Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Solution Center

Free IT eBook

Howtos

Site Search

Message Find

RSS Feeds

Install Guides

Data Recovery

About

Home
Reply to Message Icon Go to Main Page Icon

Subject: Pop Up City! Winantiv. Help Jabuck

Original Message
Name: Barrett
Date: August 31, 2007 at 14:41:10 Pacific
Subject: Pop Up City! Winantiv. Help Jabuck
OS: xp home
CPU/Ram: pent 4 ht
Model/Manufacturer: dell dem
Comment:
Just got this computer. Computer has serious pop-up issues. Have removed some adware form add or remove programs. But still get the winantivirus and others. Can someone help me.


thanks

Barrett


Report Offensive Message For Removal

Response Number 1
Name: jabuck
Date: August 31, 2007 at 15:01:45 Pacific
Subject: Pop Up City! Winantiv. Help Jabuck
Reply: (edit)

Post these logs in one post please.

Please download and install the latest version of HijackThis v2.0.2:

Download the HijackThis Installer from this link: HijackThis

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download VundoFix.exe to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Run vundofix again and post that log also.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.


Report Offensive Follow Up For Removal

Response Number 2
Name: Barrett
Date: August 31, 2007 at 15:56:29 Pacific
Subject: Pop Up City! Winantiv. Help Jabuck
Reply: (edit)
jabuck, thank you so much for the help!
Just to let you know, when vundofix was removing it had an error twice- Error:75.Path/File Access Error -
I dont know if that helps at all.

Here are the reports.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:57 PM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\usiyboro.dll",forkonce
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 2239 bytes

Adn the Combofix


ComboFix 07-08-30.3 - "Dan" 2007-08-31 17:25:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.300 [GMT -5:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\winantispyware 2007
C:\DOCUME~1\Dan\APPLIC~1\winantispyware 2007 free
C:\DOCUME~1\Dan\err.log
C:\DOCUME~1\Guest\err.log
C:\DOCUME~1\Wendy\APPLIC~1\WinTouch
C:\DOCUME~1\Wendy\err.log
C:\DOCUME~1\Wendy\STARTM~1\Programs\Startup\ta_start.lnk
C:\DOCUME~1\Wendy\STARTM~1\Programs\Startup\think-adz.lnk
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Wallpaper\Baseball X-Ray.jpg
C:\Program Files\screensavers.com\Wallpaper\Bikini.com - Jessica.jpg
C:\Program Files\screensavers.com\Wallpaper\Into the Blue - Jessica Alba 2.jpg
C:\Program Files\screensavers.com\Wallpaper\Lords of Dogtown - Z-Boys.jpg
C:\Program Files\screensavers.com\Wallpaper\Lords of Dogtown.jpg
C:\Program Files\screensavers.com\Wallpaper\Orlando Bloom 3.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\b135.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\akyjkvde.exe
C:\WINDOWS\system32\aonclhyl.dll
C:\WINDOWS\system32\axmfxxac.ini
C:\WINDOWS\system32\biwvjlmy.dll
C:\WINDOWS\system32\bpcacjdy.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\caxxfmxa.dll
C:\WINDOWS\system32\dakjnpwq.exe
C:\WINDOWS\system32\dfjmagll.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\ebtfbkik.exe
C:\WINDOWS\system32\ecpvhtlm.dll
C:\WINDOWS\system32\fgslesmn.dll
C:\WINDOWS\system32\fpjidlae.exe
C:\WINDOWS\system32\gaphxcsw.dll
C:\WINDOWS\system32\givjdarc.dll
C:\WINDOWS\system32\gjkrsjeo.exe
C:\WINDOWS\system32\grniwwnx.ini
C:\WINDOWS\system32\huywcyoy.exe
C:\WINDOWS\system32\jckshhsj.ini
C:\WINDOWS\system32\jscimiou.dll
C:\WINDOWS\system32\jshhskcj.dll
C:\WINDOWS\system32\kebgjeqn.dll
C:\WINDOWS\system32\kolrqnul.dll
C:\WINDOWS\system32\kvrnuepi.exe
C:\WINDOWS\system32\kwowlytb.exe
C:\WINDOWS\system32\lrnffjbm.dll
C:\WINDOWS\system32\lunqrlok.ini
C:\WINDOWS\system32\mbjffnrl.ini
C:\WINDOWS\system32\mbuwvmbm.exe
C:\WINDOWS\system32\mhvgblfh.exe
C:\WINDOWS\system32\mlthvpce.ini
C:\WINDOWS\system32\mrwvvqep.dll
C:\WINDOWS\system32\mtddcuas.dll
C:\WINDOWS\system32\mwinmmdt.exe
C:\WINDOWS\system32\myearuka.exe
C:\WINDOWS\system32\nfcxetmw.ini
C:\WINDOWS\system32\nmselsgf.ini
C:\WINDOWS\system32\nvkmuqbi.exe
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\orlmsgcu.exe
C:\WINDOWS\system32\peqvvwrm.ini
C:\WINDOWS\system32\prrpriyt.dll
C:\WINDOWS\system32\qdlkeldl.exe
C:\WINDOWS\system32\sgkaamgv.exe
C:\WINDOWS\system32\sieeoccy.ini
C:\WINDOWS\system32\tluutihq.exe
C:\WINDOWS\system32\tviqbayi.exe
C:\WINDOWS\system32\tyirprrp.ini
C:\WINDOWS\system32\uoimicsj.ini
C:\WINDOWS\system32\vfkrqsya.dll
C:\WINDOWS\system32\voibehmv.exe
C:\WINDOWS\system32\wduerjxw.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wllmtsjy.exe
C:\WINDOWS\system32\wlvxxauu.exe
C:\WINDOWS\system32\wmtexcfn.dll
C:\WINDOWS\system32\wscxhpag.ini
C:\WINDOWS\system32\X1
C:\WINDOWS\system32\X2
C:\WINDOWS\system32\X3
C:\WINDOWS\system32\X4
C:\WINDOWS\system32\X5
C:\WINDOWS\system32\X9
C:\WINDOWS\system32\xnwwinrg.dll
C:\WINDOWS\system32\yccoeeis.dll
C:\WINDOWS\wgworkvA.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\ApiMon
-------\core
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))


