pop ups

View previous topic View next topic Go down

pop ups

Post by spaddz on 11th June 2009, 3:54 pm

pop ups continuously opening when internet explorer opened..
various sites. in bottom right corner it says this ad brought to you by internet explorer..
one website is [You must be registered and logged in to see this link.]
please help!!!
thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:10 AM, on 12/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Documents and Settings\gloria\Local Settings\Temporary Internet Files\Content.IE5\387W39HQ\hijackgpthis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: InternetExperienceEnhancer - {155AF1C4-430E-9CD7-1A6E-721A433EA1CF} - C:\Program Files\InternetExperienceEnhancer\InternetExperienceEnhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series on MCSPADDEN2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P45 "Auto EPSON Stylus CX4100 Series on MCSPADDEN2" /O18 "\\MCSPADDEN2\EPSON" /M "Stylus CX4100"
O4 - HKLM\..\Run: [\\MCSPADDEN2\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P39 "\\MCSPADDEN2\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series on MCSPADDEN2 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P54 "Auto EPSON Stylus CX4100 Series on MCSPADDEN2 (Copy 1)" /O21 "\\MCSPADDEN2\EPSONSty" /M "Stylus CX4100"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TClockEx] C:\Drivers\Time Clock\TCLOCKEX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.phillica.com.au/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Update Service (gupdate1c9c3c1a329fe34) (gupdate1c9c3c1a329fe34) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 13034 bytes

spaddz
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-11
OS OS : xp
Points Points : 27409
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pop ups

Post by Belahzur on 11th June 2009, 4:23 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

results of malware

Post by spaddz on 12th June 2009, 3:46 am

these are the results of malware.....
what next

Malwarebytes' Anti-Malware 1.37
Database version: 2265
Windows 5.1.2600 Service Pack 3

12/06/2009 1:43:44 PM
mbam-log-2009-06-12 (13-43-44).txt

Scan type: Quick Scan
Objects scanned: 90801
Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\gloria\local settings\Temp\pftE~tmp\pfw\ccinstaller.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\gloria\local settings\Temp\pftE~tmp\pp\ccinstaller.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
c:\program files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\mstre19.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122713.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122714.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122715.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122739.dat (Worm.KoobFace) -> Quarantined and deleted successfully.


What now?
thanks heaps!

spaddz
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-11
OS OS : xp
Points Points : 27409
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pop ups

Post by spaddz on 12th June 2009, 3:55 am

when computer restarted, internet window opened and smsbargain.net still opened

spaddz
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-11
OS OS : xp
Points Points : 27409
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pop ups

Post by Belahzur on 12th June 2009, 8:43 am


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pop ups

Post by spaddz on 12th June 2009, 9:43 am

sorry, it wouldnt fit in one post.

DDS (Ver_09-05-14.01) - NTFSx86
Run by gloria at 19:36:55.90 on Fri 12/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1021 [GMT 10:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\gloria\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: InternetExperienceEnhancer: {155af1c4-430e-9cd7-1a6e-721a433ea1cf} - c:\program files\internetexperienceenhancer\InternetExperienceEnhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [TClockEx] c:\drivers\time clock\TCLOCKEX.EXE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [iKeyWorks] c:\progra~1\a4tech\keyboard\Ikeymain.exe
mRun: [WheelMouse] c:\progra~1\a4tech\mouse\Amoumain.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [EPSON Stylus CX4100 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [Auto EPSON Stylus CX4100 Series on MCSPADDEN2] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaep.exe /p45 "auto epson stylus cx4100 series on mcspadden2" /o18 "\\mcspadden2\EPSON" /M "Stylus CX4100"
mRun: [\\MCSPADDEN2\EPSON Stylus CX4100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaep.exe /p39 "\\mcspadden2\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
mRun: [Auto EPSON Stylus CX4100 Series on MCSPADDEN2 (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaep.exe /p54 "auto epson stylus cx4100 series on mcspadden2 (copy 1)" /o21 "\\mcspadden2\EPSONSty" /M "Stylus CX4100"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - [You must be registered and logged in to see this link.]
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - [You must be registered and logged in to see this link.]
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll

spaddz
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-11
OS OS : xp
Points Points : 27409
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pop ups

Post by spaddz on 12th June 2009, 9:43 am

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-3-19 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-3-21 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-3-21 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-3-19 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-4-24 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-4-24 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-4-24 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-4-24 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-4-24 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-4-24 144696]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-4 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-3-21 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-4-15 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-4-24 255216]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2008-2-24 9728]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-5-30 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2009-4-24 185584]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-4-24 108368]
S2 gupdate1c9c3c1a329fe34;Google Update Service (gupdate1c9c3c1a329fe34);c:\program files\google\update\GoogleUpdate.exe [2009-4-23 133104]

=============== Created Last 30 ================

2009-06-12 13:33 --d----- c:\docume~1\gloria\applic~1\Malwarebytes
2009-06-12 13:33 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 13:33 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-12 13:33 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-12 13:33 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 20:51 --dsh--- c:\documents and settings\gloria\PrivacIE
2009-06-11 20:50 --dsh--- c:\documents and settings\gloria\IETldCache
2009-06-11 20:36 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 20:36 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-11 20:36 --d----- c:\windows\ie8updates
2009-06-11 20:36 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-11 20:34 -cd-h--- c:\windows\ie8
2009-06-11 20:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-10 21:53 --d----- c:\windows\system32\scripting
2009-06-10 21:53 --d----- c:\windows\l2schemas
2009-06-10 21:53 --d----- c:\windows\system32\en
2009-06-10 21:53 --d----- c:\windows\system32\bits
2009-06-10 21:50 --d----- c:\windows\ServicePackFiles
2009-06-10 21:43 --d----- c:\windows\EHome
2009-06-09 17:12 --d-h--- c:\windows\PIF
2009-06-09 17:12 --d----- c:\program files\InternetExperienceEnhancer
2009-06-03 19:04 --d----- c:\program files\iPod
2009-06-03 19:03 --d----- c:\program files\iTunes
2009-05-30 17:13 91 a------- c:\windows\quadriga.ini
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-20 00:57 --d----- c:\windows\system32\Adobe
2009-05-17 18:09 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-05-17 18:08 --d--r-- c:\program files\Skype
2009-05-17 18:04 60,032 a------- c:\windows\system32\drivers\usbaudio.sys

==================== Find3M ====================

2009-06-12 13:50 127,196 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-06-12 13:50 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-06-12 13:50 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-06-12 13:50 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-06-12 13:50 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-06-12 13:50 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-06-12 13:50 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-06-12 13:50 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-06-10 21:56 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-22 11:38 161,008 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-05-22 11:38 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-05-22 11:38 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-05-22 11:38 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-05-13 15:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 01:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 14:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-24 18:59 74,302,760 a------- c:\program files\iTunesSetup.exe
2009-04-24 18:29 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-04-24 18:29 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-04-24 17:50 80,711,192 a------- c:\program files\iss_en_32.exe
2009-04-17 22:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-16 00:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 19:37:49.60 ===============

spaddz
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-11
OS OS : xp
Points Points : 27409
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pop ups

Post by Belahzur on 12th June 2009, 10:21 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (CA)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pop ups

Post by spaddz on 12th June 2009, 12:26 pm

ComboFix 09-06-11.06 - gloria 12/06/2009 22:16:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1413 [GMT 10:00]
Running from: C:\Documents and Settings\gloria\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.

