Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Please - Virtuomonde, Popups


  • This topic is locked This topic is locked
8 replies to this topic

#1 baondayko

baondayko

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 09 June 2008 - 10:52 PM

I am running xp pro and can't seem to get rid of browser popups. I've used several tools in these forums...like Malwarebytes, combofix, spyware doctor, adaware, and spybot. I would greatly appreciate any assistance anyone can provide - Thanks Brock

Attached is my hjt log.

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:33 AM

Posted 10 June 2008 - 05:45 PM

Hello baondayko,

Welcome to Bleeping Computer :thumbsup:


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.


Could you please post the original ComboFix log? Not attach, post.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 baondayko

baondayko
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 11 June 2008 - 06:16 PM

here it is....thanks for the help...brock


ComboFix 08-06-09.7 - s003497 2008-06-09 23:38:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1510 [GMT -4:00]
Running from: C:\Documents and Settings\s003497\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\s003497\Application Data\Microsoft\dtsc
C:\Documents and Settings\s003497\Application Data\Microsoft\dtsc\id
C:\WINDOWS\BM571d7305.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ctximrav.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-09 23:39 . 2008-06-09 23:39 53,248 --a------ C:\TEMP\catchme.dll
2008-06-09 23:06 . 2008-06-09 23:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 23:06 . 2008-06-09 23:06 <DIR> d-------- C:\Documents and Settings\s003497\Application Data\Malwarebytes
2008-06-09 23:06 . 2008-06-09 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 23:06 . 2008-06-09 20:13 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-09 23:06 . 2008-06-09 20:13 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-08 18:50 . 2008-06-08 18:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 15:56 . 2008-06-08 16:21 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-08 15:56 . 2008-06-08 15:56 <DIR> d-------- C:\Documents and Settings\s003497\Application Data\PC Tools
2008-06-08 15:56 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-08 15:56 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-08 15:56 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-08 15:56 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-03 15:34 . 2008-06-03 15:34 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-06-02 19:10 . 2008-06-02 19:10 <DIR> d-------- C:\Documents and Settings\s003497\Application Data\Logitech
2008-06-02 19:10 . 2008-06-02 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-06-02 18:21 . 2008-06-02 18:21 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-02 18:21 . 2008-06-02 18:21 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-06-02 18:19 . 2008-06-02 18:19 <DIR> d-------- C:\Program Files\Logitech
2008-06-02 18:19 . 2008-06-02 18:19 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-06-02 18:19 . 2008-06-02 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-02 18:19 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-06-02 18:19 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-06-02 18:19 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-06-02 18:19 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-06-02 18:19 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-06-02 18:18 . 2008-06-02 18:18 <DIR> d-------- C:\Documents and Settings\s003497\Application Data\InstallShield
2008-05-30 23:38 . 2008-05-30 23:38 <DIR> d-------- C:\Documents and Settings\s003497\Application Data\Corel
2008-05-30 23:38 . 2008-05-30 23:38 1,056 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-30 23:36 . 2008-05-30 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-05-30 23:34 . 2008-05-30 23:34 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-05-30 23:24 . 2008-05-30 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-05-30 23:24 . 2007-03-06 11:58 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-05-30 23:24 . 2007-03-06 11:58 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-05-30 23:24 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-05-30 23:24 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-05-30 23:24 . 2007-03-06 11:58 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-05-30 23:24 . 2007-03-06 11:58 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-05-30 21:39 . 2008-05-30 21:39 <DIR> d-------- C:\QUARANTINE
2008-05-30 18:01 . 2008-05-30 18:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-30 18:01 . 2008-05-30 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 00:29 . 2008-05-28 00:32 354 ---hs---- C:\WINDOWS\system32\qlertpyk.ini
2008-05-27 23:17 . 2008-05-27 23:17 <DIR> d-------- C:\VundoFix Backups
2008-05-27 22:23 . 2008-05-27 22:23 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-27 22:23 . 2008-05-27 22:30 1,470,476 --ahs---- C:\WINDOWS\system32\kjymxglr.tmp
2008-05-26 23:28 . 2008-05-26 23:28 <DIR> d-------- C:\Deckard
2008-05-26 22:54 . 2008-05-26 22:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-26 16:26 . 2008-05-26 16:26 <DIR> d-------- C:\Program Files\RegDoctor
2008-05-26 16:26 . 2000-12-18 23:11 291,328 --a------ C:\WINDOWS\system32\xzipper30.ocx
2008-05-26 16:26 . 2000-11-06 12:02 267,264 --a------ C:\WINDOWS\system32\xunzip30.ocx
2008-05-26 16:26 . 2005-02-12 15:43 245,760 --a------ C:\WINDOWS\system32\vbalColumnTreeView6.ocx
2008-05-26 16:26 . 1999-08-02 16:11 57,344 --a------ C:\WINDOWS\system32\CGZipLibrary.DLL
2008-05-26 16:26 . 2003-01-26 13:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-05-26 16:26 . 1999-03-12 01:20 18,728 --a------ C:\WINDOWS\system32\ISHF_Ex.tlb
2008-05-26 16:26 . 1998-03-18 16:45 8,096 --a------ C:\WINDOWS\system32\OLEGUIDS.TLB
2008-05-26 15:54 . 2008-05-26 15:54 <DIR> d-------- C:\Program Files\Vstplugins
2008-05-26 12:24 . 2008-05-26 12:24 <DIR> d-------- C:\Program Files\Panda Security
2008-05-25 11:07 . 2008-05-25 11:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-25 11:07 . 2008-06-08 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-25 10:11 . 2008-05-25 16:21 <DIR> d-------- C:\Documents and Settings\s003497\Application Data\uTorrent(2)
2008-05-24 21:41 . 2008-05-26 21:28 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-24 21:41 . 2008-05-26 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-24 21:21 . 2004-08-04 08:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-05-24 20:49 . 2008-05-24 20:51 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-05-24 20:34 . 2008-05-25 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-05-24 20:29 . 2008-05-24 20:47 <DIR> d-------- C:\Program Files\Sony Setup
2008-05-23 08:45 . 2008-05-23 08:59 <DIR> d-------- C:\Program Files\QuickTime
2008-05-21 15:51 . 2008-05-21 15:51 <DIR> d-------- C:\Program Files\Research In Motion
2008-05-21 15:51 . 2008-05-21 15:51 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-05-21 15:51 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-05-19 20:34 . 2008-05-19 20:34 56,321,604 --a------ C:\080519203410.ts
2008-05-19 20:29 . 2008-05-19 20:30 37,216 --a------ C:\080519202350.ts.sfk
2008-05-19 20:23 . 2008-05-19 20:24 14,768,716 --a------ C:\080519202350.ts
2008-05-19 20:18 . 2004-08-03 23:10 13,696 --a------ C:\WINDOWS\system32\drivers\avcstrm.sys
2008-05-19 20:18 . 2004-08-03 23:10 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys
2008-05-19 20:07 . 2004-03-29 02:26 49,024 --a------ C:\WINDOWS\system32\drivers\mstapeo.sys
2008-05-19 20:07 . 2003-11-11 07:34 22,891 --a------ C:\WINDOWS\system32\drivers\meistb.sys
2008-05-19 20:07 . 2003-11-11 07:33 13,195 --a------ C:\WINDOWS\system32\drivers\meistrm.sys
2008-05-19 20:05 . 2008-05-26 16:05 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-05-19 20:05 . 2008-05-26 16:05 3 --a------ C:\WINDOWS\Twain001.Mtx
2008-05-19 20:05 . 2008-05-19 20:05 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-05-19 20:04 . 2008-05-24 20:53 <DIR> d-------- C:\Documents and Settings\s003497\Application Data\Sony
2008-05-19 20:04 . 2008-05-21 13:37 <DIR> d-------- C:\Documents and Settings\s003497\Application Data\Publish Providers
2008-05-19 20:04 . 2008-06-09 23:37 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-19 19:48 . 2008-05-19 19:48 <DIR> d-------- C:\Program Files\Sony
2008-05-19 19:40 . 2008-05-19 19:40 <DIR> d-------- C:\Program Files\MSBuild
2008-05-19 19:38 . 2008-05-20 14:01 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-19 19:38 . 2008-05-19 19:38 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-19 19:37 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-19 19:31 . 2008-05-19 19:31 <DIR> d-------- C:\Documents and Settings\s003497\Application Data\Sony Setup
2008-05-18 10:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-17 21:31 . 2008-05-17 21:31 <DIR> d-------- C:\Program Files\Xvid
2008-05-17 21:31 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-17 21:31 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-17 21:31 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-17 20:57 . 2002-04-07 11:17 414 -ra------ C:\WINDOWS\system32\lame_acm.xml
2008-05-17 20:56 . 2008-04-15 11:59 679,936 --a------ C:\WINDOWS\system32\LameACM.acm
2008-05-17 20:46 . 2008-05-17 20:46 <DIR> d-------- C:\lame
2008-05-17 20:08 . 2008-05-17 20:08 <DIR> d-------- C:\virtualdub
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 22:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 03:24 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-05-31 03:23 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-05-31 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-31 03:05 --------- d-----w C:\Documents and Settings\s003497\Application Data\Ulead Systems
2008-05-30 19:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-30 14:23 --------- d-----w C:\Program Files\1425_Fiberlink
2008-05-30 13:59 --------- d-----w C:\Program Files\Nortel Networks
2008-05-25 00:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-23 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-20 12:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-18 14:29 --------- d-----w C:\Program Files\Java
2008-05-15 16:33 --------- d-----w C:\Program Files\ZapNotes
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-12 14:52 --------- d-----w C:\Program Files\AquaNotes
2008-04-12 14:50 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-12 14:50 258,048 ------w C:\WINDOWS\Setup1.exe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-28 14:21 39,352 ----a-w C:\Documents and Settings\s003497\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]
"Matrox PowerDesk SE"="C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2006-08-02 13:33 237568]
"nwiz"="nwiz.exe" [2007-04-28 19:05 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-28 19:05 8429568]
"NVHotkey"="nvHotkey.dll" [2007-04-28 19:05 67584 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2007-04-28 19:05 81920 C:\WINDOWS\system32\nvmctray.dll]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-22 20:54 180269]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 16:06 136512]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"TaskCompletion"="C:\LDClient\amclient.exe" [2005-09-06 10:52 299008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 09:48 147514]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"Inventory"="C:\LDClient\LDISCN32.exe" [2006-01-07 02:15 651264]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
"UVS11 Preload"="D:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-02 18:19:30 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=uptime.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Installer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\cba\\pds.exe"=
"C:\\LDClient\\Wuser32.exe"=
"C:\\LDClient\\tmcsvc.exe"=
"C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=

R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2007-07-06 19:29]
R1 svchost32_;svchost32_;C:\WINDOWS\svchost32_.sys [2007-06-20 15:37]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 11:45]
R2 ApogeeIO;Apogee Port I/O;C:\WINDOWS\system32\Drivers\apogeeio.sys [2005-06-01 13:07]
R2 CBA8;LANDesk® Management Agent;"C:\Program Files\LANDesk\Shared Files\residentagent.exe" [2005-11-01 13:15]
R2 FGR Service;FGR Service;"C:\Program Files\1425_Fiberlink\Fgrd.exe" [2004-08-19 12:57]
R2 Matrox Centering Service;Matrox Centering Service;"C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe" [2006-08-02 13:41]
R2 MaxImIO;MaxIm Port I/O;C:\WINDOWS\system32\Drivers\maximio.sys [2005-06-01 13:07]
R2 Mtxparmx;Mtxparmx;C:\WINDOWS\system32\DRIVERS\Mtxparmx.sys [2006-08-01 13:58]
R2 VPatch;ISS Buffer Overflow Exploit Prevention;C:\Program Files\network ice\blackice\vpatch.exe [2006-06-14 11:24]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-03-26 18:16]
R3 Intel Remote Control Helper;Intel Remote Control Helper;C:\WINDOWS\system32\drivers\rch.sys [2005-05-13 09:24]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-03-26 18:15]
R3 MakoNT;MakoNT;C:\WINDOWS\system32\drivers\MakoNT.sys [2006-06-14 11:24]
R3 rap;rap;C:\WINDOWS\system32\drivers\RapDrv.sys [2007-07-25 19:53]
R4 black;black;C:\WINDOWS\system32\drivers\BlackCat.sys [2007-07-25 19:53]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-03-26 18:15]
S2 MtxDrvService;MtxDrvService;C:\WINDOWS\system32\MtxDrvService.exe [2006-08-01 14:02]
S3 AVCSTRM;AVC Streaming Filter Driver;C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 23:10]
S3 BCMTPM;BCMTPM;C:\WINDOWS\system32\DRIVERS\btpmw32.sys [2005-10-14 07:54]
S3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;C:\WINDOWS\system32\drivers\cwbmidi.sys [2001-08-17 08:19]
S3 cwbwdm_device;Crystal WDM Audio Codec Driver;C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 08:19]
S3 DsiUsb;DsiUsb;C:\WINDOWS\system32\DRIVERS\DsiUsb.sys []
S3 ExtranetAccess;Contivity VPN Service;"C:\Program Files\Nortel Networks\Extranet_serv.exe" [2004-03-26 18:08]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;C:\WINDOWS\system32\DRIVERS\meistb.sys [2003-11-11 07:34]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []
S3 MTXPAR;MTXPAR;C:\WINDOWS\system32\DRIVERS\MTXPARM.sys [2006-08-01 13:58]
S3 MTXPARH;MTXPARH;C:\WINDOWS\system32\DRIVERS\MTXPARHM.sys [2004-08-03 23:29]
S3 Oracleora_home_92ClientCache;Oracleora_home_92ClientCache;C:\Oracle\ora92\BIN\ONRSD.EXE [2004-10-13 11:55]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 23:39:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-09 23:40:45
ComboFix-quarantined-files.txt 2008-06-10 03:40:38
ComboFix2.txt 2008-05-28 04:31:47
ComboFix3.txt 2008-05-26 16:13:28

Pre-Run: 26,196,643,840 bytes free
Post-Run: 26,294,546,432 bytes free

239 --- E O F --- 2008-05-20 18:02:20

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:33 AM

Posted 12 June 2008 - 07:21 PM

Hello,

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

C:\080519202350.ts.sfk

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 baondayko

baondayko
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 12 June 2008 - 07:42 PM

Not sure which part you want..but here are both...

Scanner results
Scan taken on 13 Jun 2008 00:38:20 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Statistics
Last file scanned at least one scanner reported something about: Téléphone_Internet_v2.4_By_AmjadPiPi_StarTimes2.com.EXE (MD5: 2c0de3831f22314e0033f4943ef1e2b1, size: 2434048 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender Trojan.Downloader.Agent.ZCR
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus X
Kaspersky Anti-Virus X
NOD32 a variant of Win32/Poison
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus Sus/ComPack-C
VirusBuster X
VBA32 Trojan-Downloader.Obfuscated.8 (paranoid heuristics)

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:33 AM

Posted 12 June 2008 - 07:45 PM

Hi Brock,

Thanks for that. :thumbsup: Are you still getting the popups?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 baondayko

baondayko
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 12 June 2008 - 08:23 PM

Not in the last day.

Spyware doctor shows: 4 adware advertising infections under browser cookies: atdmt/atdmt.com,burstnet.com/burstnet.com,com.com/com.com

2 application browsing cookiesL doubleclick.net/doubleclick.net and burstbeacon.com/burstbeacon.com


Malwarebytes currently shows clean.

Spybot shows some of the above and : mediaplex.net, apmebf.com,fastclick.net

No virtuomonde at this time. Perhaps I got lucky..Once I get rid of the above, what is the best way to keep them out of my system?

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:33 AM

Posted 15 June 2008 - 11:20 AM

Hello,

Look for this file and delete it, if present :

C:\WINDOWS\system32\kjymxglr.tmp

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer. Are you other scans coming up clean now after a couple of days? I'd like to see a HijackThis log before I turn you loose, please. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:33 AM

Posted 28 June 2008 - 11:08 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users