Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE Spurious www.freelotto.com popup screens

Started by j4ynie , Mar 18 2011 11:16 PM

  • Please log in to reply

#1
j4ynie
Posted 18 March 2011 - 11:16 PM

j4ynie

    New Member

  • Member
  • Pip
  • 1 posts
Hi there,

I have tried various products to remove the popup windows "www.freelotto.com" which occur upon entry into Internet Explorer...can sometimes be up to 20 if user does not start closing them fast enough, so far nothing has worked. A few threats have been found and removed prior trying ComboFix. Can someone please review the following logs and advise the next course of action. I noticed after reviewing the log that I had missed disabling Windows Defender - woops I can rerun again if this is a problem.

Thanks in advance
Jannine

The following is the log from ComboFix;

ComboFix 11-03-18.01 - User 19/03/2011 17:51:12.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.64.1033.18.1915.1005 [GMT 13:00]
Running from: c:\users\User\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-19 to 2011-03-19 )))))))))))))))))))))))))))))))
.
.
2011-03-19 04:57 . 2011-03-19 04:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-19 04:11 . 2011-03-19 04:11 -------- d-----w- c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
2011-03-19 04:11 . 2011-03-19 04:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-03-19 04:11 . 2011-03-19 04:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-19 01:47 . 2011-03-19 01:47 -------- d-----w- c:\program files\CCleaner
2011-03-19 00:30 . 2011-03-19 00:30 -------- d-----w- c:\users\User\AppData\Roaming\ParetoLogic
2011-03-19 00:30 . 2011-03-19 00:30 -------- d-----w- c:\users\User\AppData\Roaming\DriverCure
2011-03-19 00:30 . 2011-03-19 00:51 -------- d-----w- c:\programdata\ParetoLogic
2011-03-19 00:06 . 2011-03-19 00:06 -------- d-----w- c:\users\User\AppData\Local\Windows Live
2011-03-19 00:06 . 2011-03-19 00:06 -------- d-----w- c:\program files\Common Files\Windows Live
2011-03-19 00:05 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-03-19 00:02 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2011-03-18 20:56 . 2011-03-18 20:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-18 20:06 . 2011-02-22 21:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA67EF95-FCC7-4916-9996-EC7E632640F9}\mpengine.dll
2011-03-18 05:49 . 2011-03-19 01:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-18 05:49 . 2011-03-18 05:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-17 20:52 . 2011-03-19 00:27 -------- d-----w- c:\programdata\Lavasoft
2011-03-17 13:17 . 2011-02-16 07:07 186368 ----a-w- c:\program files\Internet Explorer\ielowutil\ielowutil.exe
2011-03-08 18:57 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-08 18:57 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-08 18:57 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-08 18:57 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 18:57 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-08 18:57 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-24 14:01 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 05:24 . 2010-12-13 01:37 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-02-24 05:24 . 2010-12-13 01:37 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 05:11 . 2009-10-05 02:00 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 05:29 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 05:29 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 05:29 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 05:29 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 05:29 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 05:29 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 05:29 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 05:29 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 05:29 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 05:29 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 05:29 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 05:29 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04 . 2011-02-09 05:29 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28 . 2011-02-09 05:29 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 05:29 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 05:29 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 05:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 05:29 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 05:29 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 05:29 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 05:29 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 05:29 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 05:29 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 05:29 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 05:29 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 05:29 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 05:29 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 05:29 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-09 05:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 05:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 05:30 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-11 18:53 413696 ----a-w- c:\windows\system32\odbc32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-19 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-28 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ie238754"="c:\program files\Internet Explorer\ielowutil\ielowutil.exe" [2011-02-16 186368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca4b2670b132f0;Google Update Service (gupdate1ca4b2670b132f0);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-12 133104]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-02 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-12 10:26]
.
2011-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-12 10:26]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4044091559-1745842990-2749584839-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 04:56]
.
2011-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4044091559-1745842990-2749584839-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 04:56]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Sidebar - (no file)
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-834rgruyg8374tg7h - c:\program files\Internet Explorer\ielowutil\update.exe
AddRemove-DivX Plus DirectShow Filters - c:\users\User\Desktop\DivX\DivXDSFiltersUninstall.exe
AddRemove-Microsoft SQL Server 2005 - c:\program files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\users\User\Desktop\DivX\DivXConverterUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\users\User\Desktop\DivX\DivXCodecUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\users\User\Desktop\DivX\DivXConverterUninstall.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\users\User\Desktop\DivX\DivXWebPlayerUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-19 17:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????8?T???????????????? ??H
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-03-19 17:59:15
ComboFix-quarantined-files.txt 2011-03-19 04:59
.
Pre-Run: 52,141,494,272 bytes free
Post-Run: 51,556,749,312 bytes free
.
- - End Of File - - FEC87F92C8D771040A5EED0E098FD0F7
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP