Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Frequent Popups During Browsing


  • Please log in to reply
1 reply to this topic

#1 design.moorehead

design.moorehead

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 06 April 2008 - 11:13 AM

I started getting these popups about a week and a half ago, and ran the gauntlet of free program scanners which usually fix something like this for me. These popups are more persistent though. The only thing I can tell you about this that might help was finding "clickpoint" installed in my program files folder. I removed it through add/remove programs and never saw it again.
Oh, and every time a popup appears I get a blank internet explorer browser window, then the ad comes up in firefox(my default browser).

All scanners I use are coming up clean now, though now and again Kapersky pops up with a dialog box telling me a trojan was attempting to transfer data of some kind. I'll look for the error message again if it comes up and come back to post it.

I ran dss.exe like the stickied topic told me to but I lost extra.txt in a wave of popups and running dss again won't bring it back up. I do have main.txt however.

Here is my log:


Deckard's System Scanner v20071014.68
Run by default on 2008-04-06 12:12:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 77% (more than 75%).


-- HijackThis (run as default.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:50 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\default\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\default.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Dell Home - {63D9F689-FA15-4ECF-91BC-C4D0734E14EA} - http://www.dellnet.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .ipp: C:\PROGRA~1\INTERN~1\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\PROGRA~1\INTERN~1\Plugins\npimth32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1192908875063
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A022AB6-715E-4DD9-915F-1579B6314984}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A022AB6-715E-4DD9-915F-1579B6314984}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A022AB6-715E-4DD9-915F-1579B6314984}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 2: (no name) - (no file)

--
End of file - 5647 bytes

-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-05 22:12:20 0 d-------- C:\Documents and Settings\default\Application Data\Uniblue
2008-04-05 20:20:23 2382 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-05 20:19:33 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-05 20:19:33 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-05 20:19:33 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-05 20:19:33 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-05 20:19:33 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-05 20:19:33 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-05 20:19:33 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-05 18:58:01 0 d-------- C:\Documents and Settings\default\Application Data\GlarySoft
2008-04-05 18:46:01 0 d-------- C:\Program Files\Glary Utilities
2008-04-05 13:42:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-05 13:42:23 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-05 13:42:23 0 d-------- C:\Documents and Settings\default\Application Data\SUPERAntiSpyware.com
2008-04-05 13:41:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 13:19:59 0 d-------- C:\Documents and Settings\default\Application Data\Google
2008-04-05 13:19:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-04 23:01:15 0 d-------- C:\Program Files\Panda Security
2008-04-02 23:19:48 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-02 23:19:43 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-02 23:10:11 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-02 23:10:11 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-02 23:10:10 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-02 23:10:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-02 23:05:23 0 d-------- C:\kav
2008-04-02 12:50:30 0 d--hs---- C:\FOUND.005
2008-04-01 22:50:54 36 -r-h----- C:\WINDOWS\sued.dat
2008-04-01 18:51:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-04-01 07:53:44 0 d--hs---- C:\FOUND.004
2008-04-01 07:43:47 0 d-------- C:\WINDOWS\system32\bits
2008-03-31 19:24:36 0 d-------- C:\Program Files\Windows Live Safety Center
2008-03-29 23:07:58 0 d-------- C:\Documents and Settings\All Users\Application Data\NETGATE
2008-03-29 22:41:52 0 d-------- C:\Documents and Settings\default\Application Data\Se Analyzer Tool SA
2008-03-28 18:13:12 0 d-------- C:\Program Files\Alwil Software
2008-03-27 20:32:43 0 d-------- C:\Documents and Settings\default\Application Data\Malwarebytes
2008-03-27 20:31:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-27 18:15:13 0 d-------- C:\Program Files\Trend Micro
2008-03-26 22:27:30 0 d-------- C:\Program Files\Windows Defender
2008-03-26 20:26:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-26 19:52:43 0 d-------- C:\Program Files\?ppPatch
2008-03-26 19:52:13 86016 -----n--- C:\WINDOWS\system32\drivers\rasl2tpp.sys
2008-03-26 19:52:09 0 d-------- C:\WINDOWS\system32\xTmp
2008-03-26 19:52:09 0 d-------- C:\WINDOWS\system32\winz1
2008-03-26 19:52:09 0 d-------- C:\WINDOWS\system32\usnv
2008-03-26 19:52:05 0 d-------- C:\Program Files\Common Files\T?sks
2008-03-26 19:51:57 0 d-------- C:\WINDOWS\system32\aqVreo01
2008-03-24 13:17:00 0 d-------- C:\Program Files\Messenger
2008-03-24 12:55:32 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-24 11:48:25 0 d-------- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-24 11:47:28 0 d-------- C:\Program Files\Windows Live
2008-03-24 11:47:12 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-20 20:37:13 9437184 --a------ C:\Documents and Settings\default\ntuser.dat
2008-03-15 09:26:21 0 d-------- C:\Program Files\iPod
2008-03-09 12:04:09 0 d-------- C:\Documents and Settings\default\Application Data\Teewars


-- Find3M Report ---------------------------------------------------------------

2008-04-04 23:01:20 10421 --a------ C:\WINDOWS\mozver.dat
2008-04-02 23:38:46 2651368 --ah----- C:\Documents and Settings\default\Application Data\IconCache.db
2008-03-27 19:13:02 70656 --a------ C:\Documents and Settings\default\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-03-26 19:52:44 0 d-------- C:\Program Files\?ppPatch
2008-03-26 19:52:06 0 d-------- C:\Program Files\Common Files\T?sks
2008-02-22 18:32:36 0 d-------- C:\Program Files\Phun
2008-02-20 19:14:50 57872 --a------ C:\Documents and Settings\default\Application Data\GDIPFONTCACHEV1.DAT
2008-02-17 00:56:28 0 d-------- C:\Program Files\Common Files\INCA Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [08/04/2004 12:00 PM C:\WINDOWS\SYSTEM32\systray.exe]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [12/29/2005 09:33 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [05/10/2006 11:12 AM]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [06/07/2006 11:17 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/31/2008 11:13 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"ClearRecentDocsOnExit"=0000000000000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="csvoe.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^default^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\07d00ab8]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
"C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmvgi.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Dell PC Fax\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KillAndClean]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
"C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PostSetupCheck]
C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atgban.dll" DllStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{00-0A-A1-17-DW}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LTWinModem1"=ltmsg.exe 9
"LoadQM"=loadqm.exe
"KERNEL32"=kernel32.exe
"AtiPTA"=Atiptaxx.exe
"LexmarkPrinTray"=PrinTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"LTWinModem1"=ltmsg.exe 9
"AVG7_CC"=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
"AVG7_AMSVR"=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
"USBDetector"=C:\USBStorage\USBDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"SchedulingAgent"=mstask.exe
"Machine Debug Manager"=C:\WINDOWS\SYSTEM32\MDM.EXE
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54f7ab10-868b-11da-827a-001217580677}]
AutoRun\command- E:\autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\^RNA]
rundll rnasetup.dll,installoptionalcomponent rna

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install


-- End of Deckard's System Scanner: finished at 2008-04-06 12:13:54 ------------

BC AdBot (Login to Remove)

 


#2 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:04:20 AM

Posted 12 April 2008 - 06:37 AM

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

----------------------------------------------------------------------------------------

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.


Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users