 Many Popups Of Various Different Sites, popups of sites that seem similar to the one I am visting. |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.
To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.
  |
 Apr 6 2008, 03:55 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 6 Joined: 6-April 08 Member No.: 201,290  |
Here is a combofix log: ComboFix 08-04-06.1 - Amy 2008-04-06 16:28:27.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT -6:00] Running from: C:\Documents and Settings\Amy\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Amy\Application Data\YMBOLS~1 C:\Documents and Settings\Amy\Application Data\YMBOLS~1\?ymbols\ C:\Documents and Settings\Amy\Local Settings\Temporary Internet Files\CPV.stt C:\Documents and Settings\Amy\Start Menu\Programs\Outerinfo C:\Documents and Settings\Amy\Start Menu\Programs\Outerinfo\Terms.lnk C:\Documents and Settings\Amy\Start Menu\Programs\Outerinfo\Uninstall.lnk C:\Documents and Settings\Amy\Start Menu\Programs\Startup\Deewoo.lnk C:\Documents and Settings\Amy\Start Menu\Programs\Startup\DW_Start.lnk C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\CPV.stt C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe C:\Program Files\inetget2 C:\Program Files\JavaCore C:\Program Files\JavaCore\UnInstall.exe C:\Program Files\network monitor C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\Program Files\outerinfo\Terms.rtf C:\Program Files\Temporary C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\gbRve12 C:\Temp\gbRve12\csLioes.log C:\temp\tn3 C:\WINDOWS\Fonts\' C:\WINDOWS\QW15IEJyb2Rlcmljaw\ C:\WINDOWS\QW15IEJyb2Rlcmljaw\\kqYcKHLVvZl5wA53uT.vbs C:\WINDOWS\system32\aqVreo18 C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\system32\jllSAccf.ini C:\WINDOWS\system32\jllSAccf.ini2 C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\taskkill.exe C:\WINDOWS\system32\zxdnt3d.cfg C:\WINDOWS\uninstall_nmon.vbs C:\WINDOWS\ystem3~1 H:\Autorun.inf C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_NETWORK_MONITOR -------\Service_cmdService -------\Service_Network Monitor ((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))) . 2008-04-06 16:33 . 2008-04-06 16:33 <DIR> d-------- C:\temp\tn3 2008-04-06 12:34 . 2008-04-06 12:34 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-06 12:34 . 2008-04-06 12:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-06 12:24 . 2008-04-06 12:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-30 20:54 . 2008-03-30 20:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR 2008-03-30 20:52 . 2008-03-30 21:24 <DIR> d-------- C:\Program Files\nvcoi 2008-03-30 20:52 . 2008-04-01 20:39 <DIR> d-------- C:\Program Files\CPV 2008-03-30 20:52 . 2008-03-30 20:52 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-03-30 20:49 . 2008-03-30 20:50 934 --a------ C:\WINDOWS\system32\winpfz33.sys 2008-03-30 20:48 . 2008-03-31 01:23 <DIR> d-------- C:\WINDOWS\system32\xTmp 2008-03-30 20:48 . 2008-03-31 01:23 <DIR> d-------- C:\WINDOWS\system32\winz1 2008-03-30 20:48 . 2008-03-31 01:20 <DIR> d-------- C:\WINDOWS\system32\IDME 2008-03-30 20:48 . 2008-03-30 20:52 <DIR> d-------- C:\Program Files\FBrowserAdvisor 2008-03-30 20:48 . 2008-03-30 20:48 86,016 --a------ C:\WINDOWS\system32\drivers\wdf010000.sys 2008-03-30 20:48 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe 2008-03-30 20:48 . 2008-04-06 16:32 932 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk 2008-03-30 20:29 . 2008-03-30 20:39 349,372 --a------ C:\amt1 2008-03-30 20:29 . 2008-03-30 20:39 467 --a------ C:\WINDOWS\MP3trtg.ini 2008-03-30 20:27 . 2004-08-04 20:46 520,192 --a------ C:\WINDOWS\system32\wscma2u.exe 2008-03-30 20:27 . 2005-10-21 20:20 278,528 --a------ C:\WINDOWS\system32\ammpp.dll 2008-03-30 20:27 . 2005-10-18 11:14 144,896 --a------ C:\WINDOWS\system32\lame_dshow.ax 2008-03-30 20:27 . 2005-10-26 13:12 70,144 --a------ C:\WINDOWS\system32\AudioFileConvert.ocx 2008-03-30 20:27 . 2005-07-13 15:13 65,536 --a------ C:\WINDOWS\system32\a1.dll 2008-03-30 20:27 . 2005-09-18 13:17 61,440 --a------ C:\WINDOWS\system32\anming.ocx 2008-03-30 20:27 . 2005-10-26 13:12 3,772 --a------ C:\WINDOWS\system32\AudioFileConvert.tlb 2008-03-30 20:08 . 2008-03-30 20:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio 2008-03-30 20:08 . 2008-04-06 13:43 156 --a------ C:\WINDOWS\Twunk001.MTX 2008-03-30 20:08 . 2008-04-06 13:43 3 --a------ C:\WINDOWS\Twain001.Mtx 2008-03-30 20:08 . 2008-03-30 20:08 0 --a------ C:\WINDOWS\Twunk002.MTX 2008-03-30 18:58 . 2008-03-30 18:58 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\gnutella1 2008-03-30 18:57 . 2008-03-30 18:57 5,403 --a------ C:\Documents and Settings\Amy\Application Data\gnutella1.zip 2008-03-30 03:01 . 2008-03-30 03:01 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-03-30 03:01 . 2008-03-30 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-03-29 22:55 . 2008-03-30 20:25 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\Roxio 2008-03-29 22:50 . 2008-04-06 13:46 256 --a------ C:\WINDOWS\system32\pool.bin 2008-03-29 22:48 . 2008-03-29 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-03-29 22:47 . 2008-03-29 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic 2008-03-29 22:42 . 2008-03-29 22:45 <DIR> d-------- C:\Program Files\Roxio 2008-03-29 22:42 . 2008-03-29 22:47 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared 2008-03-29 22:42 . 2008-03-29 22:44 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared 2008-03-29 22:42 . 2008-03-29 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio 2008-03-29 21:27 . 2008-03-30 19:07 <DIR> d-------- C:\Program Files\LimeWire 2008-03-29 12:59 . 2008-03-29 12:59 <DIR> d-------- C:\Documents and Settings\Amy\Incomplete 2008-03-29 12:59 . 2008-04-04 14:03 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\LimeWire 2008-03-29 11:37 . 2008-03-29 11:37 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\Research In Motion 2008-03-29 11:37 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys 2008-03-29 11:36 . 2008-03-29 22:27 <DIR> d-------- C:\Program Files\Common Files\Research In Motion 2008-03-29 11:36 . 2008-03-29 22:50 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\Blackberry Desktop 2008-03-25 08:45 . 2008-03-31 11:50 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\AVGTOOLBAR 2008-03-25 08:45 . 2008-04-06 14:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-25 08:45 . 2008-03-25 08:45 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-24 20:17 . 2008-04-06 09:00 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-03-24 20:17 . 2008-03-29 11:44 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\AVGTOOLBAR 2008-03-24 20:17 . 2008-03-24 20:17 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-03-24 20:17 . 2008-03-24 20:17 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-03-24 20:17 . 2008-03-24 20:17 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys 2008-03-24 20:17 . 2008-03-24 20:17 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-03-24 20:14 . 2008-03-24 20:14 <DIR> d-------- C:\Program Files\AVG 2008-03-24 20:14 . 2008-03-30 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-03-24 20:14 . 2008-03-24 20:14 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll 2008-03-24 20:14 . 2008-03-24 20:14 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys 2008-03-19 08:35 . 2008-03-19 08:35 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\vlc 2008-03-19 08:21 . 2008-03-19 08:21 <DIR> d-------- C:\Documents and Settings\Paul\LimeWire Store Purchased 2008-03-19 08:19 . 2008-03-19 08:19 <DIR> d-------- C:\Documents and Settings\Paul\Incomplete 2008-03-19 08:18 . 2008-04-04 13:07 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\LimeWire 2008-03-18 22:22 . 2008-03-18 22:22 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\vlc 2008-03-18 22:22 . 2008-03-18 22:23 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\MozillaControl 2008-03-18 14:07 . 2008-03-18 14:07 37 --a------ C:\WINDOWS\cdplayer.ini 2008-03-18 08:06 . 2008-03-18 08:06 <DIR> d-------- C:\Program Files\Safari 2008-03-08 17:57 . 2008-03-08 17:57 <DIR> d-------- C:\Program Files\WhiskeyMilitia . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-06 19:43 --------- d-----w C:\Program Files\SteepAndCheap 2008-04-02 20:48 --------- d-----w C:\Program Files\Java 2008-04-01 00:15 --------- d-----w C:\Program Files\Bonjour 2008-04-01 00:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-31 03:19 --------- d-----w C:\Documents and Settings\Amy\Application Data\BitTorrent 2008-03-31 01:46 --------- d-----w C:\Documents and Settings\Amy\Application Data\Apple Computer 2008-03-30 04:42 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-25 02:27 --------- d-----w C:\Program Files\Yahoo! 2008-03-25 02:26 --------- d-----w C:\Program Files\Microsoft Works 2008-03-19 14:13 --------- d-----w C:\Documents and Settings\Paul\Application Data\Apple Computer 2008-03-12 09:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-03 15:23 --------- d-----w C:\Documents and Settings\Paul\Application Data\Logitech 2008-02-28 02:27 --------- d-----w C:\Documents and Settings\Amy\Application Data\Costco Photo Viewer US 2008-02-28 01:42 --------- d-----w C:\Documents and Settings\Amy\Application Data\Logitech 2008-02-28 01:37 --------- d-----w C:\Program Files\iPod 2008-02-28 01:35 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe 2008-02-28 01:35 --------- d-----w C:\Program Files\Logitech 2008-02-28 01:34 --------- d-----w C:\Program Files\QuickTime 2008-02-28 01:34 --------- d-----w C:\Program Files\Common Files\Logitech 2008-02-19 23:30 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-02-19 23:30 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2008-02-15 23:50 --------- d-----w C:\Program Files\Common Files\Motorola Shared 2008-02-15 23:38 --------- d-----w C:\Program Files\MagicISO 2008-02-13 00:40 --------- d-----w C:\Program Files\Hp 2008-02-13 00:37 --------- d-----w C:\Documents and Settings\Paul\Application Data\Yahoo! 2008-02-08 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-02-08 00:39 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-08 00:10 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-02-06 18:10 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-02-06 02:45 --------- d-----w C:\Documents and Settings\Amy\Application Data\OfficeUpdate12 2008-02-06 02:15 --------- d-----w C:\Program Files\MSBuild 2008-02-06 01:36 --------- d-----w C:\Program Files\Hewlett-Packard 2008-02-06 01:34 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2008-02-06 01:13 --------- d-----w C:\Documents and Settings\Amy\Application Data\Yahoo! 2008-02-06 00:57 --------- d-----w C:\Program Files\Common Files\Java 2008-02-06 00:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 2008-03-29 08:52 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-03-29 08:52 2051328] [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-03-29 08:52 2051328] [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-02-27 19:35 20480] "Tlkttmgq"="C:\WINDOWS\?ystem32\w?nword.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 22:00 315392] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 12:24 155648] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 12:11 114688] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 11:29 40960] "VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2003-03-17 12:52 1056768] "ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [2002-07-14 13:50 11406] "AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 13:59 88107 C:\WINDOWS\AGRSMMSG.exe] "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 01:01 155648] "VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 13:31 29696 C:\WINDOWS\KHALMNPR.Exe] "iTunesHelper"="H:\Amy iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-03-29 08:53 1177368] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 08:56 236016] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-27 19:35:56 450560] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-02-27 19:34:09 581632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqnoMF] awtqnoMF.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSVideo8"= VfWWDM32.dll "VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"= "C:\\Program Files\\BitTorrent\\BitTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "H:\\Amy iTunes\\iTunes.exe"= "H:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-03-24 20:17] R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 14:27] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-03-24 20:17] R1 wdf010000;wdf010000;C:\WINDOWS\system32\drivers\wdf010000.sys [2008-03-30 20:48] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-03-24 20:17] R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-03-24 20:17] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-03-24 20:17] R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-24 20:14] S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-24 20:14] S3 BioNT_BS;BioNT_BS;H:\Program Files\Paragon Software\Partition Manager 8.5 Professional\bluescrn\BioNT_bs.sys [2007-03-07 13:27] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56b55539-fa13-11dc-8c49-001060a5b440}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe . Contents of the 'Scheduled Tasks' folder "2008-04-01 13:01:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-06 16:34:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Logitech\SetPoint\lgscroll.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\WScript.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe c:\progra~1\Support.com\client\bin\tgcmd.exe . ************************************************************************** . Completion time: 2008-04-06 16:37:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-06 22:37:13 Pre-Run: 69,812,158,464 bytes free Post-Run: 70,715,527,168 bytes free . 2008-03-30 09:01:20 --- E O F --- This post has been edited by amyb: Apr 6 2008, 05:41 PM |
 |
 
|
|
Apr 6 2008, 07:37 PM
Post
#2
|
|
 The Bookworm Group: Moderator Posts: 6,390 Joined: 14-July 06 From: Bloomington, IN Member No.: 76,150 |
Hello amyb and welcome to BC
 Here at BC ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results. If needed, we will direct you to our HJT Preparation Guide. Thank you for using BleepingComputer as your malware removal source. This topic is now closed. The BC Staff -------------------- Orange Blossom An ounce of prevention is worth a pound of cure ESET NOD32, AVG Anti-spyware Free, SuperAntiSpyware Pro, SpywareBlaster, Spybot 1.5, WinPatrol Plus, Sunbelt Personal Firewall - Full, Comodo BOClean 4.27, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th January 2009 - 03:55 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.