2009-06-12 03:33:45 . 2009-06-12 03:33:45 0 d-----w- C:\Documents and Settings\gloria\Application Data\Malwarebytes
2009-06-12 03:33:41 . 2009-05-26 03:20:08 40160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-06-12 03:33:40 . 2009-06-12 03:33:40 0 d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-12 03:33:40 . 2009-05-26 03:19:56 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-06-12 03:33:39 . 2009-06-12 03:33:44 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-11 15:34:49 . 2009-06-11 15:34:49 0 d-----w- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-06-11 10:51:39 . 2009-06-11 10:51:39 0 d-sh--w- C:\Documents and Settings\gloria\PrivacIE
2009-06-11 10:50:08 . 2009-06-11 10:50:08 0 d-sh--w- C:\Documents and Settings\gloria\IETldCache
2009-06-11 10:36:11 . 2009-04-30 21:22:34 12800 -c----w- C:\WINDOWS\system32\dllcache\xpshims.dll
2009-06-11 10:36:11 . 2009-04-30 21:22:31 246272 -c----w- C:\WINDOWS\system32\dllcache\ieproxy.dll
2009-06-11 10:36:05 . 2009-06-11 10:36:05 0 d-----w- C:\WINDOWS\ie8updates
2009-06-11 10:36:00 . 2009-05-12 05:11:53 102912 -c----w- C:\WINDOWS\system32\dllcache\iecompat.dll
2009-06-11 10:34:07 . 2009-06-11 10:35:26 0 dc-h--w- C:\WINDOWS\ie8
2009-06-11 10:20:37 . 2009-06-11 10:20:51 0 d-----w- C:\Program Files\Common Files\Adobe
2009-06-11 10:18:44 . 2009-02-12 09:35:52 38208 ----a-w- C:\Documents and Settings\gloria\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-06-11 10:18:40 . 2009-06-11 10:18:40 0 d-----w- C:\Program Files\Common Files\Adobe AIR
2009-06-11 10:16:36 . 2009-06-11 10:16:43 86016 ----a-w- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-11 10:16:03 . 2009-06-11 10:50:15 0 d-----w- C:\Documents and Settings\All Users\Application Data\NOS
2009-06-11 10:16:03 . 2009-06-11 10:50:14 0 d-----w- C:\Program Files\NOS
2009-06-11 10:02:54 . 2009-06-11 10:02:44 410984 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-06-10 11:53:25 . 2009-06-10 11:53:25 0 d-----w- C:\WINDOWS\system32\scripting
2009-06-10 11:53:25 . 2009-06-10 11:53:25 0 d-----w- C:\WINDOWS\l2schemas
2009-06-10 11:53:24 . 2009-06-10 11:53:24 0 d-----w- C:\WINDOWS\system32\en
2009-06-10 11:53:23 . 2009-06-10 11:53:23 0 d-----w- C:\WINDOWS\system32\bits
2009-06-10 11:50:52 . 2009-06-10 11:53:48 0 d-----w- C:\WINDOWS\ServicePackFiles
2009-06-10 11:43:58 . 2009-06-10 11:43:58 0 d-----w- C:\WINDOWS\EHome
2009-06-09 07:12:52 . 2009-06-09 07:12:53 0 d-----w- C:\Program Files\InternetExperienceEnhancer
2009-06-09 07:12:52 . 2009-06-09 07:12:52 0 d--h--w- C:\WINDOWS\PIF
2009-06-03 09:04:01 . 2009-06-03 09:04:01 0 d-----w- C:\Program Files\iPod
2009-06-03 09:03:58 . 2009-06-03 09:04:16 0 d-----w- C:\Program Files\iTunes
2009-06-03 09:01:28 . 2009-06-03 09:01:54 0 d-----w- C:\Program Files\QuickTime
2009-06-03 08:54:23 . 2009-06-03 08:54:23 75048 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 03:43:49 . 2009-04-24 08:29:16 1385760 ----a-w- C:\Documents and Settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
2009-05-19 14:57:05 . 2009-05-19 14:58:20 0 d-----w- C:\WINDOWS\system32\Adobe
2009-05-17 08:09:45 . 2009-05-17 08:09:45 56 ---ha-w- C:\WINDOWS\system32\ezsidmv.dat
2009-05-17 08:09:44 . 2009-05-22 01:32:16 0 d-----w- C:\Documents and Settings\gloria\Application Data\skypePM
2009-05-17 08:09:03 . 2009-05-22 01:54:15 0 d-----w- C:\Documents and Settings\gloria\Application Data\Skype
2009-05-17 08:08:49 . 2009-05-17 08:08:49 0 d-----w- C:\Program Files\Common Files\Skype
2009-05-17 08:08:47 . 2009-05-17 08:08:49 0 d-----r- C:\Program Files\Skype
2009-05-17 08:08:39 . 2009-05-17 08:08:49 0 d-----w- C:\Documents and Settings\All Users\Application Data\Skype
2009-05-17 08:04:19 . 2008-04-13 18:45:12 60032 ----a-w- C:\WINDOWS\system32\drivers\usbaudio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 03:50:01 . 2009-04-24 14:48:33 64 ----a-w- C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2009-06-12 03:50:01 . 2009-04-24 14:48:33 64 ----a-w- C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2009-06-12 03:50:01 . 2009-04-24 14:48:33 64 ----a-w- C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2009-06-12 03:50:01 . 2009-04-24 14:48:33 64 ----a-w- C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2009-06-12 03:50:01 . 2009-04-24 14:48:33 64 ----a-w- C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2009-06-12 03:50:01 . 2009-04-24 14:48:33 64 ----a-w- C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2009-06-12 03:50:01 . 2009-04-24 14:48:33 64 ----a-w- C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2009-06-12 03:50:01 . 2009-04-24 14:48:33 127196 ----a-w- C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2009-06-11 14:23:32 . 2009-04-24 08:57:47 0 d-----w- C:\Documents and Settings\gloria\Application Data\LimeWire
2009-06-11 10:10:45 . 2008-02-23 22:17:14 0 d-----w- C:\Program Files\Java
2009-06-11 02:36:23 . 2008-02-23 06:50:05 21192 ----a-w- C:\Documents and Settings\gloria\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 11:56:32 . 2008-02-23 22:00:00 76487 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
2009-06-10 01:43:46 . 2008-02-23 08:11:14 0 d-----w- C:\Documents and Settings\gloria\Application Data\CallingID
2009-06-08 07:00:17 . 2009-05-01 07:00:00 886 ----a-w- C:\WINDOWS\EntPack.dat
2009-06-07 05:50:17 . 2009-04-24 08:28:44 0 d-----w- C:\Program Files\PKR
2009-06-03 09:04:00 . 2009-04-24 09:00:59 0 d-----w- C:\Program Files\Common Files\Apple
2009-06-01 14:55:19 . 2009-04-24 07:31:02 0 d-----w- C:\Documents and Settings\gloria\Application Data\U3
2009-05-22 01:38:18 . 2009-04-24 08:24:50 26352 ----a-w- C:\WINDOWS\system32\drivers\vet-filt.sys
2009-05-22 01:38:18 . 2009-04-24 08:24:50 21488 ----a-w- C:\WINDOWS\system32\drivers\vetfddnt.sys
2009-05-22 01:38:18 . 2009-04-24 08:24:50 21104 ----a-w- C:\WINDOWS\system32\drivers\vet-rec.sys
2009-05-22 01:38:18 . 2009-04-24 08:24:50 161008 ----a-w- C:\WINDOWS\system32\drivers\vetmonnt.sys
2009-05-18 13:24:07 . 2009-04-23 03:13:47 0 d-----w- C:\Program Files\Google
2009-05-13 05:15:55 . 2008-02-23 20:40:48 915456 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-05-08 12:04:24 . 2009-05-08 12:04:24 0 d-----w- C:\Program Files\Microsoft
2009-05-08 12:04:18 . 2009-05-08 12:03:02 0 d-----w- C:\Program Files\Windows Live
2009-05-08 12:04:04 . 2009-05-08 12:04:04 0 d-----w- C:\Program Files\Windows Live SkyDrive
2009-05-08 11:51:36 . 2009-05-08 11:51:36 0 d-----w- C:\Program Files\Common Files\Windows Live
2009-05-07 15:32:35 . 2008-02-23 20:40:43 345600 ----a-w- C:\WINDOWS\system32\localspl.dll
2009-04-29 04:55:56 . 2009-04-29 04:55:56 78336 ------w- C:\WINDOWS\system32\ieencode.dll
2009-04-24 09:02:41 . 2009-04-24 09:02:41 0 d-----w- C:\Documents and Settings\gloria\Application Data\Apple Computer
2009-04-24 09:02:30 . 2009-04-24 09:02:16 0 d-----w- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-24 09:02:16 . 2009-04-24 09:01:33 0 d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-04-24 09:02:05 . 2009-04-24 09:02:05 0 d-----w- C:\Program Files\Bonjour
2009-04-24 09:01:20 . 2009-04-24 09:01:19 0 d-----w- C:\Program Files\Apple Software Update
2009-04-24 09:00:58 . 2009-04-24 09:00:58 0 d-----w- C:\Documents and Settings\All Users\Application Data\Apple
2009-04-24 08:59:57 . 2009-04-24 08:59:55 74302760 ----a-w- C:\Program Files\iTunesSetup.exe
2009-04-24 08:58:00 . 2009-04-24 08:58:00 73728 ----a-w- C:\Documents and Settings\gloria\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
2009-04-24 08:58:00 . 2009-04-24 08:58:00 499712 ----a-w- C:\Documents and Settings\gloria\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
2009-04-24 08:58:00 . 2009-04-24 08:58:00 348160 ----a-w- C:\Documents and Settings\gloria\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
2009-04-24 08:58:00 . 2009-04-24 08:58:00 102400 ----a-w- C:\Documents and Settings\gloria\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
2009-04-24 08:58:00 . 2009-04-24 08:57:59 8462336 ----a-w- C:\Documents and Settings\gloria\Application Data\LimeWire\browser\xulrunner\xul.dll
2009-04-24 08:29:15 . 2009-04-24 08:24:50 880560 ----a-w- C:\WINDOWS\system32\drivers\vetefile.sys
2009-04-24 08:29:15 . 2009-04-24 08:24:50 108368 ----a-w- C:\WINDOWS\system32\drivers\veteboot.sys
2009-04-24 08:24:59 . 2008-02-23 08:10:48 0 d-----w- C:\Program Files\CA
2009-04-24 08:24:55 . 2009-04-24 08:24:54 0 d-----w- C:\Program Files\Common Files\Scanner
2009-04-24 08:24:40 . 2009-04-24 08:24:40 0 d-----w- C:\Documents and Settings\All Users\Application Data\CA
2009-04-24 07:50:26 . 2009-04-24 07:50:20 80711192 ----a-w- C:\Program Files\iss_en_32.exe
2009-04-24 06:57:48 . 2009-04-24 06:57:48 0 d-----w- C:\Program Files\Microsoft ActiveSync
2009-04-24 06:52:34 . 2008-02-23 22:17:33 0 d-----w- C:\Program Files\OpenOffice.org 2.3
2009-04-24 06:51:54 . 2009-04-23 02:51:47 0 d-----w- C:\Documents and Settings\gloria\Application Data\OpenOffice.org2
2009-04-24 06:45:48 . 2009-04-24 06:45:48 0 d-----w- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-04-23 03:58:00 . 2009-04-23 03:57:38 0 d-----w- C:\Program Files\epson
2009-04-23 03:26:43 . 2008-02-23 22:12:11 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-04-23 03:26:37 . 2009-04-23 03:26:37 0 d-----w- C:\Program Files\AVG
2009-04-23 02:53:28 . 2009-04-23 02:53:28 1 ----a-w- C:\Documents and Settings\gloria\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-04-17 12:26:40 . 2008-02-23 20:40:48 1847168 ----a-w- C:\WINDOWS\system32\win32k.sys
2009-04-15 14:51:25 . 2008-02-23 20:40:45 585216 ----a-w- C:\WINDOWS\system32\rpcrt4.dll
2009-03-19 06:32:48 . 2009-04-24 09:02:31 23400 ----a-w- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2009-03-19 06:32:48 . 2009-03-19 06:32:48 23400 ----a-w- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
.

