IPB IPB

Welcome Guest ( Log In | Register )

 
 Reply to this topicStart new topic
> Tons Of Antispyware 2009 And Other Annoying Popups!, Already tried Combofix,but i still get them
conspiracy23
post Dec 26 2008, 07:57 PM
Post #1


Newbie


Group: Members
Posts: 1
Joined: 26-December 08
Member No.: 20,539
I'm getting tons of Antivirus 2009 popups, some registry defender popups, and tons of other annoying fake security program popups. I already used ComboFix but the popups still continue.

Here is the Combofix log!

ComboFix 08-12-25.04 - Owner 2008-12-26 1:03:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.204 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sakalimo.dll
c:\windows\system32\tudotipi.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-26 to 2008-12-26 )))))))))))))))))))))))))))))))
.

2008-12-26 01:31 . 2003-08-26 03:28 96,256 -ra------ c:\windows\system32\drivers\LSIPNDS.sys
2008-12-26 01:26 . 2004-08-04 14:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-26 01:25 . 2004-08-27 04:54 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2008-12-26 01:25 . 2004-08-27 04:54 <DIR> d-------- c:\documents and settings\Default User\WINDOWS
2008-12-26 01:25 . 2003-01-10 13:58 351,526 --a------ c:\windows\WBDDA34I.DLL
2008-12-26 01:25 . 2008-12-26 01:25 29 --a------ c:\windows\wwwbatch.ini
2008-12-26 01:23 . 2008-12-26 01:23 8,192 --a------ c:\windows\REGLOCS.OLD
2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\program files\McAfee.com
2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\program files\McAfee
2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\documents and settings\Owner\Application Data\SampleView
2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\documents and settings\Owner\Application Data\McAfee
2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee.com
2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-26 01:21 . 2004-10-20 12:08 341,064 --a------ c:\windows\system32\mcinsctl.dll
2008-12-26 01:21 . 2004-10-20 12:08 279,624 --a------ c:\windows\system32\mcgdmgr.dll
2008-12-26 01:21 . 2008-12-26 01:21 0 --a------ c:\windows\system32\eMachines_W3050_Versionxx_CA74C10006533.MRK
2008-12-26 01:20 . 2008-12-26 01:20 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-26 01:20 . 2008-12-26 01:20 <DIR> d-------- c:\program files\Digital Media Reader
2008-12-26 01:19 . 2003-03-25 08:00 67,072 --a------ c:\windows\POWERCFG.EXE
2008-12-26 01:19 . 2004-09-03 19:07 20,480 --a------ c:\windows\system32\Marker32.exe
2008-12-26 01:18 . 2008-12-26 01:18 <DIR> d-------- c:\program files\CyberLink
2008-12-26 01:18 . 2008-12-26 01:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-12-26 01:17 . 2008-12-26 01:17 <DIR> d-------- c:\program files\Microsoft Works
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\windows\occache
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Viewpoint
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Pure Networks
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Learn2.com
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Common Files\Ahead
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\BigFix
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\AOL Companion
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Ahead
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pure Networks
2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\windows\system32\QuickTime
2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\program files\Real
2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\program files\QuickTime
2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\program files\Common Files\Real
2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\program files\Common Files\Nullsoft
2008-12-26 01:15 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Common Files\aolshare
2008-12-26 01:15 . 2008-12-26 01:16 <DIR> d-------- c:\program files\AOL Toolbar
2008-12-26 01:15 . 2008-12-26 01:16 <DIR> d-------- c:\program files\America Online 9.0
