Warning: parse_url(http:///) [function.parse-url]: Unable to parse URL in /includes/init.php(329) : eval()'d code on line 21

Warning: parse_url(http:///) [function.parse-url]: Unable to parse URL in /includes/init.php(329) : eval()'d code on line 21

Warning: parse_url(http:///) [function.parse-url]: Unable to parse URL in /includes/init.php(329) : eval()'d code on line 21

Warning: parse_url(http:///) [function.parse-url]: Unable to parse URL in /includes/init.php(329) : eval()'d code on line 21

Warning: parse_url(http:///) [function.parse-url]: Unable to parse URL in /includes/init.php(329) : eval()'d code on line 21

Warning: parse_url(http:///) [function.parse-url]: Unable to parse URL in /includes/init.php(329) : eval()'d code on line 21
IE Popups and slow booting - Tech Support Forum


Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
IE Popups and slow booting IE Popups and slow booting
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 04-20-2007, 03:50 PM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 9
OS: windows xp


IE Popups and slow booting
im having IE Pop up even when using firefox , ive deleted various things and i have tried scanning with avast and AVG anti spy ware. my computer is booting up ALOT slower too , and i have a problem where when i go on standby mod , i can resume, i have a laptop so i usually just close and opened lid or just tapped the power button , but i can no longer do so , i have to turn off my computer and start it up again,some times i take so long to boot up i go to standby mode and i have to restart again. here is my log anyways

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:47:22 PM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dns\bin\named.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Gigabyte\Gigabyte Super Wireless LAN Card\Installer\Winxp\GNConfig.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:///
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\xrgbfxdw.dll
O2 - BHO: (no name) - {27D79828-5309-4BB0-800D-4D32CC5F9CB8} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll
O2 - BHO: (no name) - {9ADEF869-7503-4F22-B122-3749B5C4B079} - C:\WINDOWS\system32\sstqp.dll
O2 - BHO: (no name) - {9FE7CAAE-652B-48AE-833D-39B3D4AC9513} - (no file)
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GNConfig] "C:\Program Files\Gigabyte\Gigabyte Super Wireless LAN Card\Installer\Winxp\GNConfig.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\nhvcgvvt.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165882650265
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02FDD618-7588-4668-919B-A08AD0C09E68}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{235EBC02-D727-49F6-92DE-35A4F06E1351}: NameServer = 127.0.0.1,192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E58000D9-9978-43AB-81FB-1ECA464F204D}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDDA66AE-7A9F-47DC-9A90-79D929B71779}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02FDD618-7588-4668-919B-A08AD0C09E68}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{02FDD618-7588-4668-919B-A08AD0C09E68}: NameServer = 127.0.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cbxutst - cbxutst.dll (file missing)
O20 - Winlogon Notify: sstqp - C:\WINDOWS\system32\sstqp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: twdns - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe
alchdemon is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-20-2007, 06:00 PM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: IE Popups and slow booting
1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-20-2007, 07:30 PM   #3 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 9
OS: windows xp


Re: IE Popups and slow booting
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:27:59 PM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dns\bin\named.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Gigabyte\Gigabyte Super Wireless LAN Card\Installer\Winxp\GNConfig.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:///
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\xrgbfxdw.dll (file missing)
O2 - BHO: (no name) - {27D79828-5309-4BB0-800D-4D32CC5F9CB8} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll
O2 - BHO: (no name) - {9C1844BD-6688-4C63-A0DE-0A803E1E82C9} - C:\WINDOWS\system32\sstqp.dll (file missing)
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GNConfig] "C:\Program Files\Gigabyte\Gigabyte Super Wireless LAN Card\Installer\Winxp\GNConfig.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165882650265
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02FDD618-7588-4668-919B-A08AD0C09E68}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{235EBC02-D727-49F6-92DE-35A4F06E1351}: NameServer = 127.0.0.1,192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E58000D9-9978-43AB-81FB-1ECA464F204D}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDDA66AE-7A9F-47DC-9A90-79D929B71779}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02FDD618-7588-4668-919B-A08AD0C09E68}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{02FDD618-7588-4668-919B-A08AD0C09E68}: NameServer = 127.0.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cbxutst - cbxutst.dll (file missing)
O20 - Winlogon Notify: sstqp - C:\WINDOWS\system32\sstqp.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: twdns - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe

--
End of file - 10235 bytes

combo fix one
"Administrator" - 07-04-20 21:19:31 Service Pack 2
ComboFix 07-04-21.2V - Running from: C:\Program Files\Mozilla Firefox\


((((((((((((((((((((((((((((((( Files Created from 2007-03-20 to 2007-04-20 ))))))))))))))))))))))))))))))))))


2007-04-20 07:55 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-20 07:55 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-20 07:55 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-19 21:08 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-04-19 01:28 1,408,290 ---hs---- C:\WINDOWS\system32\pqtss.ini2
2007-04-19 00:10 <DIR> d-------- C:\WINDOWS\system32\dns
2007-04-18 22:40 <DIR> d-------- C:\Dr Delete
2007-04-18 22:39 345,322 --a------ C:\DrDeleteExeandSourceRARSFX.exe
2007-04-18 21:29 <DIR> d-------- C:\WINDOWS\pss
2007-04-18 21:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Conceiva
2007-04-18 21:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Conceiva
2007-04-18 21:22 <DIR> d-------- C:\Program Files\Conceiva
2007-04-18 20:12 102,912 --------- C:\WINDOWS\system32\drivers\FWDRV.SYS
2007-04-18 20:11 <DIR> d-------- C:\Program Files\Kerio
2007-04-18 20:04 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sereniti
2007-04-18 18:38 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-18 18:36 24 --a------ C:\DOCUME~1\ADMINI~1\mylist.dat
2007-04-18 18:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-04-18 18:13 <DIR> d-------- C:\Program Files\Security Task Manager
2007-04-18 17:56 10 --a------ C:\WINDOWS\system32\Stcat.dll
2007-04-18 12:57 44 --a------ C:\WINDOWS\system32\Sctas.dll
2007-04-17 19:08 <DIR> d-------- C:\Program Files\MSBuild
2007-04-17 18:55 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-04-13 18:48 <DIR> d-------- C:\Program Files\MSN Messenger
2007-04-11 00:31 1,822,720 --a------ C:\WINDOWS\SkyTel.exe
2007-04-11 00:30 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-04-11 00:28 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-04-10 23:33 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-08 01:01 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Contacts
2007-04-08 01:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-04-08 00:27 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-04-08 00:26 <DIR> d-------- C:\Program Files\Skype
2007-04-06 13:23 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Turbine
2007-03-30 16:31 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2007-03-30 16:31 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\APPLIC~1\SecuROM
2007-03-30 16:31 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-03-30 16:26 <DIR> d--hs---- C:\WINDOWS\CSC
2007-03-28 18:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\GetRightToGo
2007-03-28 16:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
2007-03-27 03:55 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-03-27 03:55 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 03:55 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 03:55 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 03:49 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 03:49 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 03:49 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-03-27 03:49 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 03:49 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-03-27 03:49 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-03-27 03:49 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-03-27 03:49 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 03:48 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 03:48 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 03:48 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 03:48 639,066 --a------ C:\WINDOWS\system32\DivX.dll
2007-03-21 15:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Systweak
2007-03-21 13:21 <DIR> d-------- C:\Program Files\Advanced System Optimizer
2007-03-21 12:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Uniblue
2007-03-21 12:48 <DIR> d-------- C:\Program Files\Uniblue
2007-03-20 22:11 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-03-20 16:33 <DIR> d-------- C:\Program Files\OO Software
2007-03-20 16:29 9,778,920 --a------ C:\OODefrag86ProfessionalEnu.exe
2007-03-20 15:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco
2007-03-20 15:32 <DIR> d-------- C:\Program Files\Raxco