spaddz
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-11
OS OS : xp
Points Points : 27409
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pop ups

Post by spaddz on 12th June 2009, 12:27 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{155AF1C4-430E-9CD7-1A6E-721A433EA1CF}]
2009-06-03 19:19:28 155136 ----a-w- C:\Program Files\InternetExperienceEnhancer\InternetExperienceEnhancer.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="C:\Drivers\Time Clock\TCLOCKEX.EXE" [2000-03-08 14:15:18 89088]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-17 08:09:29 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2003-07-28 17:31:24 61440]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2003-07-18 04:27:06 147456]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-08-26 03:46:08 139264]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 16:43:00 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 16:43:00 81920]
"EPSON Stylus CX4100 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE" [2005-03-08 04:00:00 98304]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-05-22 01:38:18 181488]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-08-30 05:14:36 234736]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-28 00:52:52 771312]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-28 00:52:50 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-28 00:52:52 259312]
"Auto EPSON Stylus CX4100 Series on MCSPADDEN2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE" [2005-03-08 04:00:00 98304]
"\\MCSPADDEN2\EPSON Stylus CX4100 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE" [2005-03-08 04:00:00 98304]
"Auto EPSON Stylus CX4100 Series on MCSPADDEN2 (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE" [2005-03-08 04:00:00 98304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-05-26 07:18:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-05-30 02:30:26 292136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-06-11 10:02:44 148888]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 07:10:28 35696]
"nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2007-06-28 16:43:00 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-07-23 14:31:39 1377720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 04:30:00 79368 ----a-w- C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 KmxStart;KmxStart;C:\WINDOWS\system32\drivers\KmxStart.sys [19/03/2008 11:56:58 AM 93712]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\drivers\KmxAgent.sys [21/03/2008 4:00:06 PM 63504]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\drivers\KmxFile.sys [21/03/2008 4:00:06 PM 45584]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\drivers\KmxFw.sys [19/03/2008 11:56:58 AM 115216]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\drivers\KmxCF.sys [4/06/2008 12:27:44 PM 134648]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\drivers\KmxSbx.sys [21/03/2008 4:00:06 PM 66576]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [18/10/2007 11:24:46 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [18/10/2007 11:24:46 AM 801296]
R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [15/04/2008 12:50:44 PM 281104]
R2 WinDefend;Windows Defender;C:\Program Files\Windows Defender\MsMpEng.exe [3/11/2006 5:19:58 PM 13592]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\drivers\Amps2prt.sys [24/02/2008 6:42:35 AM 9728]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\drivers\KmxCfg.sys [30/05/2008 4:56:30 PM 88816]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [24/04/2009 6:24:54 PM 185584]
S2 gupdate1c9c3c1a329fe34;Google Update Service (gupdate1c9c3c1a329fe34);C:\Program Files\Google\Update\GoogleUpdate.exe [23/04/2009 1:14:38 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34:12 . 2008-07-30 02:34:12]

2009-05-25 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as gloria at 6 25 PM.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2009-04-24 08:24:54 . 2008-08-27 08:44:28]

2009-06-12 C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-23 03:14:38 . 2009-04-23 03:14:34]

2009-06-12 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 07:20:06 . 2006-11-03 07:20:06]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: C:\WINDOWS\system32\VetRedir.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
.

spaddz
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-11
OS OS : xp
Points Points : 27409
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pop ups

Post by spaddz on 12th June 2009, 12:28 pm

sorry again it would not fit into the one post

spaddz
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-11
OS OS : xp
Points Points : 27409
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pop ups

Post by Belahzur on 12th June 2009, 12:29 pm

It's okay.
Still getting popups? the logs look okay to me. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pop ups

Post by spaddz on 12th June 2009, 12:40 pm

the pop ups are still occuring?

spaddz
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-11
OS OS : xp
Points Points : 27409
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pop ups

Post by Belahzur on 12th June 2009, 12:46 pm

Okay, lets get an uninstall list and we'll see if my new suspect is present there.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pop ups

Post by spaddz on 12th June 2009, 12:48 pm

actually it hasnt rehappened..
i open and closed then re opened internet explorer 10 times and it hasnt occured yet..
thanks for your help.
if the problem reoccurs i will post here.
.cheers

spaddz
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-11
OS OS : xp
Points Points : 27409
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pop ups

Post by Belahzur on 12th June 2009, 12:50 pm

Weird.
I wonder if Combofix restored something to default during the run that was causing it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pop ups

Post by spaddz on 12th June 2009, 12:53 pm

i dunno ..
the thing i found wierd was that in the bottom right corner a little thing popped up and said this ad brought to you buy internet explorer.
hopefully its gone.

spaddz
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-11
OS OS : xp
Points Points : 27409
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pop ups

Post by spaddz on 12th June 2009, 12:53 pm

hold that thought.
smsbargain.net just popped up again

spaddz
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-11
OS OS : xp
Points Points : 27409
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pop ups

Post by Belahzur on 12th June 2009, 12:55 pm

Okay, get me an uninstall list like I asked. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pop ups

Post by spaddz on 12th June 2009, 1:02 pm

can u please resend the hijack this file
i cant locate it

spaddz
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-11
OS OS : xp
Points Points : 27409
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pop ups

Post by Belahzur on 12th June 2009, 1:11 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pop ups

Post by spaddz on 12th June 2009, 1:32 pm

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Apple Mobile Device Support
Apple Software Update
Bonjour
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Pest Patrol Realtime Protection
CA Website Inspector
Choice Guard
Critical Update for Windows Media Player 11 (KB959772)
DVD Suite
EPSON Printer Software
EPSON Scan
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iKeyWorks 6.16
InternetExperienceEnhancer
iTunes
iWheelWorks V7.42
Java(TM) 6 Update 14
Java(TM) 6 Update 2
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Card Reader
Nero 7 Essentials
neroxml
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
Picasa 3
PKR
PowerDVD
QuickTime
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
Skype™ 4.0
Spybot - Search & Destroy
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Windows Defender
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip
Xvid 1.1.2 final uninstall

spaddz
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-11
OS OS : xp
Points Points : 27409
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pop ups

Post by Belahzur on 12th June 2009, 1:44 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    InternetExperienceEnhancer
    Java(TM) 6 Update 2

Let me know if the popup stops, I suspect that IE Enhancer is causing it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum