Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Family Cyber Removal
Go to first new post Something is very wrong with pc it takes ...
Go to first new post How did you find PC CLEANER PRO on my c ...
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Missing Photos/Black Desktop/Phantom Use ...
Go to first new post Network, good; Internet, bad
Go to first new post Need Help
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Tag Cloud
access acer asus batch bios bsod crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard mouse network printer problem ram registry repair router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: malware infestation

Page 4 of 4 123 4
Reply  
Thread Tools
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
18-Nov-2009, 12:43 AM #46
Best remove that link please.

Is the pop ups is IE or FF or both?
Register for free to hide this ad!
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
18-Nov-2009, 12:44 AM #47
Ie8
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
18-Nov-2009, 12:47 AM #48
delete any version of Combofix that you may have and download the latest as below.

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/comb...o-use-combofix

Please reply with:-
  • Combofix log
  • New HJT log
__________________
Teacher - Malware Removal University - You too could train to help others

Topics not replied to within 3 days will be removed from my Subscribed Threads List
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
18-Nov-2009, 01:14 AM #49
ComboFix 09-11-18.04 - Owner 11/17/2009 22:56.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2053 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.
2009-11-17 16:05 . 2009-11-17 16:05 -------- d-----w- C:\rsit
2009-11-15 19:01 . 2009-11-15 19:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-15 18:13 . 2009-11-15 18:13 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-15 18:09 . 2009-11-15 22:38 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\avplgy
2009-11-12 15:46 . 2009-11-10 00:31 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-11-12 15:46 . 2009-11-10 00:31 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-11-12 15:46 . 2009-11-10 00:31 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-11-12 15:46 . 2009-10-31 15:47 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2009-11-12 15:46 . 2009-11-10 00:31 3963672 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-12 15:46 . 2009-10-31 15:48 496920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-10 19:03 . 2009-11-10 19:03 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-11-10 19:03 . 2009-11-10 19:03 -------- d-----w- c:\program files\DVDVideoSoft
2009-11-10 04:16 . 2009-11-10 04:16 -------- d-----w- c:\program files\Guitar Pro 5
2009-11-10 00:32 . 2009-10-31 15:48 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-11-10 00:31 . 2009-10-31 15:47 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-11-10 00:31 . 2009-10-31 15:47 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-09 02:26 . 2009-11-09 02:26 -------- d-----w- c:\documents and settings\Owner\Application Data\WinPatrol
2009-11-09 02:26 . 2009-10-01 22:41 0 ----a-w- c:\documents and settings\Owner\Application Data\WinPatrol\Config.sys
2009-11-09 02:26 . 2009-10-01 22:41 0 ----a-w- c:\documents and settings\Owner\Application Data\WinPatrol\Autoexec.bat
2009-11-09 02:26 . 2009-11-09 02:26 -------- d-----w- c:\program files\BillP Studios
2009-11-08 04:31 . 2009-11-08 04:31 -------- d-----w- c:\program files\ESET
2009-11-07 06:00 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 06:00 . 2009-11-07 06:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 06:00 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 22:40 . 2009-11-03 22:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Amazon
2009-11-03 22:39 . 2009-11-03 22:39 -------- d-----w- c:\program files\Amazon
2009-11-01 17:52 . 2009-11-01 17:52 -------- d-----w- c:\program files\Flip Video
2009-11-01 17:52 . 2009-11-01 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video
2009-10-31 15:48 . 2009-10-31 15:50 -------- d-----w- C:\$AVG
2009-10-31 15:47 . 2009-10-31 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-20 21:16 . 2009-10-20 21:16 -------- d-----w- c:\program files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-17 00:54 . 2009-10-04 21:00 -------- d-----w- c:\program files\Dl_cats
2009-11-10 00:31 . 2009-10-02 14:59 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-31 15:48 . 2009-10-02 14:58 -------- d-----w- c:\program files\AVG
2009-10-31 15:48 . 2009-10-02 14:59 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-31 15:48 . 2009-10-02 14:59 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-31 15:48 . 2009-10-02 14:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-30 22:55 . 2009-10-03 15:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-16 22:34 . 2009-10-02 14:54 156592 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 18:17 . 2009-10-15 18:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Iomega Automatic Backup
2009-10-15 17:56 . 2009-10-15 17:56 -------- d-----w- c:\program files\Iomega
2009-10-15 17:55 . 2009-10-02 16:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-11 21:28 . 2009-10-11 18:00 -------- d-----w- c:\program files\iDump (Freeware)
2009-10-09 16:47 . 2009-10-09 16:47 -------- d-----w- c:\program files\3ivx
2009-10-08 00:53 . 2009-10-08 00:53 -------- d-----w- c:\documents and settings\Owner\Application Data\DellFaxCtr
2009-10-07 01:16 . 2009-10-03 01:54 -------- d-----w- c:\program files\iTunes
2009-10-06 15:08 . 2009-10-02 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-05 00:01 . 2009-10-04 23:48 -------- d-----w- c:\program files\Microsoft Money Plus
2009-10-04 20:59 . 2009-10-04 20:52 -------- d-----w- c:\program files\Dell Photo AIO Printer 966
2009-10-04 20:57 . 2009-10-04 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-10-04 20:56 . 2009-10-04 20:56 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-10-04 20:55 . 2009-10-04 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-10-04 20:55 . 2009-10-04 20:54 -------- d-----w- c:\program files\Dell PC Fax
2009-10-04 20:54 . 2009-10-04 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DellFaxCtr
2009-10-04 20:36 . 2009-10-04 20:36 -------- d-----w- c:\program files\NETGEAR
2009-10-04 20:20 . 2009-10-01 22:42 -------- d-----w- c:\program files\microsoft frontpage
2009-10-04 20:11 . 2009-10-04 20:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2009-10-03 17:36 . 2009-10-03 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-10-03 17:35 . 2009-10-03 17:35 -------- d-----w- c:\program files\Common Files\Macromedia Shared
2009-10-03 17:35 . 2009-10-03 17:35 -------- d-----w- c:\program files\Common Files\Macromedia
2009-10-03 17:35 . 2009-10-03 17:34 -------- d-----w- c:\program files\Macromedia
2009-10-03 15:44 . 2009-10-03 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-10-03 15:42 . 2009-10-03 15:42 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-10-03 02:07 . 2009-10-03 01:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-03 02:07 . 2009-10-03 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-03 01:55 . 2009-10-03 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-03 01:54 . 2009-10-03 01:54 -------- d-----w- c:\program files\iPod
2009-10-03 01:54 . 2009-10-03 01:53 -------- d-----w- c:\program files\Common Files\Apple
2009-10-03 01:54 . 2009-10-03 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-03 01:54 . 2009-10-03 01:54 -------- d-----w- c:\program files\Bonjour
2009-10-03 01:54 . 2009-10-03 01:54 -------- d-----w- c:\program files\QuickTime
2009-10-03 01:53 . 2009-10-03 01:53 -------- d-----w- c:\program files\Apple Software Update
2009-10-03 01:31 . 2009-10-03 01:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-03 01:30 . 2009-10-03 01:30 -------- d-----w- c:\program files\Microsoft.NET
2009-10-02 16:20 . 2009-10-02 16:20 -------- d-----w- c:\program files\Analog Devices
2009-10-02 15:09 . 2009-10-02 15:09 -------- d-----w- c:\program files\MSXML 4.0
2009-10-02 14:59 . 2009-10-02 14:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Nero
2009-10-02 14:58 . 2009-10-02 14:56 -------- d-----w- c:\program files\Common Files\Nero
2009-10-02 14:56 . 2009-10-02 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-10-02 14:56 . 2009-10-02 14:56 -------- d-----w- c:\program files\Nero
2009-10-02 14:54 . 2009-10-02 14:54 -------- d-----w- c:\program files\Windows Defender
2009-10-02 14:53 . 2009-10-02 14:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-02 14:53 . 2009-10-02 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-02 14:53 . 2009-10-02 14:53 -------- d-----w- c:\program files\XP Codec Pack
2009-10-01 23:41 . 2009-10-01 23:41 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-01 23:08 . 2009-10-01 22:41 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-01 22:39 . 2009-10-01 22:39 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-01 15:29 . 2009-10-03 06:40 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-21 22:09 . 2009-09-21 22:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-08-29 00:42 . 2009-10-03 01:53 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-10-03 01:53 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Iomega Automatic Backup"="c:\program files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2007-06-29 312560]
"dlcqmon.exe"="c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe" [2007-06-29 292080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 966\memcard.exe" [2007-06-29 304368]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLCQCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll" [2006-10-16 106496]
"Iomega Automatic Backup 1.0.1"="c:\program files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-12 2020120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-10-3 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-31 15:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dlcqcoms.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"20001:UDP"= 20001:UDP:MicroSAN
R0 ZetSFD;ZetSFD;c:\windows\system32\drivers\ZetSFD.sys [10/4/2009 2:36 PM 12800]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/2/2009 8:59 AM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/2/2009 8:59 AM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/31/2009 9:47 AM 285392]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2009 12:00 AM 269648]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;c:\windows\system32\drivers\sfsz.sys [10/4/2009 2:36 PM 345984]
R2 Z-SANService;Z-SAN Service;c:\program files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [10/4/2009 2:36 PM 376891]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2009 12:00 AM 19160]
R3 ZetBus;Zetera Virtual Bus;c:\windows\system32\drivers\ZetBus.sys [10/4/2009 2:36 PM 15488]
R3 ZetMPD;ZetMPD;c:\windows\system32\drivers\ZetMPD.sys [10/4/2009 2:36 PM 5120]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [10/1/2009 5:25 PM 20160]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.SYS [10/27/2004 3:05 PM 22144]
S4 Imdflpp6cwnf;Imdflpp6cwnf; [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - IPFILTERDRIVER
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSERVICE
*Deregistered* - awwdrkob
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2009-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-11-17 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Owner.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-11-07 20:53]
2009-11-17 c:\windows\Tasks\Malwarebytes' Scheduled Update for Owner.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-11-07 20:53]
2009-11-17 c:\windows\Tasks\User_Feed_Synchronization-{5EB36B48-E061-4477-9395-25A423B004BD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.flashmobrocks.com/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-17 23:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCQCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16???? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ?????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys iomdisk.sys hal.dll >>UNKNOWN [0x8AB89170]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e6686
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e6686
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7439bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7446a21
SendHandler -> NDIS.sys @ 0xf742487b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(4260)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-17 23:12
ComboFix-quarantined-files.txt 2009-11-18 05:12
Pre-Run: 450,413,277,184 bytes free
Post-Run: 450,419,302,400 bytes free
- - End Of File - - D3D68F36915966C1826013968F77EF81
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
18-Nov-2009, 01:15 AM #50
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:07 PM, on 11/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flashmobrocks.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1254439577278
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
--
End of file - 9699 bytes
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
18-Nov-2009, 01:16 AM #51
I got a popup upon coming to this site after running combofix.
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
18-Nov-2009, 01:21 AM #52
I looked in my IE8 popup blocker settings. There's a list of a half dozen websites in the exceptions list that are clearly spam sites. Something called PopupMgr as well. I surely didn't add those.
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
18-Nov-2009, 02:19 AM #53
Quote:
I looked in my IE8 popup blocker settings. There's a list of a half dozen websites in the exceptions list that are clearly spam sites.
Remove them.
Quote:
Something called PopupMgr as well.
This doesn’t appear malware related. I have one too!

Please delete this folder

c:\documents and settings\Owner\Local Settings\Application Data\avplgy


Next Go start run type cmd and hit OK
type ipconfig /flushdns (that space between g and / is needed) then hit enter, type exit hit enter.

Reboot after the above and lets see what happens.
__________________
Teacher - Malware Removal University - You too could train to help others

Topics not replied to within 3 days will be removed from my Subscribed Threads List
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
20-Nov-2009, 12:08 AM #54
Well, it's been a full 24 hours without a popup, redirect or virus caught in AVG or MBAM.

I'm hoping the MBAM live protection module helps stop stuff at the door.
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
20-Nov-2009, 12:10 AM #55
Hopefully all will remain good

Let me know if you have any other problems.
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
20-Nov-2009, 12:14 AM #56
Thanks again for your help. I greatly appreciate it.
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
20-Nov-2009, 12:15 AM #57
No problem
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 4 of 4 123 4

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 03:24 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.