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-20 21:02 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\utorrent
2007-04-20 13:00 -------- d-------- C:\Program Files\free download manager
2007-04-20 07:57 -------- d-------- C:\Program Files\divx
2007-04-19 18:52 -------- d-------- C:\Program Files\world of warcraft
2007-04-18 21:21 -------- d--h----- C:\Program Files\installshield installation information
2007-04-14 02:13 -------- d-------- C:\Program Files\tvuplayer
2007-04-11 00:30 -------- d-------- C:\Program Files\realtek
2007-04-08 00:54 -------- d-------- C:\Program Files\electronic arts
2007-04-08 00:50 -------- d-------- C:\Program Files\tuneup utilities 2006
2007-03-29 10:46 -------- d-------- C:\Program Files\magic total video converter
2007-03-27 03:55 36624 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-03-27 03:55 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 03:55 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-03-26 19:21 4395008 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-03-23 19:19 9715200 --a------ C:\WINDOWS\rtlcpl.exe
2007-03-21 14:49 16126464 --a------ C:\WINDOWS\rthdcpl.exe
2007-03-21 13:00 -------- d-------- C:\Program Files\crack4dfx8_bymechodownload
2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 00:32 -------- d-------- C:\Program Files\hero_online
2007-03-14 17:03 -------- d-------- C:\Program Files\dvd decrypter
2007-03-11 12:29 -------- d-------- C:\Program Files\game cam v1.4
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-01 21:18 -------- d-------- C:\Program Files\warcraft iii
2007-02-15 21:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-15 13:45 707344 --a------ C:\WINDOWS\system32\oodag.exe
2007-02-15 13:34 217360 --a------ C:\WINDOWS\system32\oodbs.exe
2007-02-15 13:16 17168 --a------ C:\WINDOWS\system32\oodagrs.dll
2007-02-15 13:16 11536 --a------ C:\WINDOWS\system32\oodbsrs.dll
2007-02-15 13:15 17168 --a------ C:\WINDOWS\system32\oodagmg.dll
2007-02-15 09:44 16656 --a------ C:\WINDOWS\system32\ootmapi.dll
2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-24 15:27 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\xrgbfxdw.dll [x]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{8170D7DC-BDD6-461e-88EB-F047257898C9} C:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll
{9C1844BD-6688-4C63-A0DE-0A803E1E82C9} C:\WINDOWS\system32\sstqp.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"KTPWare"="C:\\Program Files\\Elantech\\ktp.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"GNConfig"="\"C:\\Program Files\\Gigabyte\\Gigabyte Super Wireless LAN Card\\Installer\\Winxp\\GNConfig.exe\" -nogui"
@=""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Uniblue SpeedUpMyPC"="C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe -s"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxutst
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqp

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Uniblue SpeedUpMyPC"="C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe -s"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"snp2std"="C:\\WINDOWS\\vsnp2std.exe"
"OmniPass"="C:\\Program Files\\Softex\\OmniPass\\scureapp.exe"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"tsnp2std"="C:\\WINDOWS\\system32\\tsnp2std.exe"
"StopSignSsTsMon"="Rundll32.exe \"C:\\Program Files\\Acceleration Software\\Anti-Virus\\sstsmon.dll\",VerifyStatus"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\autoplay.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5945a82-b6fa-11db-9287-0016d41be151}]
Shell\1\Command E:\.\RECYCLER\RECYCLER\autorun.exe
Shell\2\Command E:\.\RECYCLER\RECYCLER\autorun.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-20 21:23:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-20 21:23:29
C:\ComboFix-quarantined-files.txt ... 07-04-20 21:23
alchdemon is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-21-2007, 12:30 AM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: IE Popups and slow booting
If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools → Folder Options → View tab.
  • Tick - 'Show hidden files and folder'
  • Untick - 'Hide file extensions for known types'
  • Untick - 'Hide protected operating system files'
  • Click Yes to confirm & then click OK
Locate and delete the following files/folders: (let me know if you fail to find/delete any)
  • C:\WINDOWS\system32\pqtss.ini2