2007-08-31 17:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-31 17:14 <DIR> d-------- C:\VundoFix Backups
2007-08-31 17:11 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-27 08:06 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-08-27 08:06 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-08-24 15:30 <DIR> d-------- C:\DOCUME~1\Dan\APPLIC~1\Sunbelt Software
2007-08-24 13:14 <DIR> d-------- C:\WINDOWS\pss
2007-08-24 08:59 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-08-24 08:59 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-08-24 08:59 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-08-24 08:59 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-08-24 08:59 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-08-24 08:59 <DIR> d-------- C:\DOCUME~1\Dan\APPLIC~1\PC Tools
2007-08-24 08:58 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-24 08:38 <DIR> dr-h----- C:\DOCUME~1\Dan\APPLIC~1\yahoo!
2007-08-24 08:19 <DIR> d-------- C:\DOCUME~1\Dan\APPLIC~1\MSNInstaller
2007-08-24 07:35 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-08-24 07:35 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2007-08-23 20:15 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-08-22 18:39 52,776 --a------ C:\WINDOWS\system32\lldsrngm.exe
2007-08-15 07:04 75,328 --a------ C:\WINDOWS\system32\acvceaad.exe
2007-08-15 07:01 75,328 --a------ C:\WINDOWS\system32\nmdaoebk.exe
2007-08-14 15:00 75,328 --a------ C:\WINDOWS\system32\wbavhjvu.exe
2007-08-13 15:00 75,328 --a------ C:\WINDOWS\system32\sgamvjoa.exe
2007-08-12 16:31 75,328 --a------ C:\WINDOWS\system32\wsarptws.exe
2007-08-11 13:05 66,112 --a------ C:\WINDOWS\system32\drjwgwuw.exe
2007-08-11 13:02 66,112 --a------ C:\WINDOWS\system32\feabnsdu.exe
2007-08-09 21:39 75,328 --a------ C:\WINDOWS\system32\jswrfwdb.exe
2007-08-09 21:38 75,328 --a------ C:\WINDOWS\system32\nisgwgok.exe
2007-08-08 11:36 66,112 --a------ C:\WINDOWS\system32\dbqeeqnm.exe
2007-08-07 14:04 66,112 --a------ C:\WINDOWS\system32\njtbtmnp.exe
2007-08-07 14:01 66,112 --a------ C:\WINDOWS\system32\jvdwmxan.exe
2007-08-06 17:11 <DIR> d-------- C:\Program Files\Common Files\roqq
2007-07-27 17:54 66,112 --a------ C:\WINDOWS\system32\lykcwnmu.exe
2007-07-26 17:01 126,016 --a------ C:\WINDOWS\system32\rjkkulsk.dll
2007-07-26 16:55 66,112 --a------ C:\WINDOWS\system32\wkyyecjg.exe
2007-07-26 16:55 66,112 --a------ C:\WINDOWS\system32\enflavgx.exe
2007-07-26 16:52 66,112 --a------ C:\WINDOWS\system32\wfhtkgcu.exe
2007-07-26 16:39 <DIR> d-------- C:\DOCUME~1\Dan\APPLIC~1\Wal-Mart Digital Photo Viewer
2007-07-24 12:51 66,112 --a------ C:\WINDOWS\system32\xaxmsgfq.exe
2007-07-24 12:50 66,112 --a------ C:\WINDOWS\system32\yarnalbm.exe
2007-07-23 22:32 126,016 --a------ C:\WINDOWS\system32\keobklnx.dll
2007-07-23 22:29 66,112 --a------ C:\WINDOWS\system32\umtjifqq.exe
2007-07-22 22:29 66,112 --a------ C:\WINDOWS\system32\ecdyyibq.exe
2007-07-21 22:29 66,112 --a------ C:\WINDOWS\system32\smnwaqqh.exe
2007-07-20 21:48 66,112 --a------ C:\WINDOWS\system32\nrwxxdbl.exe
2007-07-20 21:41 66,112 --a------ C:\WINDOWS\system32\bcscagtb.exe
2007-07-18 12:16 66,112 --a------ C:\WINDOWS\system32\mrnjyodc.exe
2007-07-18 11:14 66,112 --a------ C:\WINDOWS\system32\hytxejum.exe
2007-07-14 13:39 66,112 --a------ C:\WINDOWS\system32\btgdoduc.exe
2007-07-02 09:19 122,944 --a------ C:\WINDOWS\system32\bfnekggo.exe
2007-07-02 00:34 122,944 --a------ C:\WINDOWS\system32\tergcxae.exe
2007-07-01 00:23 2,624 --a------ C:\WINDOWS\system32\lkkgukmp.exe
2007-07-01 00:14 122,944 --a------ C:\WINDOWS\system32\wulhvoin.exe
2007-07-01 00:05 4,672 --a------ C:\WINDOWS\system32\dptymonw.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-27 1rogram Files\AIM
2007-08-27 0rogram Files\Dell
2007-08-24 10:28 4496 --ahsc--- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-24 10:28 104 -r-hs---- C:\WINDOWS\system32\4FBBE9FD08.sys
2007-08-24 0rogram Files\Yahoo!
2007-08-24 0OCUME~1\ALLUSE~1\APPLIC~1\yahoo!
2007-08-24 0rogram Files\Plaxo
2007-08-24 0rogram Files\MUSICMATCH
2007-08-24 0OCUME~1\ALLUSE~1\APPLIC~1\GTek
2007-08-24 0rogram Files\Common Files\AOL
2007-08-24 0OCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-08-11 1rogram Files\PokerStars
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-06-28 0rogram Files\ACTive Prep
2007-06-26 10:13 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 09:09 658944 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 13:09 96256 --a------ C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 13:09 615424 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 13:09 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 13:09 532480 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 13:09 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 13:09 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 13:09 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 13:09 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 13:09 3058688 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 13:09 251392 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 13:09 205312 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 13:09 16384 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 13:09 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 13:09 1494528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 13:09 146432 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 13:09 1054208 --a------ C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 13:09 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 09:07 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 05:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-01-18 22:07 774144 --a--c--- C:\Program Files\RngInterstitial.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{729D0D04-570F-45A1-B322-96A496637963}]
C:\WINDOWS\system32\sstqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{829777CE-BF26-4AC2-B6DA-3D5C8C95B212}]
C:\Program Files\ComPlus Applications\hotezy4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BCC3ADD-3612-43AE-A6D3-8C02A19932D6}]
C:\Program Files\ComPlus Applications\hotezy83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8670584-C341-406A-9BAA-4FCB55681B83}]
C:\Program Files\Windows Media Player\lagusika141.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcayyy]
ddcayyy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-31 17:33:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-31 17:34:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-31 17:34

--- E O F ---


thanks

Barrett


Report Offensive Follow Up For Removal

Response Number 3
Name: jabuck
Date: August 31, 2007 at 19:55:11 Pacific
Subject: Pop Up City! Winantiv. Help Jabuck
Reply: (edit)
Temporarily disaable Spyware Doctor.


1. From within Spyware Doctor, click the "OnGuard" button on the left side.


2. Uncheck "Activate OnGuard".

Please download SDFix by AndyManchesta and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following:
Restart your computer.
After hearing your computer beep once during startup, but just before the Windows icon appears, tap the F8 key continually.
Instead of Windows loading as normal, a menu with options should appear.
Select the first option, to run Windows in "Safe Mode", then press "Enter".
Choose your usual account.


Once in Safe Mode, please do the following:
In Safe Mode, right-click the SDFix.zip folder and choose Extract All.
Open the extracted folder and double-click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt

Run Vundofix again and if it will run, run it twice and post only the report from the second time you run it.



Report Offensive Follow Up For Removal

Response Number 4
Name: Barrett
Date: September 4, 2007 at 08:22:50 Pacific
Subject: Pop Up City! Winantiv. Help Jabuck
Reply: (edit)
Hey jabuck. Had to go out of town for the weekend. Hope yours went good.

I did as you said with the sdfix and the Vundofix.

I ran Vundo fix twice and both times it found nothing.

The report for the sdfix is listed below.


SDFix: Version 1.101

Run by Dan on Tue 09/04/2007 at 09:46 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\tcb.pmw - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.


Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\WINDOWS\system32\4FBBE9FD08.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG

Finished


thanks

Barrett


Report Offensive Follow Up For Removal

Response Number 5
Name: jabuck
Date: September 4, 2007 at 18:25:25 Pacific
Subject: Pop Up City! Winantiv. Help Jabuck
Reply: (edit)
Since it has been a few dats since your last post please post a new Hijack This log and a new Combofix log.

Report Offensive Follow Up For Removal



Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: Pop Up City! Winantiv. Help Jabuck

Comments:
         

 
  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 


Data Recovery Software



Version Tracker Pro
Keep your software current and secure, effortlessly
Click Here for a Free Scan

Driver Agent
Automatically find the latest drivers for your computer.
 Click Here for a Free Scan

The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net, LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE

All content ©1996-2007 Computing.Net, LLC