Link to home
Start Free TrialLog in
Avatar of raycam48
raycam48Flag for Malta

asked on

Pop-up pages

When I first start IE 7 another page with another site -Smileys, etc - appears as well.  I can't find how to stop these pop-up pages.
Avatar of HiTechFail
HiTechFail
Flag of United States of America image
That would be spyware. Do a spyware scan if you have protection, and also consider upgrading to firefox. Firefox is a much safer webbrowser and overall much better.

If you do not have protection, there is a lot of free software out there such as Spybot.

http://www.download.com/3000-8022_4-10743107.html
ASKER CERTIFIED SOLUTION
Avatar of war1
war1
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of raycam48
raycam48
Flag of Malta image

ASKER

Dear war1, Superantispyware and SmitFraud seem to have worked.  But I am going to wait some more days just to see whether the problem has been solved.  I removed one program which seemed to me to be controlling these urls, but am not sure that was the solution.  Just before writing this, when I logged in to this site, I got a small pop-up from Smileys.  Any idea?
SOLUTION
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of raycam48
raycam48
Flag of Malta image

ASKER

Hi rpggamergirl: Thanks for your input.  Am enclosing the log file by Hijackthis. I could not find how to upload the file at EE-Stuff.com.  I hope it's okay.  My computer has been down for some days.

Logfile of HijackThis v1.99.1
Scan saved at 9:23:53 AM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PTBSync\PTBSync.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\CallMe\CallMe.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
c:\program files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PTBSync] C:\Program Files\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: CallMe.lnk = C:\Program Files\CallMe\CallMe.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Avatar of rpggamergirl
rpggamergirl
Flag of Australia image
You can also use the "Attach Code Snippet" to attach the log if that's easier, but don't worry, we can delete the log later.

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
The above is adware bundled with music playing software. I suggest, fixing that entry and uninstall "ContextTool" via add/remove programs and delete the "ContextTool" folder.


C:\Program Files\CallMe <-- did you install this application? PrevX and Castlecops don't seem to trust this file. If you didn't install it, uninstall it and delete its folder.


We'll also run Combofix and see if it finds any nasties.

Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Upload the log at EE-Stuff.com for us to check please.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Combofix will disconnect your internet connection while it's scanning and will restore connection when it's done.
Avatar of raycam48
raycam48
Flag of Malta image

ASKER

Am attaching the log delivered by Combofix, just in case.  The reason is that in the meantime I had to re-install Windows and now the problem seems to have gone away although I still have Pop-up blocker installed.  Thx.
ComboFix 07-11-19.4C - Raymcam 2007-11-30 13:45:33.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.214 [GMT 1:00]
Running from: C:\Documents and Settings\Raymcam\Desktop\ComboFix.exe
 * Created a new restore point
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\Documents and Settings\Raymcam\Application Data\addon.dat
C:\WINDOWS\system32\nse121.dll
 
.
(((((((((((((((((((((((((   Files Created from 2007-10-28 to 2007-11-30  )))))))))))))))))))))))))))))))
.
 
2007-11-30 11:48	<DIR>	d--------	C:\Program Files\Dcads Advanced Toolbar
2007-11-30 11:48	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Dcads Advanced Toolbar
2007-11-30 11:48	194,368	--a------	C:\WINDOWS\system32\dcadssuggest_uninstall.exe
2007-11-30 11:48	80,105	--a------	C:\WINDOWS\system32\dcads-remove.exe
2007-11-30 11:48	59,217	--a------	C:\WINDOWS\system32\Dcads_sidebar_uninstall.exe
2007-11-30 11:37	<DIR>	d--------	C:\Program Files\K-Lite Codec Pack
2007-11-30 11:35	<DIR>	d--------	C:\Program Files\NetSpy Protector
2007-11-30 11:33	<DIR>	d--------	C:\Program Files\Lavasoft Ad-Aware
2007-11-30 11:15	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Ashampoo
2007-11-30 11:13	<DIR>	d--------	C:\Program Files\Ashampoo
2007-11-30 11:13	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\ashampoo
2007-11-30 11:07	<DIR>	d--------	C:\WINDOWS\Profiles
2007-11-30 11:07	96,240	--a------	C:\WINDOWS\system32\HALOI___.TTF
2007-11-30 11:07	88,652	--a------	C:\WINDOWS\system32\INDEI___.TTF
2007-11-30 11:07	83,952	--a------	C:\WINDOWS\system32\HALOR___.TTF
2007-11-30 11:07	83,024	--a------	C:\WINDOWS\system32\INDEN___.TTF
2007-11-30 11:07	79,564	--a------	C:\WINDOWS\system32\VOLTAR__.TTF
2007-11-30 11:07	79,500	--a------	C:\WINDOWS\system32\VOLTATHR.TTF
2007-11-30 11:07	74,144	--a------	C:\WINDOWS\system32\AMAZR___.TTF
2007-11-30 11:07	70,340	--a------	C:\WINDOWS\system32\VIZIN___.TTF
2007-11-30 11:07	65,840	--a------	C:\WINDOWS\system32\JOT2I___.TTF
2007-11-30 11:07	65,268	--a------	C:\WINDOWS\system32\PARAI___.TTF
2007-11-30 11:07	63,908	--a------	C:\WINDOWS\system32\JOLTN___.TTF
2007-11-30 11:07	63,316	--a------	C:\WINDOWS\system32\CANDNI__.TTF
2007-11-30 11:07	62,960	--a------	C:\WINDOWS\system32\CANDNN__.TTF
2007-11-30 11:07	61,076	--a------	C:\WINDOWS\system32\RACEI___.TTF
2007-11-30 11:07	59,092	--a------	C:\WINDOWS\system32\RACEBI__.TTF
2007-11-30 11:07	57,584	--a------	C:\WINDOWS\system32\JOT2R___.TTF
2007-11-30 11:07	56,956	--a------	C:\WINDOWS\system32\CARLAR__.TTF
2007-11-30 11:07	54,620	--a------	C:\WINDOWS\system32\RACEN___.TTF
2007-11-30 11:07	53,740	--a------	C:\WINDOWS\system32\RACEB___.TTF
2007-11-30 11:06	<DIR>	d--------	C:\Program Files\Broderbund
2007-11-30 11:04	<DIR>	d--------	C:\Program Files\Shared Content
2007-11-30 11:04	65,156	--a------	C:\WINDOWS\system32\Willow__.ttf
2007-11-30 11:04	59,004	--a------	C:\WINDOWS\system32\Zelda___.ttf
2007-11-30 11:04	51,700	--a------	C:\WINDOWS\system32\Vogue___.ttf
2007-11-30 11:04	48,596	--a------	C:\WINDOWS\system32\Treasure.ttf
2007-11-30 11:04	48,424	--a------	C:\WINDOWS\system32\Tt0726m_.ttf
2007-11-30 11:04	47,976	--a------	C:\WINDOWS\system32\Zeldi___.ttf
2007-11-30 11:04	46,104	--a------	C:\WINDOWS\system32\Tt0519m_.ttf
2007-11-30 11:04	45,964	--a------	C:\WINDOWS\system32\Tribubol.ttf
2007-11-30 11:04	40,792	--a------	C:\WINDOWS\system32\Heather.ttf
2007-11-30 11:04	37,252	--a------	C:\WINDOWS\system32\Transist.ttf
2007-11-30 11:04	31,344	--a------	C:\WINDOWS\system32\Herald.ttf
2007-11-30 11:03	<DIR>	d--------	C:\Program Files\The Print Shop
2007-11-30 11:03	64,488	--a------	C:\WINDOWS\system32\Tt1040m_.ttf
2007-11-30 11:03	63,156	--a------	C:\WINDOWS\system32\Tt0109m_.ttf
2007-11-30 11:03	60,256	--a------	C:\WINDOWS\system32\Tt1001m_.ttf
2007-11-30 11:03	58,780	--a------	C:\WINDOWS\system32\Tt0329m_.ttf
2007-11-30 11:03	57,084	--a------	C:\WINDOWS\system32\Tt0331m_.ttf
2007-11-30 11:03	55,460	--a------	C:\WINDOWS\system32\Tt0328m_.ttf
2007-11-30 11:03	55,400	--a------	C:\WINDOWS\system32\Tt0330m_.ttf
2007-11-30 11:03	55,100	--a------	C:\WINDOWS\system32\Caesar.ttf
2007-11-30 11:03	53,340	--a------	C:\WINDOWS\system32\Chaucer.ttf
2007-11-30 11:03	50,772	--a------	C:\WINDOWS\system32\Tt0342m_.ttf
2007-11-30 11:03	40,120	--a------	C:\WINDOWS\system32\Calligra.ttf
2007-11-30 11:03	38,944	--a------	C:\WINDOWS\system32\Cezanne.ttf
2007-11-30 11:03	37,652	--a------	C:\WINDOWS\system32\Tt1027m_.ttf
2007-11-30 11:02	<DIR>	d--------	C:\Documents and Settings\Raymcam\WINDOWS
2007-11-30 11:02	298,496	--a------	C:\WINDOWS\uninst.exe
2007-11-30 09:37	<DIR>	d--------	C:\Program Files\Panicware
2007-11-30 08:42	3,026	--a------	C:\WINDOWS\system32\tmp.reg
2007-11-30 08:36	<DIR>	d--------	C:\WINDOWS\system32\CatRoot2
2007-11-29 22:56	282,624	--a------	C:\WINDOWS\system32\Dcads_sidebar.dll
2007-11-29 22:03	<DIR>	d--------	C:\Program Files\PlayMP3z
2007-11-29 21:32	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\LimeWire
2007-11-29 11:02	<DIR>	d--------	C:\Program Files\Common Files\Download Manager
2007-11-29 10:19	<DIR>	d--------	C:\Program Files\360Share Pro
2007-11-29 08:48	<DIR>	d--------	C:\Program Files\SUPERAntiSpyware
2007-11-29 08:48	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\SUPERAntiSpyware.com
2007-11-29 08:48	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-28 17:24	1,156	--a------	C:\WINDOWS\mozver.dat
2007-11-28 16:37	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Talkback
2007-11-28 16:36	0	--a------	C:\WINDOWS\nsreg.dat
2007-11-28 16:24	<DIR>	d--------	C:\Program Files\Sun
2007-11-28 16:24	<DIR>	d--------	C:\Program Files\Java
2007-11-28 16:24	<DIR>	d--------	C:\Program Files\Common Files\Java
2007-11-28 15:58	<DIR>	d--------	C:\WINDOWS\system32\runtime
2007-11-28 15:58	<DIR>	d--------	C:\Program Files\Picasa2
2007-11-28 15:57	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-28 14:38	<DIR>	d--------	C:\Program Files\MSXML 4.0
2007-11-28 14:33	<DIR>	d--------	C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-28 13:54	<DIR>	d--------	C:\Program Files\Common Files\Adobe
2007-11-28 10:22	<DIR>	d--------	C:\Program Files\Uniblue
2007-11-28 10:22	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Uniblue
2007-11-28 08:52	1,207,026		C:\Documents and Settings\Winrar 370 2007-11-28  08:52         1,207,026  Keygen\wrar370.exe
2007-11-28 08:35	<DIR>	d--------	C:\Program Files\UseNeXT
2007-11-28 08:35	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\UseNeXT
2007-11-27 19:27	<DIR>	d--h-----	C:\WINDOWS\msdownld.tmp
2007-11-27 17:43	327,680	--a------	C:\WINDOWS\system32\dcadssuggest.dll
2007-11-27 17:39	<DIR>	d---s----	C:\Program Files\PTBSync
2007-11-27 17:28	<DIR>	d--------	C:\Program Files\Spyware Doctor
2007-11-27 17:28	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\PC Tools
2007-11-27 17:28	626,688	--a------	C:\WINDOWS\system32\msvcr80.dll
2007-11-27 17:26	160,217	--a------	C:\WINDOWS\system32\PowerToysLicense.rtf
2007-11-27 17:18	<DIR>	d--------	C:\Program Files\Winamp
2007-11-27 17:18	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Winamp
2007-11-27 17:07	<DIR>	d--------	C:\Program Files\TuneUp Utilities 2007
2007-11-27 17:07	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\TuneUp Software
2007-11-27 17:02	<DIR>	d--------	C:\Program Files\Stardock
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 12:39	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-11-30 10:48	40,731	----a-w	C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-28 13:43	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-27 16:39	3,567	----a-w	C:\WINDOWS\system32\drivers\ptbtalk.sys
2007-11-27 13:12	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-11-27 12:49	---------	d-----w	C:\Program Files\Windows Desktop Search
2007-11-27 12:49	---------	d-----w	C:\Documents and Settings\Raymcam\Application Data\Windows Desktop Search
2007-11-27 12:39	---------	d-----w	C:\Program Files\MSBuild
2007-11-27 12:39	---------	d-----w	C:\Program Files\Microsoft Works
2007-11-27 12:22	---------	d-----w	C:\Program Files\AMD
2007-11-27 12:21	---------	d-----w	C:\Program Files\Analog Devices
2007-11-27 12:08	---------	d-----w	C:\Program Files\microsoft frontpage
2007-10-17 23:16	79,688	----a-w	C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-17 23:16	29,000	----a-w	C:\WINDOWS\system32\drivers\kcom.sys
2007-10-17 23:15	62,280	----a-w	C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-17 23:14	41,288	----a-w	C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-28 12:42	2,790,976	----a-w	C:\WINDOWS\system32\GPhotos.scr
2007-08-21 06:15	683,520	----a-w	C:\WINDOWS\system32\inetcomm.dll
2007-05-29 13:06	1,207,026	----a-w	C:\Documents and Settings\Winrar 370 & Keygen\wrar370.exe
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-11-29 22:56	282624	--a------	C:\WINDOWS\system32\Dcads_sidebar.dll
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A}]
2007-11-27 17:43	327680	--a------	C:\WINDOWS\system32\dcadssuggest.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-27 15:25]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-27 16:08]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"PTBSync"="C:\Program Files\PTBSync\PTBSync.exe" [2007-11-27 17:39]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"RegistryMechanic"="" []
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-27 16:08]
 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-28 15:57:20]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-27 14:59:43]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]
 
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
			HDAShCut.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
			KHALMNPR.EXE
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
			C:\Program Files\Messenger\msmsgs.exe /background
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
			nwiz.exe /install
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 13:19	69632	--a------	C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
			C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2005-07-28 08:32	94208	---------	C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]
2005-08-22 09:10	69632	--a------	C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
 
R2 PortTalk;PortTalk;\??\C:\WINDOWS\system32\Drivers\PtbTalk.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
 
.
Contents of the 'Scheduled Tasks' folder
"2007-11-27 16:07:23 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
 
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 13:52:42
Windows 5.1.2600 Service Pack 2 NTFS
 
detected NTDLL code modification:
ZwClose
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully 
hidden files: 0 
 
**************************************************************************
.
Completion time: 2007-11-30 13:56:01 - machine was rebooted
.
	--- E O F ---

Open in new window

Avatar of raycam48
raycam48
Flag of Malta image

ASKER

I do not know what to say about this problem.  I got the most help from war1, and I think that he should collect the points.  I hope it's okay with all the others.
Avatar of IndiGenus
IndiGenus
Flag of United States of America image
raycam48:
Was that combofix log produced before or after the re-install? I assume it is before as there is Malware present. Just want to make sure...
Dave
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image
Sorry to miss posting back, so problem is solved?

SUPERAntispyware and smitfraudfix wasn't much help because bad files are still showing in the combofix log.

If you have reformatted and reinstall then I assume all is well...
BUT if you only reinstalled without reformatting then there's a possibility nasties are still there because reinstalling won't remove viruses already in the system.

If you've reformatted/reinstall and problem is gone, I suggest you close this question and ask for a refund of your points.
A reinstall/reformat solution won't be much help for future database searchers.

Avatar of raycam48
raycam48
Flag of Malta image

ASKER

I did not exactly solve the problem but have learned a lot.  Thanks.