---------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:///
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\xrgbfxdw.dll (file missing)
O2 - BHO: (no name) - {27D79828-5309-4BB0-800D-4D32CC5F9CB8} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9C1844BD-6688-4C63-A0DE-0A803E1E82C9} - C:\WINDOWS\system32\sstqp.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O20 - Winlogon Notify: cbxutst - cbxutst.dll (file missing)
O20 - Winlogon Notify: sstqp - C:\WINDOWS\system32\sstqp.dll (file missing)


---------------


Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. We only require a report from it.
    It does not provide an option to clean/disinfect.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-21-2007, 03:38 PM   #5 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 9
OS: windows xp


Re: IE Popups and slow booting
wow sry it took so long , my comp has fewer adds now , i havent tried rebooting to see the speed. Im also gonna see if i can resume when i go into standby , my computer has ben having the problem that once i go standby i cant come back anyways here are the logs u told me to post , i had no problem fixing/deleting anything u told me to, also kaspersky found some stuff , man that thing took 3 hours i thikn to scan , but it found stuff my avast couldnt find so =)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:35:07 PM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dns\bin\named.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Gigabyte\Gigabyte Super Wireless LAN Card\Installer\Winxp\GNConfig.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Downloads\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GNConfig] "C:\Program Files\Gigabyte\Gigabyte Super Wireless LAN Card\Installer\Winxp\GNConfig.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165882650265
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02FDD618-7588-4668-919B-A08AD0C09E68}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{235EBC02-D727-49F6-92DE-35A4F06E1351}: NameServer = 127.0.0.1,192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E58000D9-9978-43AB-81FB-1ECA464F204D}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDDA66AE-7A9F-47DC-9A90-79D929B71779}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02FDD618-7588-4668-919B-A08AD0C09E68}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{02FDD618-7588-4668-919B-A08AD0C09E68}: NameServer = 127.0.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: twdns - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe

--
End of file - 9651 bytes
kaspersky
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 21, 2007 5:33:50 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 21/04/2007
Kaspersky Anti-Virus database records: 300235
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 89096
Number of viruses found: 2
Number of infected objects: 13 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:35:36

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\Media\Korn\Follow the Leader\22 Justin.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SecTaskMan\vbictcyf.dll.q_804C034_q Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Softex\OmniPass\btype0.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype256.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype259.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype3.dat Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cmbbfdot.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gkqklvmb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nhvcgvvt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oimapxqg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xrgbfxdw.dll.vir Infected: Trojan.Win32.BHO.g skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xrqxfuwo.dll.vir Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7661952B-2978-4E2F-8DE5-94DC4DC85CCE}\RP153\A0049072.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{7661952B-2978-4E2F-8DE5-94DC4DC85CCE}\RP156\A0050270.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{7661952B-2978-4E2F-8DE5-94DC4DC85CCE}\RP156\A0050271.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{7661952B-2978-4E2F-8DE5-94DC4DC85CCE}\RP156\A0050272.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{7661952B-2978-4E2F-8DE5-94DC4DC85CCE}\RP156\A0050273.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{7661952B-2978-4E2F-8DE5-94DC4DC85CCE}\RP156\A0050274.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{7661952B-2978-4E2F-8DE5-94DC4DC85CCE}\RP157\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{873877B4-4116-410D-87C9-01FFD0DE63CD}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_704.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
alchdemon is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-21-2007, 03:57 PM   #6 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: IE Popups and slow booting
Quote:
My Documents\Media\Korn\Follow the Leader\22 Justin.mp3
Were you listening to this when Kaspersky was scanning?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-21-2007, 04:17 PM   #7 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 9
OS: windows xp


Re: IE Popups and slow booting
no i was not listening to it
alchdemon is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-21-2007, 04:21 PM   #8 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 9
OS: windows xp


Re: IE Popups and slow booting
the song was downloading is segments still , i cant even listen to it , other than thta i did nothing but wait for kaspersky to finish , only thing i did while kaspersky was scanning was check some websites, rest of the time i was doing other stuff away from my computer
alchdemon is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-21-2007, 04:22 PM   #9 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: IE Popups and slow booting
Reboot the machine & have Kaspersky scan that file again. Just that file alone
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!