Adware or spyware

Microsoft Microsoft windows xp home edit...
June 25, 2010 at 08:18:09
Specs: Windows XP
I believe i have adware or spyware problems. When i click on google yahoo links they redirect me to random sites. I have also been getting pop ups for random sites too. My computer also is running very slow recently. When i get on in the morning for example i click on anything (firefox, itunes, ect.) and nothing will load. The timer will pop up for half a second then go back to the mouse pointer. I then must restart my computer. Any Help? I have tried malwarebytes which has found a few bugs but i deleted them. Still having same problems.

See More: Adware or spyware

Report •


#1
June 25, 2010 at 14:59:25
try running combofix:
http://www.bleepingcomputer.com/com...
Just follow the on-site instructions and you should be good.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#2
June 25, 2010 at 18:25:14
I will but it says to have some one authorize or help you...should i do this?

Report •

#3
June 26, 2010 at 03:46:20

Report •

Related Solutions

#4
June 26, 2010 at 17:33:09
ComboFix 10-06-25.02 - Owner 06/25/2010 22:55:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1688 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))))))
.

2010-06-25 17:29 . 2010-06-25 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-06-25 17:01 . 2010-06-25 17:01 227 ----a-w- c:\windows\PowerReg.dat
2010-06-25 17:00 . 1999-05-29 08:08 45568 ----a-w- c:\windows\UniFish3.exe
2010-06-24 15:34 . 2010-06-24 15:34 -------- d-----w- c:\program files\Acoustica Shared Effects
2010-06-24 15:34 . 2010-06-24 15:55 -------- d-----w- c:\program files\Acoustica Beatcraft
2010-06-23 00:26 . 2010-06-23 00:26 50354 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe
2010-06-23 00:26 . 2010-06-23 00:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Facebook
2010-06-20 20:39 . 2010-06-20 20:40 -------- d-----w- C:\4dd9d4ba5b5e3852f72901caa7ed
2010-06-17 23:53 . 2010-06-17 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-06-16 16:42 . 2010-06-16 16:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-06-16 16:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-16 16:41 . 2010-06-16 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-16 16:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-16 16:41 . 2010-06-16 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-14 16:54 . 2010-06-14 16:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-06-12 14:42 . 2010-06-12 14:43 -------- d-----w- C:\fb72df637d34f93606529eca
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-08 20:05 . 2010-06-08 20:05 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-06-07 00:58 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-06-07 00:58 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-06-07 00:58 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-06-07 00:58 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-06-07 00:58 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-06-07 00:58 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-06-06 18:52 . 2010-06-06 18:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-06 18:52 . 2010-06-06 18:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-06 18:52 . 2010-06-06 18:52 -------- d-----w- c:\program files\Symantec
2010-06-06 18:51 . 2010-06-09 19:35 -------- d-----w- c:\windows\system32\drivers\NAV
2010-06-06 18:51 . 2010-06-06 18:51 -------- d-----w- c:\program files\Norton AntiVirus
2010-06-06 18:51 . 2010-06-06 18:51 -------- d-----w- c:\program files\Windows Sidebar
2010-06-06 02:06 . 2010-06-06 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Arovax
2010-06-03 21:11 . 2010-06-06 06:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\wffftulsu
2010-06-02 22:24 . 2010-06-02 22:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-01 01:05 . 2010-06-01 01:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-31 23:50 . 2010-06-06 06:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\gsayfwivx
2010-05-27 23:20 . 2010-05-27 23:20 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4eac8bd1-n\msvcp71.dll
2010-05-27 23:20 . 2010-05-27 23:20 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4eac8bd1-n\jmc.dll
2010-05-27 23:20 . 2010-05-27 23:20 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4eac8bd1-n\msvcr71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 02:53 . 2010-01-28 04:00 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
2010-06-24 15:36 . 2010-01-28 04:00 -------- d-----w- c:\documents and settings\Owner\Application Data\SoftGrid Client
2010-06-23 10:08 . 2010-03-15 01:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-21 17:08 . 2010-02-02 01:08 68328 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-16 03:48 . 2010-02-24 08:16 2263528 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-09 00:42 . 2010-01-19 22:12 84752 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-08 20:05 . 2010-04-17 01:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-06 18:54 . 2010-03-03 20:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-06 18:52 . 2010-03-01 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-06 18:52 . 2010-06-06 18:52 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-06 18:52 . 2010-06-06 18:52 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-06 18:51 . 2010-03-01 01:59 -------- d-----w- c:\program files\NortonInstaller
2010-05-10 19:52 . 2010-05-10 19:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Apowersoft
2010-05-06 14:36 . 2010-01-20 22:45 221568 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 21:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-13 2937528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-1-24 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Gold\FMRemind.exe [2010-1-20 189952]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
ZDWLan Utility.lnk - c:\documents and settings\Owner\Desktop\ZDWlan.exe [2010-4-24 487424]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\FOGDownloader-RoM_2_1_6_2049.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\FOGDownloader-RoM_2_1_6_2049(3).exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"58548:TCP"= 58548:TCP:Pando Media Booster
"58548:UDP"= 58548:UDP:Pando Media Booster

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\symds.sys [6/6/2010 8:58 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\symefa.sys [6/6/2010 8:58 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [6/22/2010 6:54 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\cchpx86.sys [6/6/2010 8:58 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\ironx86.sys [6/6/2010 8:58 PM 116784]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 8:35 AM 819600]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [6/6/2010 8:58 PM 126392]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 4:04 PM 447832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/9/2010 3:35 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20100624.001\IDSXpx86.sys [6/25/2010 12:00 AM 331640]
R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 4:04 PM 543064]
R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 4:04 PM 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 4:05 PM 21864]
R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 4:04 PM 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 4:04 PM 203608]
S0 cerc6;cerc6; [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 5:28 AM 4639136]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/13/2008 7:00 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-25 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-03-01 04:04]

2010-06-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 21:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\14fai5hb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
AddRemove-ShopperReportsSA - c:\program files\ShopperReports3\bin\3.0.307.0\ShopperReportsUninstaller.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 23:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
Completion time: 2010-06-25 23:05:52
ComboFix-quarantined-files.txt 2010-06-26 03:05

Pre-Run: 185,813,975,040 bytes free
Post-Run: 217,323,094,016 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0A69D890A68FBEC830586E04D12E35EE


Report •

Ask Question