for was called Antivirus 360 but Malwarebytes didn't find any trace of this on my pc

I have had this problem for 2 hours or so.

can you help ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:56, on 23/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\NoteBurner\VTBurnerGUI.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: {550832a1-d29d-3728-8d64-d9cae59b21e6} - {6e12b95e-ac9d-46d8-8273-d92d1a238055} - C:\WINDOWS\system32\jkqhhg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: jkqhhg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe

--
End of file - 8472 bytes

Edited by tartanfrogs, 23 December 2008 - 04:18 PM.

  • 0

Advertisements

#2
tartanfrogs
Posted 23 December 2008 - 04:34 PM

tartanfrogs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
here is Combifix log if it helps



ComboFix 08-12-23.01 - VADER1 2008-12-23 22:23:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.136 [GMT 0:00]
Running from: c:\documents and settings\VADER1\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\VADER1\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\ghufbnhc.dll
c:\windows\system32\jkqhhg.dll
c:\windows\system32\ljJYPgGv.dll
c:\windows\system32\micr0st.dll
c:\windows\system32\xhnsvchf.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-23 21:24 . 2008-12-23 21:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 21:24 . 2008-12-23 21:24 <DIR> d-------- c:\documents and settings\VADER1\Application Data\Malwarebytes
2008-12-23 21:24 . 2008-12-23 21:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 21:24 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 21:24 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-23 21:22 . 2008-12-23 22:25 0 --a------ c:\windows\system32\Sweeper.cfg
2008-12-23 20:53 . 2008-12-23 20:53 <DIR> d-------- c:\program files\Trend Micro
2008-12-23 20:52 . 2008-10-28 19:10 573 --a------ c:\windows\win.tmp
2008-12-23 20:52 . 2004-08-10 12:57 231 --a------ c:\windows\system.tmp
2008-12-23 20:51 . 2008-12-23 21:22 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-23 20:51 . 2008-12-23 20:51 <DIR> d-------- c:\documents and settings\VADER1\Application Data\PC Tools
2008-12-23 20:51 . 2005-12-13 15:18 50,048 --a------ c:\windows\system32\drivers\ikhlayer.sys
2008-12-20 12:12 . 2008-12-20 12:12 53 --a------ c:\windows\REGKEYNT.INI
2008-12-20 08:17 . 2008-12-23 16:07 <DIR> d-------- c:\documents and settings\VADER1\Application Data\skypePM
2008-12-20 08:17 . 2008-12-20 08:17 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-20 08:16 . 2008-12-20 08:16 <DIR> d-------- c:\program files\Skype
2008-12-20 08:16 . 2008-12-20 08:16 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-20 08:16 . 2008-12-23 20:16 <DIR> d-------- c:\documents and settings\VADER1\Application Data\Skype
2008-12-20 08:15 . 2008-12-20 08:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-12-16 21:04 . 2008-12-18 03:06 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-16 21:02 . 2008-12-20 12:11 <DIR> d-------- c:\program files\NoteBurner
2008-12-16 21:02 . 2007-05-16 11:42 13,440 --a------ c:\windows\system32\drivers\ntcdrdrv.sys
2008-12-13 19:55 . 2008-12-13 19:55 <DIR> d-------- c:\program files\DVD Decrypter
2008-12-13 18:28 . 2008-12-13 18:28 <DIR> d-------- c:\documents and settings\VADER1\Application Data\CyberLink
2008-12-13 18:27 . 2008-12-13 18:27 <DIR> d-------- c:\program files\DVD Shrink
2008-12-13 18:27 . 2008-12-19 05:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-12 05:06 . 2008-10-03 10:15 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2008-12-06 17:55 . 2008-12-06 17:55 <DIR> d-------- c:\program files\IKEA HomePlanner
2008-12-06 17:55 . 2008-12-06 17:55 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-30 11:07 . 2008-11-30 11:11 29 --a------ c:\windows\Battle.ini
2008-11-25 18:34 . 2008-12-09 20:10 83,184 --a------ c:\documents and settings\VADER1\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 21:03 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-23 20:33 --------- d-----w c:\program files\BitComet
2008-12-12 17:33 3,060,224 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-04 19:02 --------- d-----w c:\documents and settings\VADER1\Application Data\AdobeUM
2008-11-27 21:22 --------- d-----w c:\program files\Soulseek
2008-11-18 18:08 --------- d-----w c:\program files\FileMaker
2008-11-17 22:12 --------- d-----w c:\program files\HP
2008-11-17 22:12 --------- d-----w c:\program files\Hewlett-Packard
2008-11-17 03:00 --------- d-----w c:\program files\MSXML 6.0
2008-11-16 20:02 --------- d-----w c:\program files\iTunes
2008-11-16 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-16 18:13 --------- d-----w c:\documents and settings\VADER1\Application Data\Marvell
2008-11-16 17:42 --------- d-----w c:\documents and settings\VADER1\Application Data\Hewlett-Packard
2008-11-16 17:42 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-11-16 17:41 --------- d-----w c:\documents and settings\VADER1\Application Data\HP
2008-11-15 22:24 --------- d-----w c:\program files\MSBuild
2008-11-15 22:20 --------- d-----w c:\program files\Reference Assemblies
2008-11-15 21:16 --------- d-----w c:\documents and settings\VADER1\Application Data\ALLCapture
2008-11-15 19:38 --------- d-----w c:\program files\ALLCapture 2.0 Essai
2008-11-13 21:23 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-13 18:14 --------- d-----w c:\program files\Common Files\SMART Technologies Inc
2008-11-13 18:14 --------- d-----w c:\documents and settings\VADER1\Application Data\SMART Technologies Inc
2008-11-13 18:14 --------- d-----w c:\documents and settings\All Users\Application Data\SMART Technologies Inc
2008-11-13 18:13 --------- d-----w c:\program files\SMART Board Software
2008-11-08 10:57 88 --sh--r c:\documents and settings\All Users\Application Data\EBCABAF516.sys
2008-11-08 10:57 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-11-08 09:54 --------- d-----w c:\documents and settings\VADER1\Application Data\Corel
2008-11-08 09:41 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2008-11-08 09:39 --------- d-----w c:\program files\Corel
2008-11-08 09:39 --------- d-----w c:\program files\Common Files\Protexis
2008-11-08 09:39 --------- d-----w c:\program files\Common Files\Corel
2008-11-08 09:24 --------- d-----w c:\documents and settings\VADER1\Application Data\InstallShield
2008-11-07 22:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 22:54 --------- d-----w c:\program files\Activision
2008-11-07 18:32 2,109,440 ----a-w c:\windows\system32\dllcache\WMVCore.dll
2008-11-06 11:11 --------- d-----w c:\documents and settings\All Users\Application Data\ViceVersa PRO 2
2008-11-06 11:10 --------- d-----w c:\program files\ViceVersa Pro 2
2008-11-06 10:58 43,698 ----a-w c:\windows\system32\xvid-uninstall.exe
2008-11-06 10:58 --------- d-----w c:\program files\Gabest
2008-11-06 10:58 --------- d-----w c:\program files\AviSynth 2.5
2008-11-06 10:58 --------- d-----w c:\program files\AutoGK
2008-11-01 20:04 --------- d-----w c:\documents and settings\VADER1\Application Data\Nero
2008-11-01 17:11 --------- d-----w c:\program files\Yahoo!
2008-10-28 22:13 --------- d-----w c:\program files\DupeEliminator
2008-10-28 22:07 --------- d-----w c:\program files\Duplicate File Finder
2008-10-28 22:00 --------- d-----w c:\program files\Duplicate Finder
2008-10-28 19:09 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-27 22:49 --------- d-----w c:\documents and settings\VADER1\Application Data\Apple Computer
2008-10-27 21:37 --------- d-----w c:\program files\Common Files\Nero
2008-10-27 21:24 --------- d-----w c:\program files\Nero
2008-10-27 21:23 --------- d-----w c:\program files\Windows Sidebar
2008-10-27 21:19 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-26 20:57 --------- d-----w c:\documents and settings\VADER1\Application Data\ACD Systems
2008-10-26 20:54 --------- d-----w c:\program files\Common Files\ACD Systems
2008-10-26 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2008-10-26 20:53 --------- d-----w c:\program files\ACD Systems
2008-10-26 20:46 306,464 ----a-w c:\windows\PC Video Converter Studio Uninstaller.exe
2008-10-26 13:19 --------- d-----w c:\program files\ImTOO
2008-10-26 07:40 --------- d-----w c:\program files\QuickTime
2008-10-26 07:40 --------- d-----w c:\program files\iPod
2008-10-26 07:40 --------- d-----w c:\program files\Common Files\Apple
2008-10-26 07:40 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-26 07:40 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-26 07:08 --------- d-----w c:\program files\MpcStar
2008-10-26 07:08 --------- d-----w c:\documents and settings\VADER1\Application Data\TigerPlayer
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45 18,432 ------w c:\windows\system32\dllcache\iedw.exe
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-10-10 2497336]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-01-11 960000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-21 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-21 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-18 532808]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NoteBurner"="c:\program files\NoteBurner\VTBurnerGUI.exe" [2008-12-02 5668864]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 c:\windows\stsystra.exe]
"nwiz"="nwiz.exe" [2007-05-21 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-01-11 960000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-08 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
SMART Board Tools.lnk - c:\program files\SMART Board Software\SMARTBoardTools.exe [2007-02-14 3526656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=jkqhhg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"g:\\Program Files\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9545:TCP"= 9545:TCP:BitComet 9545 TCP
"9545:UDP"= 9545:UDP:BitComet 9545 UDP
"18858:TCP"= 18858:TCP:BitComet 18858 TCP
"18858:UDP"= 18858:UDP:BitComet 18858 UDP

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [2008-12-16 13440]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
S3 PciCon;PciCon;\??\D:\PciCon.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-12-23 c:\windows\Tasks\zzietwzd.job
- c:\windows\system32\rundll32.exe [2004-08-04 05:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6e12b95e-ac9d-46d8-8273-d92d1a238055} - c:\windows\system32\jkqhhg.dll
HKLM-Run-Device Detector - DevDetect.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.euro.dell.com
mStart Page = hxxp://www.euro.dell.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\VADER1\Application Data\Mozilla\Firefox\Profiles\xtp902cg.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 22:25:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc215.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\Spyware Doctor\Tools\swpg.dat

- - - - - - - > 'lsass.exe'(692)
c:\program files\Spyware Doctor\Tools\swpg.dat

- - - - - - - > 'csrss.exe'(612)
c:\program files\Spyware Doctor\Tools\swpg.dat
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\j2re1.4.2_03\bin\jucheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Spyware Doctor\sdhelp.exe
c:\program files\SMART Board Software\SMARTBoardService.exe
c:\program files\SMART Board Software\Aware.exe
c:\program files\SMART Board Software\Marker.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-23 22:29:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-23 22:29:02

Pre-Run: 117,318,189,056 bytes free
Post-Run: 119,535,435,776 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

275 --- E O F --- 2008-12-18 03:00:36
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP