Solved

Pop-up pages

Posted on 2007-11-22
11
576 Views
Last Modified: 2013-12-08
When I first start IE 7 another page with another site -Smileys, etc - appears as well.  I can't find how to stop these pop-up pages.
0
Comment
Question by:raycam48
11 Comments
 
LVL 2

Expert Comment

by:HiTechFail
Comment Utility
That would be spyware. Do a spyware scan if you have protection, and also consider upgrading to firefox. Firefox is a much safer webbrowser and overall much better.

If you do not have protection, there is a lot of free software out there such as Spybot.

http://www.download.com/3000-8022_4-10743107.html
0
 
LVL 97

Accepted Solution

by:
war1 earned 75 total points
Comment Utility
Hello raycam48,

If popups are coming from websites, and your popup blocker is not blocking them, then use Popup Stopper
http://www.panicware.com/product_psfree.html

If popups are coming from your computer,

1. If you have Windows Messenger Service, disable it.  The Messenger is the source of popups and virus.
http://www.itc.virginia.edu/desktop/docs/messagepopup/

2. Run Superantispyware
http://www.superantispyware.com/

3. You may have a variation of SmitFraud. Run SmitFraudFix to remove the banner
http://www.geekstogo.com/forum/index.php?showtopic=109268
OR
http://siri.geekstogo.com/SmitfraudFix.zip  

4. If no joy, download HijackThis

http://www.majorgeeks.com/download3155.html

Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/, click Analyze, Save, and post a link to the save analysis here.

Hope this helps!
war1
0
 

Author Comment

by:raycam48
Comment Utility
Dear war1, Superantispyware and SmitFraud seem to have worked.  But I am going to wait some more days just to see whether the problem has been solved.  I removed one program which seemed to me to be controlling these urls, but am not sure that was the solution.  Just before writing this, when I logged in to this site, I got a small pop-up from Smileys.  Any idea?
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 50 total points
Comment Utility
IF problem still persists,
Can you run Hijackthis and show us the log please?
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.


Also, download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Upload the log at EE-Stuff.com for us to check please.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
0
 

Author Comment

by:raycam48
Comment Utility
Hi rpggamergirl: Thanks for your input.  Am enclosing the log file by Hijackthis. I could not find how to upload the file at EE-Stuff.com.  I hope it's okay.  My computer has been down for some days.

Logfile of HijackThis v1.99.1
Scan saved at 9:23:53 AM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PTBSync\PTBSync.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\CallMe\CallMe.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
c:\program files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PTBSync] C:\Program Files\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: CallMe.lnk = C:\Program Files\CallMe\CallMe.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
You can also use the "Attach Code Snippet" to attach the log if that's easier, but don't worry, we can delete the log later.

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
The above is adware bundled with music playing software. I suggest, fixing that entry and uninstall "ContextTool" via add/remove programs and delete the "ContextTool" folder.


C:\Program Files\CallMe <-- did you install this application? PrevX and Castlecops don't seem to trust this file. If you didn't install it, uninstall it and delete its folder.


We'll also run Combofix and see if it finds any nasties.

Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Upload the log at EE-Stuff.com for us to check please.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Combofix will disconnect your internet connection while it's scanning and will restore connection when it's done.
0
 

Author Comment

by:raycam48
Comment Utility
Am attaching the log delivered by Combofix, just in case.  The reason is that in the meantime I had to re-install Windows and now the problem seems to have gone away although I still have Pop-up blocker installed.  Thx.
ComboFix 07-11-19.4C - Raymcam 2007-11-30 13:45:33.1 - NTFSx86

Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.214 [GMT 1:00]

Running from: C:\Documents and Settings\Raymcam\Desktop\ComboFix.exe

 * Created a new restore point

.
 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

C:\Documents and Settings\Raymcam\Application Data\addon.dat

C:\WINDOWS\system32\nse121.dll
 

.

(((((((((((((((((((((((((   Files Created from 2007-10-28 to 2007-11-30  )))))))))))))))))))))))))))))))

.
 

2007-11-30 11:48	<DIR>	d--------	C:\Program Files\Dcads Advanced Toolbar

2007-11-30 11:48	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Dcads Advanced Toolbar

2007-11-30 11:48	194,368	--a------	C:\WINDOWS\system32\dcadssuggest_uninstall.exe

2007-11-30 11:48	80,105	--a------	C:\WINDOWS\system32\dcads-remove.exe

2007-11-30 11:48	59,217	--a------	C:\WINDOWS\system32\Dcads_sidebar_uninstall.exe

2007-11-30 11:37	<DIR>	d--------	C:\Program Files\K-Lite Codec Pack

2007-11-30 11:35	<DIR>	d--------	C:\Program Files\NetSpy Protector

2007-11-30 11:33	<DIR>	d--------	C:\Program Files\Lavasoft Ad-Aware

2007-11-30 11:15	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Ashampoo

2007-11-30 11:13	<DIR>	d--------	C:\Program Files\Ashampoo

2007-11-30 11:13	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\ashampoo

2007-11-30 11:07	<DIR>	d--------	C:\WINDOWS\Profiles

2007-11-30 11:07	96,240	--a------	C:\WINDOWS\system32\HALOI___.TTF

2007-11-30 11:07	88,652	--a------	C:\WINDOWS\system32\INDEI___.TTF

2007-11-30 11:07	83,952	--a------	C:\WINDOWS\system32\HALOR___.TTF

2007-11-30 11:07	83,024	--a------	C:\WINDOWS\system32\INDEN___.TTF

2007-11-30 11:07	79,564	--a------	C:\WINDOWS\system32\VOLTAR__.TTF

2007-11-30 11:07	79,500	--a------	C:\WINDOWS\system32\VOLTATHR.TTF

2007-11-30 11:07	74,144	--a------	C:\WINDOWS\system32\AMAZR___.TTF

2007-11-30 11:07	70,340	--a------	C:\WINDOWS\system32\VIZIN___.TTF

2007-11-30 11:07	65,840	--a------	C:\WINDOWS\system32\JOT2I___.TTF

2007-11-30 11:07	65,268	--a------	C:\WINDOWS\system32\PARAI___.TTF

2007-11-30 11:07	63,908	--a------	C:\WINDOWS\system32\JOLTN___.TTF

2007-11-30 11:07	63,316	--a------	C:\WINDOWS\system32\CANDNI__.TTF

2007-11-30 11:07	62,960	--a------	C:\WINDOWS\system32\CANDNN__.TTF

2007-11-30 11:07	61,076	--a------	C:\WINDOWS\system32\RACEI___.TTF

2007-11-30 11:07	59,092	--a------	C:\WINDOWS\system32\RACEBI__.TTF

2007-11-30 11:07	57,584	--a------	C:\WINDOWS\system32\JOT2R___.TTF

2007-11-30 11:07	56,956	--a------	C:\WINDOWS\system32\CARLAR__.TTF

2007-11-30 11:07	54,620	--a------	C:\WINDOWS\system32\RACEN___.TTF

2007-11-30 11:07	53,740	--a------	C:\WINDOWS\system32\RACEB___.TTF

2007-11-30 11:06	<DIR>	d--------	C:\Program Files\Broderbund

2007-11-30 11:04	<DIR>	d--------	C:\Program Files\Shared Content

2007-11-30 11:04	65,156	--a------	C:\WINDOWS\system32\Willow__.ttf

2007-11-30 11:04	59,004	--a------	C:\WINDOWS\system32\Zelda___.ttf

2007-11-30 11:04	51,700	--a------	C:\WINDOWS\system32\Vogue___.ttf

2007-11-30 11:04	48,596	--a------	C:\WINDOWS\system32\Treasure.ttf

2007-11-30 11:04	48,424	--a------	C:\WINDOWS\system32\Tt0726m_.ttf

2007-11-30 11:04	47,976	--a------	C:\WINDOWS\system32\Zeldi___.ttf

2007-11-30 11:04	46,104	--a------	C:\WINDOWS\system32\Tt0519m_.ttf

2007-11-30 11:04	45,964	--a------	C:\WINDOWS\system32\Tribubol.ttf

2007-11-30 11:04	40,792	--a------	C:\WINDOWS\system32\Heather.ttf

2007-11-30 11:04	37,252	--a------	C:\WINDOWS\system32\Transist.ttf

2007-11-30 11:04	31,344	--a------	C:\WINDOWS\system32\Herald.ttf

2007-11-30 11:03	<DIR>	d--------	C:\Program Files\The Print Shop

2007-11-30 11:03	64,488	--a------	C:\WINDOWS\system32\Tt1040m_.ttf

2007-11-30 11:03	63,156	--a------	C:\WINDOWS\system32\Tt0109m_.ttf

2007-11-30 11:03	60,256	--a------	C:\WINDOWS\system32\Tt1001m_.ttf

2007-11-30 11:03	58,780	--a------	C:\WINDOWS\system32\Tt0329m_.ttf

2007-11-30 11:03	57,084	--a------	C:\WINDOWS\system32\Tt0331m_.ttf

2007-11-30 11:03	55,460	--a------	C:\WINDOWS\system32\Tt0328m_.ttf

2007-11-30 11:03	55,400	--a------	C:\WINDOWS\system32\Tt0330m_.ttf

2007-11-30 11:03	55,100	--a------	C:\WINDOWS\system32\Caesar.ttf

2007-11-30 11:03	53,340	--a------	C:\WINDOWS\system32\Chaucer.ttf

2007-11-30 11:03	50,772	--a------	C:\WINDOWS\system32\Tt0342m_.ttf

2007-11-30 11:03	40,120	--a------	C:\WINDOWS\system32\Calligra.ttf

2007-11-30 11:03	38,944	--a------	C:\WINDOWS\system32\Cezanne.ttf

2007-11-30 11:03	37,652	--a------	C:\WINDOWS\system32\Tt1027m_.ttf

2007-11-30 11:02	<DIR>	d--------	C:\Documents and Settings\Raymcam\WINDOWS

2007-11-30 11:02	298,496	--a------	C:\WINDOWS\uninst.exe

2007-11-30 09:37	<DIR>	d--------	C:\Program Files\Panicware

2007-11-30 08:42	3,026	--a------	C:\WINDOWS\system32\tmp.reg

2007-11-30 08:36	<DIR>	d--------	C:\WINDOWS\system32\CatRoot2

2007-11-29 22:56	282,624	--a------	C:\WINDOWS\system32\Dcads_sidebar.dll

2007-11-29 22:03	<DIR>	d--------	C:\Program Files\PlayMP3z

2007-11-29 21:32	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\LimeWire

2007-11-29 11:02	<DIR>	d--------	C:\Program Files\Common Files\Download Manager

2007-11-29 10:19	<DIR>	d--------	C:\Program Files\360Share Pro

2007-11-29 08:48	<DIR>	d--------	C:\Program Files\SUPERAntiSpyware

2007-11-29 08:48	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\SUPERAntiSpyware.com

2007-11-29 08:48	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2007-11-28 17:24	1,156	--a------	C:\WINDOWS\mozver.dat

2007-11-28 16:37	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Talkback

2007-11-28 16:36	0	--a------	C:\WINDOWS\nsreg.dat

2007-11-28 16:24	<DIR>	d--------	C:\Program Files\Sun

2007-11-28 16:24	<DIR>	d--------	C:\Program Files\Java

2007-11-28 16:24	<DIR>	d--------	C:\Program Files\Common Files\Java

2007-11-28 15:58	<DIR>	d--------	C:\WINDOWS\system32\runtime

2007-11-28 15:58	<DIR>	d--------	C:\Program Files\Picasa2

2007-11-28 15:57	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Google Updater

2007-11-28 14:38	<DIR>	d--------	C:\Program Files\MSXML 4.0

2007-11-28 14:33	<DIR>	d--------	C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-11-28 13:54	<DIR>	d--------	C:\Program Files\Common Files\Adobe

2007-11-28 10:22	<DIR>	d--------	C:\Program Files\Uniblue

2007-11-28 10:22	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Uniblue

2007-11-28 08:52	1,207,026		C:\Documents and Settings\Winrar 370 2007-11-28  08:52         1,207,026  Keygen\wrar370.exe

2007-11-28 08:35	<DIR>	d--------	C:\Program Files\UseNeXT

2007-11-28 08:35	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\UseNeXT

2007-11-27 19:27	<DIR>	d--h-----	C:\WINDOWS\msdownld.tmp

2007-11-27 17:43	327,680	--a------	C:\WINDOWS\system32\dcadssuggest.dll

2007-11-27 17:39	<DIR>	d---s----	C:\Program Files\PTBSync

2007-11-27 17:28	<DIR>	d--------	C:\Program Files\Spyware Doctor

2007-11-27 17:28	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\PC Tools

2007-11-27 17:28	626,688	--a------	C:\WINDOWS\system32\msvcr80.dll

2007-11-27 17:26	160,217	--a------	C:\WINDOWS\system32\PowerToysLicense.rtf

2007-11-27 17:18	<DIR>	d--------	C:\Program Files\Winamp

2007-11-27 17:18	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Winamp

2007-11-27 17:07	<DIR>	d--------	C:\Program Files\TuneUp Utilities 2007

2007-11-27 17:07	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\TuneUp Software

2007-11-27 17:02	<DIR>	d--------	C:\Program Files\Stardock
 

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-30 12:39	---------	d--h--w	C:\Program Files\InstallShield Installation Information

2007-11-30 10:48	40,731	----a-w	C:\WINDOWS\system32\superiorads-uninst.exe

2007-11-28 13:43	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help

2007-11-27 16:39	3,567	----a-w	C:\WINDOWS\system32\drivers\ptbtalk.sys

2007-11-27 13:12	---------	d-----w	C:\Program Files\Common Files\InstallShield

2007-11-27 12:49	---------	d-----w	C:\Program Files\Windows Desktop Search

2007-11-27 12:49	---------	d-----w	C:\Documents and Settings\Raymcam\Application Data\Windows Desktop Search

2007-11-27 12:39	---------	d-----w	C:\Program Files\MSBuild

2007-11-27 12:39	---------	d-----w	C:\Program Files\Microsoft Works

2007-11-27 12:22	---------	d-----w	C:\Program Files\AMD

2007-11-27 12:21	---------	d-----w	C:\Program Files\Analog Devices

2007-11-27 12:08	---------	d-----w	C:\Program Files\microsoft frontpage

2007-10-17 23:16	79,688	----a-w	C:\WINDOWS\system32\drivers\iksyssec.sys

2007-10-17 23:16	29,000	----a-w	C:\WINDOWS\system32\drivers\kcom.sys

2007-10-17 23:15	62,280	----a-w	C:\WINDOWS\system32\drivers\iksysflt.sys

2007-10-17 23:14	41,288	----a-w	C:\WINDOWS\system32\drivers\ikfilesec.sys

2007-09-28 12:42	2,790,976	----a-w	C:\WINDOWS\system32\GPhotos.scr

2007-08-21 06:15	683,520	----a-w	C:\WINDOWS\system32\inetcomm.dll

2007-05-29 13:06	1,207,026	----a-w	C:\Documents and Settings\Winrar 370 & Keygen\wrar370.exe

.
 

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]

2007-11-29 22:56	282624	--a------	C:\WINDOWS\system32\Dcads_sidebar.dll
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A}]

2007-11-27 17:43	327680	--a------	C:\WINDOWS\system32\dcadssuggest.dll
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-27 15:25]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-27 16:08]

"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]

"PTBSync"="C:\Program Files\PTBSync\PTBSync.exe" [2007-11-27 17:39]

"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"RegistryMechanic"="" []
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-27 16:08]
 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-28 15:57:20]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-27 14:59:43]

Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]
 

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Notification Packages"= scecli scecli
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

			HDAShCut.exe

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

			KHALMNPR.EXE

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

			C:\Program Files\Messenger\msmsgs.exe /background

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

			nwiz.exe /install

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]

2006-03-21 13:19	69632	--a------	C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

			C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]

2005-07-28 08:32	94208	---------	C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]

2005-08-22 09:10	69632	--a------	C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
 

R2 PortTalk;PortTalk;\??\C:\WINDOWS\system32\Drivers\PtbTalk.sys

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs

R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp
 

.

Contents of the 'Scheduled Tasks' folder

"2007-11-27 16:07:23 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

.

**************************************************************************
 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-30 13:52:42

Windows 5.1.2600 Service Pack 2 NTFS
 

detected NTDLL code modification:

ZwClose
 

scanning hidden processes ... 
 

scanning hidden autostart entries ...
 

scanning hidden files ... 
 

scan completed successfully 

hidden files: 0 
 

**************************************************************************

.

Completion time: 2007-11-30 13:56:01 - machine was rebooted

.

	--- E O F ---

Open in new window

0
 

Author Comment

by:raycam48
Comment Utility
I do not know what to say about this problem.  I got the most help from war1, and I think that he should collect the points.  I hope it's okay with all the others.
0
 
LVL 20

Expert Comment

by:IndiGenus
Comment Utility
raycam48:
Was that combofix log produced before or after the re-install? I assume it is before as there is Malware present. Just want to make sure...
Dave
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
Sorry to miss posting back, so problem is solved?

SUPERAntispyware and smitfraudfix wasn't much help because bad files are still showing in the combofix log.

If you have reformatted and reinstall then I assume all is well...
BUT if you only reinstalled without reformatting then there's a possibility nasties are still there because reinstalling won't remove viruses already in the system.

If you've reformatted/reinstall and problem is gone, I suggest you close this question and ask for a refund of your points.
A reinstall/reformat solution won't be much help for future database searchers.

0
 

Author Closing Comment

by:raycam48
Comment Utility
I did not exactly solve the problem but have learned a lot.  Thanks.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Read about why website design really matters in today's demanding market.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now