RSS Forums RSS
Please support our Viruses, Spyware and other Nasties advertiser: 64-bit Windows Community

Comments about browser window spam issues

Join Date: Jul 2007
Posts: 4
Reputation: MethodSZ is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 0
MethodSZ MethodSZ is offline Offline
Newbie Poster

Re: Comments about browser window spam issues

  #3  
Jul 24th, 2007
i also ran combofix from my desktop which was suggested by crunchie in another thread from someone having the same problem (but he never replied). I dont know if the results are skewed because firefox keeps opening up during the scan ( i close it each time). Heres the log:

"Brandon" - 2007-07-24 17:25:15 [GMT -4:00] - ComboFix 07-07-24 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))


2007-07-24 17:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 16:40 <DIR> d-------- C:\HJT
2007-07-24 15:36 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-24 15:23 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-24 15:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-24 15:18 <DIR> d-------- C:\VundoFix Backups
2007-07-24 14:51 <DIR> d-------- C:\DOCUME~1\Brandon\APPLIC~1\.purple
2007-07-24 14:50 <DIR> d-------- C:\Program Files\Pidgin
2007-07-24 14:50 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-07-24 14:37 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-07-24 14:37 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-07-24 14:37 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-07-24 14:37 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-07-24 14:36 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-07-24 14:36 65,536 --a------ C:\WINDOWS\system32\Audio3D.dll
2007-07-24 14:36 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-07-24 14:36 65,024 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-07-24 14:36 610,988 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-07-24 14:36 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-07-24 14:36 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-07-24 14:36 5,867,008 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2007-07-24 14:36 391,424 --a------ C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2007-07-24 14:36 208,896 --------- C:\WINDOWS\alcupd.exe
2007-07-24 14:36 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-07-24 14:36 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-07-24 14:36 155,648 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-07-24 14:36 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-07-24 14:36 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-07-24 14:36 139,264 --------- C:\WINDOWS\alcrmv.exe
2007-07-24 14:36 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-07-24 14:36 <DIR> d-------- C:\Program Files\AvRack
2007-07-24 14:35 294,912 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-07-24 14:35 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-07-24 14:35 <DIR> d-------- C:\Program Files\ATI Technologies
2007-07-24 14:34 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-07-24 14:16 <DIR> d-------- C:\DOCUME~1\Brandon\.housecall6.6
2007-07-24 14:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-07-24 14:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-07-24 14:00 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-24 13:58 <DIR> d---s---- C:\DOCUME~1\Brandon\UserData
2007-07-24 13:57 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-24 13:56 <DIR> d-------- C:\DOCUME~1\Brandon\APPLIC~1\Talkback
2007-07-24 12:24 <DIR> d-------- C:\DOCUME~1\Brandon\APPLIC~1\Launchy
2007-07-24 12:23 1,636,376 --a------ C:\DOCUME~1\Brandon\ycomp_setup.exe
2007-07-24 12:23 1,572,864 --ah----- C:\DOCUME~1\Brandon\NTUSER.DAT
2007-07-24 12:23 <DIR> d-------- C:\DOCUME~1\Brandon\_avast4_
2007-07-24 11:40 <DIR> d--hs---- C:\RECYCLER
2007-07-24 11:35 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-07-24 08:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-24 06:01 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-07-24 06:00 1,310,720 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-07-24 06:00 1,310,720 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-07-24 06:00 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-24 05:56 917,504 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-07-24 05:55 1,636,376 --a------ C:\DOCUME~1\DEFAUL~1\ycomp_setup.exe
2007-07-24 05:54 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\_avast4_
2007-07-24 05:53 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-07-24 05:50 <DIR> d-------- C:\WINDOWS\Registration
2007-07-24 01:45 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-07-24 00:06 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-07-24 00:05 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-24 00:05 <DIR> d-------- C:\WINDOWS\daemon
2007-07-24 00:05 <DIR> d-------- C:\Program Files\VideoLAN
2007-07-24 00:05 <DIR> d-------- C:\Program Files\IrfanView
2007-07-24 00:05 <DIR> d-------- C:\Program Files\Foxit
2007-07-24 00:05 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2007-07-24 00:05 <DIR> d-------- C:\Program Files\CDBurnerXP Pro 3
2007-07-24 00:05 <DIR> d-------- C:\Program Files\Azureus
2007-07-24 00:04 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-24 00:04 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-24 00:04 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-24 00:04 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-24 00:04 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-07-24 00:04 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-24 00:04 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-07-24 00:04 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-24 00:04 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-24 00:04 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-07-24 00:04 <DIR> d-------- C:\Program Files\Launchy
2007-07-24 00:04 <DIR> d-------- C:\Program Files\CCleaner
2007-07-24 00:04 <DIR> d-------- C:\Program Files\Alwil Software
2007-07-24 00:03 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-07-24 00:03 0 -rahs---- C:\MSDOS.SYS
2007-07-24 00:03 0 -rahs---- C:\IO.SYS
2007-07-24 00:03 0 --a------ C:\CONFIG.SYS
2007-07-24 00:03 0 --a------ C:\AUTOEXEC.BAT
2007-07-24 00:02 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-07-24 00:02 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-07-24 00:02 <DIR> d-------- C:\Temp_Folder
2007-07-24 00:01 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-07-24 00:01 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-07-24 00:01 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-07-24 00:01 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-07-24 00:01 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-07-24 00:01 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-07-24 00:01 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-07-24 00:01 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-07-24 00:01 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-24 00:01 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-24 00:01 382,464 --a------ C:\WINDOWS\system32\qmgr.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 19:03:50 -------- d-----w C:\DOCUME~1\Brandon\APPLIC~1\.purple
2007-05-27 01:57:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
2007-05-27 01:56:48 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-07-24 00:04:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoStartMenuMFUprogramsList"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoStartMenuMFUprogramsList"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys
R3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\ALCXSENS.SYS
R3 hidusb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
S3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
S3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys
S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys
S3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts upnphost SSDPSRV


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 17:26:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-24 17:27:01

--- E O F ---
Reply With Quote  
Forums | Blogs | Tutorials | Code Snippets | Whitepapers | RSS Feeds | Advertising
All times are GMT -4. The time now is 5:25 am.
Newsletter Archive - Sitemap - Privacy Statement - Acceptable Use Policy - Contact Us
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC