Solved

Pop-up pages

Posted on 2007-11-22
11
578 Views
Last Modified: 2013-12-08
When I first start IE 7 another page with another site -Smileys, etc - appears as well.  I can't find how to stop these pop-up pages.
0
Comment
Question by:raycam48
11 Comments
 
LVL 2

Expert Comment

by:HiTechFail
ID: 20336000
That would be spyware. Do a spyware scan if you have protection, and also consider upgrading to firefox. Firefox is a much safer webbrowser and overall much better.

If you do not have protection, there is a lot of free software out there such as Spybot.

http://www.download.com/3000-8022_4-10743107.html
0
 
LVL 97

Accepted Solution

by:
war1 earned 75 total points
ID: 20336015
Hello raycam48,

If popups are coming from websites, and your popup blocker is not blocking them, then use Popup Stopper
http://www.panicware.com/product_psfree.html

If popups are coming from your computer,

1. If you have Windows Messenger Service, disable it.  The Messenger is the source of popups and virus.
http://www.itc.virginia.edu/desktop/docs/messagepopup/

2. Run Superantispyware
http://www.superantispyware.com/

3. You may have a variation of SmitFraud. Run SmitFraudFix to remove the banner
http://www.geekstogo.com/forum/index.php?showtopic=109268
OR
http://siri.geekstogo.com/SmitfraudFix.zip 

4. If no joy, download HijackThis

http://www.majorgeeks.com/download3155.html

Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/, click Analyze, Save, and post a link to the save analysis here.

Hope this helps!
war1
0
 

Author Comment

by:raycam48
ID: 20342320
Dear war1, Superantispyware and SmitFraud seem to have worked.  But I am going to wait some more days just to see whether the problem has been solved.  I removed one program which seemed to me to be controlling these urls, but am not sure that was the solution.  Just before writing this, when I logged in to this site, I got a small pop-up from Smileys.  Any idea?
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 50 total points
ID: 20342507
IF problem still persists,
Can you run Hijackthis and show us the log please?
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.


Also, download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Upload the log at EE-Stuff.com for us to check please.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
0
 

Author Comment

by:raycam48
ID: 20380519
Hi rpggamergirl: Thanks for your input.  Am enclosing the log file by Hijackthis. I could not find how to upload the file at EE-Stuff.com.  I hope it's okay.  My computer has been down for some days.

Logfile of HijackThis v1.99.1
Scan saved at 9:23:53 AM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PTBSync\PTBSync.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\CallMe\CallMe.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
c:\program files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PTBSync] C:\Program Files\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: CallMe.lnk = C:\Program Files\CallMe\CallMe.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20380863
You can also use the "Attach Code Snippet" to attach the log if that's easier, but don't worry, we can delete the log later.

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
The above is adware bundled with music playing software. I suggest, fixing that entry and uninstall "ContextTool" via add/remove programs and delete the "ContextTool" folder.


C:\Program Files\CallMe <-- did you install this application? PrevX and Castlecops don't seem to trust this file. If you didn't install it, uninstall it and delete its folder.


We'll also run Combofix and see if it finds any nasties.

Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Upload the log at EE-Stuff.com for us to check please.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Combofix will disconnect your internet connection while it's scanning and will restore connection when it's done.
0
 

Author Comment

by:raycam48
ID: 20402212
Am attaching the log delivered by Combofix, just in case.  The reason is that in the meantime I had to re-install Windows and now the problem seems to have gone away although I still have Pop-up blocker installed.  Thx.
ComboFix 07-11-19.4C - Raymcam 2007-11-30 13:45:33.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.214 [GMT 1:00]
Running from: C:\Documents and Settings\Raymcam\Desktop\ComboFix.exe
 * Created a new restore point
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\Documents and Settings\Raymcam\Application Data\addon.dat
C:\WINDOWS\system32\nse121.dll
 
.
(((((((((((((((((((((((((   Files Created from 2007-10-28 to 2007-11-30  )))))))))))))))))))))))))))))))
.
 
2007-11-30 11:48	<DIR>	d--------	C:\Program Files\Dcads Advanced Toolbar
2007-11-30 11:48	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Dcads Advanced Toolbar
2007-11-30 11:48	194,368	--a------	C:\WINDOWS\system32\dcadssuggest_uninstall.exe
2007-11-30 11:48	80,105	--a------	C:\WINDOWS\system32\dcads-remove.exe
2007-11-30 11:48	59,217	--a------	C:\WINDOWS\system32\Dcads_sidebar_uninstall.exe
2007-11-30 11:37	<DIR>	d--------	C:\Program Files\K-Lite Codec Pack
2007-11-30 11:35	<DIR>	d--------	C:\Program Files\NetSpy Protector
2007-11-30 11:33	<DIR>	d--------	C:\Program Files\Lavasoft Ad-Aware
2007-11-30 11:15	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Ashampoo
2007-11-30 11:13	<DIR>	d--------	C:\Program Files\Ashampoo
2007-11-30 11:13	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\ashampoo
2007-11-30 11:07	<DIR>	d--------	C:\WINDOWS\Profiles
2007-11-30 11:07	96,240	--a------	C:\WINDOWS\system32\HALOI___.TTF
2007-11-30 11:07	88,652	--a------	C:\WINDOWS\system32\INDEI___.TTF
2007-11-30 11:07	83,952	--a------	C:\WINDOWS\system32\HALOR___.TTF
2007-11-30 11:07	83,024	--a------	C:\WINDOWS\system32\INDEN___.TTF
2007-11-30 11:07	79,564	--a------	C:\WINDOWS\system32\VOLTAR__.TTF
2007-11-30 11:07	79,500	--a------	C:\WINDOWS\system32\VOLTATHR.TTF
2007-11-30 11:07	74,144	--a------	C:\WINDOWS\system32\AMAZR___.TTF
2007-11-30 11:07	70,340	--a------	C:\WINDOWS\system32\VIZIN___.TTF
2007-11-30 11:07	65,840	--a------	C:\WINDOWS\system32\JOT2I___.TTF
2007-11-30 11:07	65,268	--a------	C:\WINDOWS\system32\PARAI___.TTF
2007-11-30 11:07	63,908	--a------	C:\WINDOWS\system32\JOLTN___.TTF
2007-11-30 11:07	63,316	--a------	C:\WINDOWS\system32\CANDNI__.TTF
2007-11-30 11:07	62,960	--a------	C:\WINDOWS\system32\CANDNN__.TTF
2007-11-30 11:07	61,076	--a------	C:\WINDOWS\system32\RACEI___.TTF
2007-11-30 11:07	59,092	--a------	C:\WINDOWS\system32\RACEBI__.TTF
2007-11-30 11:07	57,584	--a------	C:\WINDOWS\system32\JOT2R___.TTF
2007-11-30 11:07	56,956	--a------	C:\WINDOWS\system32\CARLAR__.TTF
2007-11-30 11:07	54,620	--a------	C:\WINDOWS\system32\RACEN___.TTF
2007-11-30 11:07	53,740	--a------	C:\WINDOWS\system32\RACEB___.TTF
2007-11-30 11:06	<DIR>	d--------	C:\Program Files\Broderbund
2007-11-30 11:04	<DIR>	d--------	C:\Program Files\Shared Content
2007-11-30 11:04	65,156	--a------	C:\WINDOWS\system32\Willow__.ttf
2007-11-30 11:04	59,004	--a------	C:\WINDOWS\system32\Zelda___.ttf
2007-11-30 11:04	51,700	--a------	C:\WINDOWS\system32\Vogue___.ttf
2007-11-30 11:04	48,596	--a------	C:\WINDOWS\system32\Treasure.ttf
2007-11-30 11:04	48,424	--a------	C:\WINDOWS\system32\Tt0726m_.ttf
2007-11-30 11:04	47,976	--a------	C:\WINDOWS\system32\Zeldi___.ttf
2007-11-30 11:04	46,104	--a------	C:\WINDOWS\system32\Tt0519m_.ttf
2007-11-30 11:04	45,964	--a------	C:\WINDOWS\system32\Tribubol.ttf
2007-11-30 11:04	40,792	--a------	C:\WINDOWS\system32\Heather.ttf
2007-11-30 11:04	37,252	--a------	C:\WINDOWS\system32\Transist.ttf
2007-11-30 11:04	31,344	--a------	C:\WINDOWS\system32\Herald.ttf
2007-11-30 11:03	<DIR>	d--------	C:\Program Files\The Print Shop
2007-11-30 11:03	64,488	--a------	C:\WINDOWS\system32\Tt1040m_.ttf
2007-11-30 11:03	63,156	--a------	C:\WINDOWS\system32\Tt0109m_.ttf
2007-11-30 11:03	60,256	--a------	C:\WINDOWS\system32\Tt1001m_.ttf
2007-11-30 11:03	58,780	--a------	C:\WINDOWS\system32\Tt0329m_.ttf
2007-11-30 11:03	57,084	--a------	C:\WINDOWS\system32\Tt0331m_.ttf
2007-11-30 11:03	55,460	--a------	C:\WINDOWS\system32\Tt0328m_.ttf
2007-11-30 11:03	55,400	--a------	C:\WINDOWS\system32\Tt0330m_.ttf
2007-11-30 11:03	55,100	--a------	C:\WINDOWS\system32\Caesar.ttf
2007-11-30 11:03	53,340	--a------	C:\WINDOWS\system32\Chaucer.ttf
2007-11-30 11:03	50,772	--a------	C:\WINDOWS\system32\Tt0342m_.ttf
2007-11-30 11:03	40,120	--a------	C:\WINDOWS\system32\Calligra.ttf
2007-11-30 11:03	38,944	--a------	C:\WINDOWS\system32\Cezanne.ttf
2007-11-30 11:03	37,652	--a------	C:\WINDOWS\system32\Tt1027m_.ttf
2007-11-30 11:02	<DIR>	d--------	C:\Documents and Settings\Raymcam\WINDOWS
2007-11-30 11:02	298,496	--a------	C:\WINDOWS\uninst.exe
2007-11-30 09:37	<DIR>	d--------	C:\Program Files\Panicware
2007-11-30 08:42	3,026	--a------	C:\WINDOWS\system32\tmp.reg
2007-11-30 08:36	<DIR>	d--------	C:\WINDOWS\system32\CatRoot2
2007-11-29 22:56	282,624	--a------	C:\WINDOWS\system32\Dcads_sidebar.dll
2007-11-29 22:03	<DIR>	d--------	C:\Program Files\PlayMP3z
2007-11-29 21:32	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\LimeWire
2007-11-29 11:02	<DIR>	d--------	C:\Program Files\Common Files\Download Manager
2007-11-29 10:19	<DIR>	d--------	C:\Program Files\360Share Pro
2007-11-29 08:48	<DIR>	d--------	C:\Program Files\SUPERAntiSpyware
2007-11-29 08:48	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\SUPERAntiSpyware.com
2007-11-29 08:48	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-28 17:24	1,156	--a------	C:\WINDOWS\mozver.dat
2007-11-28 16:37	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Talkback
2007-11-28 16:36	0	--a------	C:\WINDOWS\nsreg.dat
2007-11-28 16:24	<DIR>	d--------	C:\Program Files\Sun
2007-11-28 16:24	<DIR>	d--------	C:\Program Files\Java
2007-11-28 16:24	<DIR>	d--------	C:\Program Files\Common Files\Java
2007-11-28 15:58	<DIR>	d--------	C:\WINDOWS\system32\runtime
2007-11-28 15:58	<DIR>	d--------	C:\Program Files\Picasa2
2007-11-28 15:57	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-28 14:38	<DIR>	d--------	C:\Program Files\MSXML 4.0
2007-11-28 14:33	<DIR>	d--------	C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-28 13:54	<DIR>	d--------	C:\Program Files\Common Files\Adobe
2007-11-28 10:22	<DIR>	d--------	C:\Program Files\Uniblue
2007-11-28 10:22	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Uniblue
2007-11-28 08:52	1,207,026		C:\Documents and Settings\Winrar 370 2007-11-28  08:52         1,207,026  Keygen\wrar370.exe
2007-11-28 08:35	<DIR>	d--------	C:\Program Files\UseNeXT
2007-11-28 08:35	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\UseNeXT
2007-11-27 19:27	<DIR>	d--h-----	C:\WINDOWS\msdownld.tmp
2007-11-27 17:43	327,680	--a------	C:\WINDOWS\system32\dcadssuggest.dll
2007-11-27 17:39	<DIR>	d---s----	C:\Program Files\PTBSync
2007-11-27 17:28	<DIR>	d--------	C:\Program Files\Spyware Doctor
2007-11-27 17:28	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\PC Tools
2007-11-27 17:28	626,688	--a------	C:\WINDOWS\system32\msvcr80.dll
2007-11-27 17:26	160,217	--a------	C:\WINDOWS\system32\PowerToysLicense.rtf
2007-11-27 17:18	<DIR>	d--------	C:\Program Files\Winamp
2007-11-27 17:18	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\Winamp
2007-11-27 17:07	<DIR>	d--------	C:\Program Files\TuneUp Utilities 2007
2007-11-27 17:07	<DIR>	d--------	C:\Documents and Settings\Raymcam\Application Data\TuneUp Software
2007-11-27 17:02	<DIR>	d--------	C:\Program Files\Stardock
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 12:39	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-11-30 10:48	40,731	----a-w	C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-28 13:43	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-27 16:39	3,567	----a-w	C:\WINDOWS\system32\drivers\ptbtalk.sys
2007-11-27 13:12	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-11-27 12:49	---------	d-----w	C:\Program Files\Windows Desktop Search
2007-11-27 12:49	---------	d-----w	C:\Documents and Settings\Raymcam\Application Data\Windows Desktop Search
2007-11-27 12:39	---------	d-----w	C:\Program Files\MSBuild
2007-11-27 12:39	---------	d-----w	C:\Program Files\Microsoft Works
2007-11-27 12:22	---------	d-----w	C:\Program Files\AMD
2007-11-27 12:21	---------	d-----w	C:\Program Files\Analog Devices
2007-11-27 12:08	---------	d-----w	C:\Program Files\microsoft frontpage
2007-10-17 23:16	79,688	----a-w	C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-17 23:16	29,000	----a-w	C:\WINDOWS\system32\drivers\kcom.sys
2007-10-17 23:15	62,280	----a-w	C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-17 23:14	41,288	----a-w	C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-28 12:42	2,790,976	----a-w	C:\WINDOWS\system32\GPhotos.scr
2007-08-21 06:15	683,520	----a-w	C:\WINDOWS\system32\inetcomm.dll
2007-05-29 13:06	1,207,026	----a-w	C:\Documents and Settings\Winrar 370 & Keygen\wrar370.exe
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-11-29 22:56	282624	--a------	C:\WINDOWS\system32\Dcads_sidebar.dll
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A}]
2007-11-27 17:43	327680	--a------	C:\WINDOWS\system32\dcadssuggest.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-27 15:25]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-27 16:08]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"PTBSync"="C:\Program Files\PTBSync\PTBSync.exe" [2007-11-27 17:39]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"RegistryMechanic"="" []
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-27 16:08]
 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-28 15:57:20]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-27 14:59:43]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]
 
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
			HDAShCut.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
			KHALMNPR.EXE
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
			C:\Program Files\Messenger\msmsgs.exe /background
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
			nwiz.exe /install
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 13:19	69632	--a------	C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
			C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2005-07-28 08:32	94208	---------	C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]
2005-08-22 09:10	69632	--a------	C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
 
R2 PortTalk;PortTalk;\??\C:\WINDOWS\system32\Drivers\PtbTalk.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
 
.
Contents of the 'Scheduled Tasks' folder
"2007-11-27 16:07:23 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
 
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 13:52:42
Windows 5.1.2600 Service Pack 2 NTFS
 
detected NTDLL code modification:
ZwClose
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully 
hidden files: 0 
 
**************************************************************************
.
Completion time: 2007-11-30 13:56:01 - machine was rebooted
.
	--- E O F ---

Open in new window

0
 

Author Comment

by:raycam48
ID: 20499528
I do not know what to say about this problem.  I got the most help from war1, and I think that he should collect the points.  I hope it's okay with all the others.
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 20499586
raycam48:
Was that combofix log produced before or after the re-install? I assume it is before as there is Malware present. Just want to make sure...
Dave
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20503864
Sorry to miss posting back, so problem is solved?

SUPERAntispyware and smitfraudfix wasn't much help because bad files are still showing in the combofix log.

If you have reformatted and reinstall then I assume all is well...
BUT if you only reinstalled without reformatting then there's a possibility nasties are still there because reinstalling won't remove viruses already in the system.

If you've reformatted/reinstall and problem is gone, I suggest you close this question and ask for a refund of your points.
A reinstall/reformat solution won't be much help for future database searchers.

0
 

Author Closing Comment

by:raycam48
ID: 31410594
I did not exactly solve the problem but have learned a lot.  Thanks.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Browser history files 3 54
How to quickly make up my portfolio? 4 47
Does video get better conversion rates? 2 45
Hide http port number 5 41
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question