2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\QuickTime
2008-12-26 01:15 . 2008-12-26 01:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2008-12-26 01:14 . 2008-12-26 01:14 <DIR> d-------- c:\windows\system32\URTTemp
2008-12-26 01:14 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Common Files\AOL
2008-12-26 01:14 . 2008-12-26 01:16 837 --ah----- C:\IPH.PH
2008-12-26 01:14 . 2008-12-26 01:14 335 --a------ c:\windows\nsreg.dat
2008-12-26 01:13 . 2008-12-26 01:13 <DIR> d-------- c:\program files\MSN Encarta Plus
2008-12-26 01:13 . 2008-12-26 01:14 <DIR> d-------- c:\program files\Microsoft Money
2008-12-26 01:12 . 2008-12-26 01:12 <DIR> d-------- c:\program files\NVIDIA Corporation
2008-12-26 01:12 . 2008-12-26 01:18 <DIR> d--h----- c:\program files\InstallShield Installation Information
2008-12-26 01:12 . 2008-12-26 01:12 <DIR> d-------- c:\program files\Common Files\NVIDIA Shared
2008-12-26 01:11 . 2008-12-26 01:20 <DIR> d-------- c:\program files\Common Files\InstallShield
2008-12-26 01:10 . 2008-12-25 23:36 <DIR> d-------- c:\program files\Java
2008-12-26 01:10 . 2008-12-26 01:10 <DIR> d-------- c:\program files\Common Files\New Boundary
2008-12-26 01:10 . 2008-12-26 01:10 <DIR> d-------- c:\program files\Common Files\Java
2008-12-26 01:10 . 2008-12-26 01:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Prism Deploy
2008-12-26 01:07 . 2008-12-26 01:19 <DIR> d-------- c:\program files\Norton AntiVirus
2008-12-26 01:06 . 2008-12-26 01:07 <DIR> d-------- c:\program files\Symantec
2008-12-26 01:06 . 2008-12-26 00:16 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-12-26 01:06 . 2008-12-26 01:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-26 01:06 . 2004-08-09 13:59 103,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-26 01:06 . 2004-08-09 13:59 83,168 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-26 01:06 . 2004-08-04 03:56 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-26 01:06 . 2004-08-04 01:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-12-26 01:05 . 2008-12-26 01:05 <DIR> d-------- c:\program files\CONEXANT
2008-12-26 01:05 . 2004-08-04 02:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-26 01:05 . 2004-08-04 02:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-26 01:05 . 2001-08-17 16:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-12-26 01:05 . 2001-08-17 17:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-26 01:04 . 2004-08-04 02:08 26,624 --a------ c:\windows\system32\drivers\usbehci.sys
2008-12-26 01:04 . 2004-08-04 02:08 17,024 --a------ c:\windows\system32\drivers\usbohci.sys
2008-12-26 01:04 . 2004-08-04 03:56 7,168 --a------ c:\windows\system32\hccoin.dll
2008-12-26 00:54 . 2008-12-26 00:54 <DIR> d-------- c:\documents and settings\Owner\Application Data\Template
2008-12-26 00:54 . 2005-08-02 17:45 1,552 -ra------ c:\windows\system32\lxce.loc
2008-12-26 00:54 . 2008-12-26 00:54 0 --a------ c:\documents and settings\Owner\Application Data\wklnhst.dat
2008-12-26 00:52 . 2008-12-26 01:06 <DIR> d-------- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-12-26 00:52 . 2008-12-26 00:53 <DIR> d-------- c:\program files\Lexmark 4300 Series
2008-12-26 00:52 . 2005-02-23 10:48 1,267,333 --a------ c:\windows\system32\lxcehelp.hlp
2008-12-26 00:52 . 2005-02-23 05:33 983,091 --a------ c:\windows\system32\lxcegf.dll
2008-12-26 00:52 . 2005-07-28 03:24 172,032 --a------ c:\windows\system32\lxceinsb.dll
2008-12-26 00:52 . 2005-07-28 03:24 131,072 --a------ c:\windows\system32\lxceins.dll
2008-12-26 00:52 . 2005-07-28 03:25 98,304 --a------ c:\windows\system32\lxceinsr.dll
2008-12-26 00:52 . 2005-07-28 03:24 86,016 --a------ c:\windows\system32\lxcecub.dll
2008-12-26 00:52 . 2005-07-28 03:24 73,728 --a------ c:\windows\system32\lxcecu.dll
2008-12-26 00:52 . 2005-07-28 03:25 36,864 --a------ c:\windows\system32\lxcecur.dll
2008-12-26 00:52 . 2005-01-13 06:52 7,720 --a------ c:\windows\system32\lxcehelp.cnt
2008-12-26 00:52 . 2008-12-26 00:55 1,125 --a------ C:\LXCEINST.csv
2008-12-26 00:52 . 2008-12-26 00:52 0 --a------ C:\lxcefire.csv
2008-12-26 00:46 . 2008-12-26 01:06 <DIR> d-------- c:\windows\SMINST
2008-12-26 00:46 . 2008-12-26 01:06 <DIR> d-------- c:\windows\creator
2008-12-26 00:46 . 2008-12-26 01:02 <DIR> d-------- c:\windows\CACHE
2008-12-26 00:46 . 2008-12-26 00:52 <DIR> dr------- C:\Program Files
2008-12-26 00:46 . 2008-12-26 01:15 <DIR> dr------- c:\documents and settings\All Users\Documents
2008-12-26 00:46 . 2004-06-17 15:55 1,041,536 --a------ c:\windows\system32\drivers\HSF_DP.sys
2008-12-26 00:46 . 2004-06-17 15:55 685,056 --a------ c:\windows\system32\drivers\HSF_CNXT.sys
2008-12-26 00:46 . 2004-06-17 15:56 220,032 --a------ c:\windows\system32\drivers\HSFHWBS2.sys
2008-12-26 00:46 . 2004-06-17 15:30 129,045 --a------ c:\windows\system32\drivers\HSFProf.cty
2008-12-26 00:46 . 2004-03-17 12:00 86,016 --a------ c:\windows\system32\mdmxsdk.dll
2008-12-26 00:46 . 2004-08-04 15:34 39,018 --a------ c:\windows\system32\HSFCI011.dll
2008-12-26 00:46 . 2004-03-17 12:04 13,059 --a------ c:\windows\system32\drivers\mdmxsdk.sys
2008-12-26 00:46 . 2008-12-26 00:46 60 --a------ c:\windows\system32\SYSDRV.DAT
2008-12-26 00:43 . 2008-12-26 00:53 <DIR> dr-hsc--- c:\windows\system32\dllcache
2008-12-25 23:49 . 2008-12-26 00:24 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-25 23:49 . 2008-12-25 23:49 <DIR> d-------- c:\documents and settings\Owner\Application Data\PC Tools
2008-12-25 23:49 . 2008-12-26 01:01 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-25 23:49 . 2008-12-26 00:23 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-25 23:49 . 2008-12-26 00:23 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-25 23:49 . 2008-12-26 00:23 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-25 23:49 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-25 23:48 . 2008-12-25 23:48 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-12-25 23:47 . 2008-12-25 23:47 <DIR> d-------- c:\program files\Lavasoft
2008-12-25 23:47 . 2008-12-25 23:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-25 23:47 . 2008-12-25 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-25 23:40 . 2008-12-25 23:40 1,603,449 ---hs---- c:\windows\system32\elonidiw.ini
2008-12-25 23:36 . 2008-12-25 23:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\Yahoo!
2008-12-25 23:36 . 2008-12-25 23:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-25 23:36 . 2008-12-25 23:36 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-25 23:36 . 2008-12-25 23:36 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-25 23:35 . 2008-12-25 23:36 <DIR> d-------- c:\program files\Yahoo!
2008-12-25 23:35 . 2008-12-25 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-25 23:32 . 2008-12-25 23:32 <DIR> d-------- c:\program files\uTorrent
2008-12-25 23:32 . 2008-12-26 00:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 06:15 8,552 ----a-w c:\windows\system32\drivers\asctrm.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 05:47 160496 --a------ c:\progra~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-13 58488]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 218240]
"NAV CfgWiz"="c:\program files\Norton AntiVirus\CfgWiz.exe" [2004-08-17 132248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2004-08-17 245760]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2004-10-02 184320]
"_AntiSpyware"="c:\program files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-10-19 114688]
"jujewefuma"="c:\windows\system32\rejufopa.dll" [2008-09-25 60928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
"nwiz"="nwiz.exe" [2004-07-12 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2008-12-26 1742384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\program files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-10-19 86016]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\sakalimo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\WINDOWS\\system32\\rundll32.exe"=

R3 IPN2120;Wireless-B PCI Adapter Driver;c:\windows\system32\DRIVERS\LSIPNDS.sys [2008-12-26 96256]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-25 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D30E61EF-1947-476D-396B-417E2F088C78}]
c:\windows\system32:winup32.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-26 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 14:00]

2008-12-26 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 14:00]

2008-12-26 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 14:00]

2008-12-26 c:\windows\Tasks\McAfee AntiSpyware.job
- c:\progra~1\McAfee\MCAFEE~1\McSpy.exe [2004-10-19 04:00]

2008-12-26 c:\windows\Tasks\McAfee AntiSpyware.job
- c:\progra~1\McAfee\MCAFEE~1 [2008-12-26 01:21]

2008-12-26 c:\windows\Tasks\McAfee.com Update Check (YOUR-F343DF5173-Owner).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-10-02 19:34]

2008-12-26 c:\windows\Tasks\McAfee.com Update Check (YOUR-F343DF5173-Owner).job
- c:\progra~1\mcafee.com\agent [2008-12-26 01:21]

2008-12-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 20:26]
.
- - - - ORPHANS REMOVED - - - -

BHO-{e348c788-f57b-4bd0-bb63-56b3c17e7fd5} - c:\windows\system32\kewevuro.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-Windows/winup32 - c:\windows\system32:winup32.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

O16 -: {C932BA85-4374-101B-A56C-00AA003668DC}
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\erhmgqnz.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 01:07:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows/winup32 = c:\windows\system32:winup32.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\system32:winup32.exe 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Norton AntiVirus\IWP\NPFMntor.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\rundll32.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-12-26 1:09:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-26 06:09:32

Pre-Run: 71,465,086,976 bytes free
Post-Run: 71,459,741,696 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

275

This post has been edited by conspiracy23: Dec 26 2008, 08:02 PM
Go to the top of the page
 
+Quote Post
crysty2k5
post Dec 27 2008, 04:12 PM
Post #2


BitDefender Evangelist
*****

Group: Moderators
Posts: 1,154
Joined: 27-January 08
From: Bucharest[RO]
Member No.: 9,374
@ conspiracy23

I don't see Bitdefender in you log.

Download Malwarebytes' Anti-malware from here:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Once the download is complete, run the install program, and accept all of the default options. Make sure that the options to Update and Launch the software is checked when you click Finish.
Now, let's make sure that it has all of the latest anti-spyware definitions: click on the Update tab and click the Check for Updates button.

(IMG:http://www.help2go.com/images/malwarebytes1.png)

After the updates have been loaded, click on the Scanner tab and choose the Perform Complete Scan option, then click the Scan button.

(IMG:http://imagehost.rophotoshop.com/pics/a5163075fd548685aa01c10a88346d17.png)

When the scan is complete, it will show you all of the potentially harmful files on your computer - click the button to remove them automatically.

Paste the scan log here. (IMG:style_emoticons/default/smile.gif)
Go to the top of the page
 
+Quote Post
« Next Oldest · Malware Talk · Next Newest »
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

RSS Lo-Fi Version Time is now: 9th February 2010 - 06:02 PM
Powered By IP.Board © 2010  IPS, Inc.