Tech Support Forum - View Single Post - constant pop ups

idlehands · 10-16-2007, 11:31 AM

thanx, here's the reports ...

ComboFix 07-10-16.1 - Mine 2007-10-16 17:50:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.119 [GMT 1:00]
Running from: C:\Documents and Settings\Mine\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ebyidokf.dll
C:\WINDOWS\system32\fcwjexqc.dll
C:\WINDOWS\system32\fuucnjow.dll
C:\WINDOWS\SYSTEM32\kjjjl.bak2
C:\WINDOWS\SYSTEM32\kjjjl.bak2
C:\WINDOWS\SYSTEM32\kjjjl.ini
C:\WINDOWS\SYSTEM32\kjjjl.ini
C:\WINDOWS\SYSTEM32\kjjjl.ini2
C:\WINDOWS\SYSTEM32\kjjjl.ini2
C:\WINDOWS\SYSTEM32\kjjjl.tmp
C:\WINDOWS\SYSTEM32\kjjjl.tmp
C:\WINDOWS\system32\ljjjk.dll
C:\WINDOWS\system32\ogccclys.dll
C:\WINDOWS\system32\pyxxakga.dll
C:\WINDOWS\system32\tdxbmgla.dll
C:\WINDOWS\system32\tfwkkrqs.dll
C:\WINDOWS\system32\xsxuuova.dll
C:\WINDOWS\system32\ynlyanfm.dll
C:\WINDOWS\system32\ypwgeroq.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.

2007-10-16 17:47 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 14:21 <DIR> d-------- C:\Documents and Settings\Waheeda\Application Data\Comodo
2007-10-15 14:20 <DIR> d-------- C:\Documents and Settings\Waheeda\Application Data\AVG7
2007-10-11 03:10 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-10 19:40 582,656 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2007-10-08 23:19 <DIR> d-------- C:\Program Files\My Google Gadgets
2007-10-08 23:07 55,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_skt32.sys
2007-10-08 22:58 48,384 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_pkt32.sys
2007-10-08 22:56 <DIR> d-------- C:\Program Files\Common Files\Authentium
2007-10-08 22:53 <DIR> d-------- C:\Program Files\Raxco
2007-10-08 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2007-10-08 22:52 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-10-08 22:52 <DIR> d-------- C:\Program Files\CA
2007-10-08 22:31 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\InstallShield
2007-10-07 19:47 <DIR> d-------- C:\Deckard
2007-10-07 14:33 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-07 14:33 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
2007-10-07 14:16 <DIR> d-------- C:\Program Files\ZonedOut
2007-10-07 12:17 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\Comodo
2007-10-07 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-07 11:26 <DIR> d-------- C:\Program Files\Comodo
2007-10-07 11:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-10-07 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-06 19:25 <DIR> d-------- C:\Program Files\TrojanHunter 4.0
2007-10-06 05:46 <DIR> d-------- C:\Program Files\MSN Messenger
2007-10-06 02:04 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-06 01:13 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-10-06 01:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-05 20:31 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\AVG7
2007-10-05 20:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-05 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-05 20:19 29,530,464 --a------ C:\Program Files\avg75free_488a1157.exe
2007-10-05 19:40 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-01 20:24 <DIR> d--h----- C:\WINDOWS\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 03:32 --------- d-----w C:\Program Files\LimeWire
2007-10-09 00:18 --------- d-----w C:\Program Files\DivX
2007-10-08 21:54 --------- d-----w C:\Program Files\AOL 9.0
2007-10-08 21:45 --------- d-----w C:\Program Files\Virgin Broadband
2007-10-08 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2007-10-08 21:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-07 18:24 --------- d-----w C:\Program Files\LG USB Drive2.9
2007-10-07 18:22 --------- d-----w C:\Program Files\Google
2007-10-07 18:22 --------- d-----w C:\Program Files\Digital Line Detect
2007-10-07 18:22 --------- d-----w C:\Program Files\DellSupport
2007-10-07 18:21 --------- d-----w C:\Program Files\Dell Photo AIO Printer 922
2007-10-07 13:20 --------- d-----w C:\Documents and Settings\Waheeda\Application Data\Virgin Broadband
2007-10-07 13:20 --------- d-----w C:\Documents and Settings\Mine\Application Data\Virgin Broadband
2007-10-07 12:50 --------- d-----w C:\Program Files\Java
2007-10-07 10:11 --------- d-----w C:\Program Files\Quicknation
2007-10-06 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-09-06 23:43 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{690BA9C4-0FA7-4F20-801E-27BEDAEA6543}
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-30 18:18 207,736 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2006-08-31 03:20 24,192 ----a-w C:\Documents and Settings\Mine\usbsermptxp.sys
2006-08-31 03:20 22,768 ----a-w C:\Documents and Settings\Mine\usbsermpt.sys
2005-09-16 23:24 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-09-13 20:32 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 17:32]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-20 18:24]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40]
"LG US"="c:\program files\lg usb drive2.9\lg usb.exe" [2005-02-21 03:53]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 19:36]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-01 21:46]
"workflow"="D:\installs\workflow.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 21:46]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-05 20:29]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-07 11:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 07:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2005-04-20 18:23:42]
broadband medic.lnk - C:\Program Files\ntl\broadband medic\bin\matcli.exe [2005-07-21 20:26:23]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-04-20 18:18:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifghfe]
iifghfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrstsq]
rqrstsq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2004-01-12 06:55 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver ;C:\WINDOWS\system32\DRIVERS\w70n51.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874}
S3 USTOR;LG USB Drive;C:\WINDOWS\system32\DRIVERS\UStork.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-16 08:30:44 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3AA0273-5D46-428A-BFE4-364028EBE978}.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 18:11:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-16 18:14:25 - machine was rebooted
.
--- E O F ---

and the other one ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:53, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\program files\lg usb drive2.9\lg usb.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LG US] c:\program files\lg usb drive2.9\lg usb.exe sys_auto_run C:\Program Files\LG USB Drive2.9
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [workflow] D:\installs\workflow.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://darktwistd.spaces.live.com//P...d/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189376696000
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: iifghfe - iifghfe.dll (file missing)
O20 - Winlogon Notify: rqrstsq - rqrstsq.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 10465 bytes

not too sure if i did the last one right or i should do the deckard's system scanner

10-16-2007, 11:31 AM	#4 (permalink)
idlehands Registered User Join Date: Oct 2007 Posts: 8 OS: windows xp, service pack number 2	Re: constant pop ups - winantivirus thanx, here's the reports ... ComboFix 07-10-16.1 - Mine 2007-10-16 17:50:53.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.119 [GMT 1:00] Running from: C:\Documents and Settings\Mine\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\system32\ebyidokf.dll C:\WINDOWS\system32\fcwjexqc.dll C:\WINDOWS\system32\fuucnjow.dll C:\WINDOWS\SYSTEM32\kjjjl.bak2 C:\WINDOWS\SYSTEM32\kjjjl.bak2 C:\WINDOWS\SYSTEM32\kjjjl.ini C:\WINDOWS\SYSTEM32\kjjjl.ini C:\WINDOWS\SYSTEM32\kjjjl.ini2 C:\WINDOWS\SYSTEM32\kjjjl.ini2 C:\WINDOWS\SYSTEM32\kjjjl.tmp C:\WINDOWS\SYSTEM32\kjjjl.tmp C:\WINDOWS\system32\ljjjk.dll C:\WINDOWS\system32\ogccclys.dll C:\WINDOWS\system32\pyxxakga.dll C:\WINDOWS\system32\tdxbmgla.dll C:\WINDOWS\system32\tfwkkrqs.dll C:\WINDOWS\system32\xsxuuova.dll C:\WINDOWS\system32\ynlyanfm.dll C:\WINDOWS\system32\ypwgeroq.dll . ((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))) . 2007-10-16 17:47 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-15 14:21 <DIR> d-------- C:\Documents and Settings\Waheeda\Application Data\Comodo 2007-10-15 14:20 <DIR> d-------- C:\Documents and Settings\Waheeda\Application Data\AVG7 2007-10-11 03:10 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-10-10 19:40 582,656 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll 2007-10-08 23:19 <DIR> d-------- C:\Program Files\My Google Gadgets 2007-10-08 23:07 55,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_skt32.sys 2007-10-08 22:58 48,384 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_pkt32.sys 2007-10-08 22:56 <DIR> d-------- C:\Program Files\Common Files\Authentium 2007-10-08 22:53 <DIR> d-------- C:\Program Files\Raxco 2007-10-08 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco 2007-10-08 22:52 <DIR> d-------- C:\Program Files\Common Files\Scanner 2007-10-08 22:52 <DIR> d-------- C:\Program Files\CA 2007-10-08 22:31 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\InstallShield 2007-10-07 19:47 <DIR> d-------- C:\Deckard 2007-10-07 14:33 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-07 14:33 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL 2007-10-07 14:16 <DIR> d-------- C:\Program Files\ZonedOut 2007-10-07 12:17 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\Comodo 2007-10-07 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-10-07 11:26 <DIR> d-------- C:\Program Files\Comodo 2007-10-07 11:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab 2007-10-07 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-06 19:25 <DIR> d-------- C:\Program Files\TrojanHunter 4.0 2007-10-06 05:46 <DIR> d-------- C:\Program Files\MSN Messenger 2007-10-06 02:04 <DIR> d-------- C:\WINDOWS\ERUNT 2007-10-06 01:13 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2007-10-06 01:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-10-05 20:31 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\AVG7 2007-10-05 20:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-10-05 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-05 20:19 29,530,464 --a------ C:\Program Files\avg75free_488a1157.exe 2007-10-05 19:40 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-10-01 20:24 <DIR> d--h----- C:\WINDOWS\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-14 03:32 --------- d-----w C:\Program Files\LimeWire 2007-10-09 00:18 --------- d-----w C:\Program Files\DivX 2007-10-08 21:54 --------- d-----w C:\Program Files\AOL 9.0 2007-10-08 21:45 --------- d-----w C:\Program Files\Virgin Broadband 2007-10-08 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband 2007-10-08 21:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-07 18:24 --------- d-----w C:\Program Files\LG USB Drive2.9 2007-10-07 18:22 --------- d-----w C:\Program Files\Google 2007-10-07 18:22 --------- d-----w C:\Program Files\Digital Line Detect 2007-10-07 18:22 --------- d-----w C:\Program Files\DellSupport 2007-10-07 18:21 --------- d-----w C:\Program Files\Dell Photo AIO Printer 922 2007-10-07 13:20 --------- d-----w C:\Documents and Settings\Waheeda\Application Data\Virgin Broadband 2007-10-07 13:20 --------- d-----w C:\Documents and Settings\Mine\Application Data\Virgin Broadband 2007-10-07 12:50 --------- d-----w C:\Program Files\Java 2007-10-07 10:11 --------- d-----w C:\Program Files\Quicknation 2007-10-06 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2007-09-06 23:43 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{690BA9C4-0FA7-4F20-801E-27BEDAEA6543} 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll 2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll 2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll 2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll 2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll 2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll 2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll 2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll 2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll 2007-08-20 10:04 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll 2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll 2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll 2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll 2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll 2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll 2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll 2007-08-20 10:04 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll 2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll 2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll 2007-08-20 10:04 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll 2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll 2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll 2007-08-20 10:04 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll 2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll 2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll 2007-08-17 10:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe 2007-08-17 10:20 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe 2007-08-17 10:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe 2007-08-17 07:34 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll 2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll 2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll 2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll 2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll 2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe 2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe 2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll 2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll 2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll 2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll 2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll 2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll 2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll 2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll 2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\wups.dll 2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll 2007-07-30 18:18 207,736 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll 2006-08-31 03:20 24,192 ----a-w C:\Documents and Settings\Mine\usbsermptxp.sys 2006-08-31 03:20 22,768 ----a-w C:\Documents and Settings\Mine\usbsermpt.sys 2005-09-16 23:24 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2005-09-13 20:32 32 ----a-r C:\Documents and Settings\All Users\hash.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 17:32] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-20 18:24] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16] "Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40] "LG US"="c:\program files\lg usb drive2.9\lg usb.exe" [2005-02-21 03:53] "Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 19:36] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-01 21:46] "workflow"="D:\installs\workflow.exe" [] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 21:46] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-05 20:29] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-07 11:26] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49] "PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10] "-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 07:43] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2005-04-20 18:23:42] broadband medic.lnk - C:\Program Files\ntl\broadband medic\bin\matcli.exe [2005-07-21 20:26:23] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-04-20 18:18:05] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifghfe] iifghfe.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrstsq] rqrstsq.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] C:\WINDOWS\system32\LgNotify.dll 2004-01-12 06:55 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver ;C:\WINDOWS\system32\DRIVERS\w70n51.sys S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874} S3 USTOR;LG USB Drive;C:\WINDOWS\system32\DRIVERS\UStork.sys . Contents of the 'Scheduled Tasks' folder "2007-10-16 08:30:44 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3AA0273-5D46-428A-BFE4-364028EBE978}.job" . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-16 18:11:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . Completion time: 2007-10-16 18:14:25 - machine was rebooted . --- E O F --- and the other one ... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:24:53, on 16/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\1XConfig.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\program files\lg usb drive2.9\lg usb.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe C:\Program Files\Virgin Broadband\PCguard\Rps.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [LG US] c:\program files\lg usb drive2.9\lg usb.exe sys_auto_run C:\Program Files\LG USB Drive2.9 O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [workflow] D:\installs\workflow.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe" O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://darktwistd.spaces.live.com//P...d/MsnPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189376696000 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: iifghfe - iifghfe.dll (file missing) O20 - Winlogon Notify: rqrstsq - rqrstsq.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe -- End of file - 10465 bytes not too sure if i did the last one right or i should do the deckard's system scanner** Last edited by idlehands; 10-16-2007 at 11:36 AM.