Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page constant pop ups - winantivirus
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 10-07-2007, 01:13 PM   #1 (permalink)
Registered User
 
idlehands's Avatar
 
Join Date: Oct 2007
Posts: 8
OS: windows xp, service pack number 2


constant pop ups - winantivirus
hi, i think i have a virus, not sure what to do. i keep getting pop ups from winantivirus, and some other random sites whenever i use internet explorer. i'm using firefox until it's fixed. i've done steps 1 to 5. i'd appreciate any help in getting it sorted ....

I have windows xp service pack 2 and i stupidly i didn't replace my virus protection stuff when it expired. i've added avg and firewall and all now though so i don't get anything else ...

Deckard's System Scanner v20070905.67
Run by Mine on 2007-10-07 19:48:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
60: 2007-10-07 18:48:28 UTC - RP270 - Deckard's System Scanner Restore Point
59: 2007-10-07 13:14:24 UTC - RP269 - Configured PCguard
58: 2007-10-07 11:23:38 UTC - RP268 - Removed Google Desktop Plugin - gdSkype
57: 2007-10-07 11:23:03 UTC - RP267 - Removed Google Desktop Plugin - FareCompare
56: 2007-10-07 11:08:15 UTC - RP266 - Removed Java 2 Runtime Environment, SE v1.4.2_03


-- First Restore Point --
1: 2007-07-12 16:34:54 UTC - RP211 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-07 19:50:22
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\S24EvMon.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\1XConfig.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\SYSTEM32\RegSrvc.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ntl\broadband medic\SmartBridge\MotiveSB.exe
C:\Program Files\LG USB Drive2.9\LG USB.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\WINDOWS\SYSTEM32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\WINDOWS\SYSTEM32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mine\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B83AB4C-784A-4582-A80D-7AD69912EE52} - C:\WINDOWS\SYSTEM32\ljjjk.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\SYSTEM32\ypwgeroq.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKEY_LOCAL_MACHINE\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [LG US] c:\program files\lg usb drive2.9\lg usb.exe sys_auto_run C:\Program Files\LG USB Drive2.9
O4 - HKEY_LOCAL_MACHINE\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKEY_LOCAL_MACHINE\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKEY_LOCAL_MACHINE\..\Run: [workflow] D:\installs\workflow.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\ibvjcggm.dll",sitypnow
O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKEY_LOCAL_MACHINE\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://darktwistd.spaces.live.com//P...d/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189376696000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: iifghfe - C:\WINDOWS\system32\iifghfe.dll (file missing)
O20 - Winlogon Notify: ljjjk - C:\WINDOWS\SYSTEM32\ljjjk.dll
O20 - Winlogon Notify: rqrstsq - C:\WINDOWS\system32\rqrstsq.dll (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\SYSTEM32\LgNotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\SYSTEM32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\SYSTEM32\S24EvMon.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.2.1.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S2 CSS DVP - c:\windows\system32\drivers\css-dvp.sys (file missing)
S3 ApfiltrService (Alps Touch Pad Filter Driver for Windows 2000/XP) - c:\windows\system32\drivers\apfiltr.sys (file missing)
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel(R) iQVW32.SYS>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
S3 USTOR (LG USB Drive) - c:\windows\system32\drivers\ustork.sys <Not Verified; USB Mass Storage.; USB Mass Storage Device>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc - c:\windows\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-06 21:27:10 420 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3AA0273-5D46-428A-BFE4-364028EBE978}.job


-- Files created between 2007-09-07 and 2007-10-07 -----------------------------

2007-10-07 14:59:06 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-07 14:59:00 0 d-------- C:\WINDOWS\LastGood
2007-10-07 14:33:04 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-10-07 14:33:04 0 d-------- C:\Program Files\SpywareBlaster
2007-10-07 14:16:23 0 d-------- C:\Program Files\ZonedOut
2007-10-07 12:17:09 0 d-------- C:\Documents and Settings\Mine\Application Data\Comodo
2007-10-07 12:16:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-07 11:26:39 0 d-------- C:\Program Files\Comodo
2007-10-07 11:20:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-07 11:20:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-06 19:25:15 0 d-------- C:\Program Files\TrojanHunter 4.0
2007-10-06 18:26:32 11840 --a------ C:\WINDOWS\system32\ypwgeroq.dll
2007-10-06 05:46:51 0 d-------- C:\Program Files\MSN Messenger
2007-10-06 02:04:28 0 d-------- C:\WINDOWS\ERUNT
2007-10-06 01:13:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-06 01:13:10 0 d-------- C:\Program Files\Windows Live Toolbar
2007-10-05 21:10:14 0 dr-h----- C:\$VAULT$.AVG
2007-10-05 20:31:33 0 d-------- C:\Documents and Settings\Mine\Application Data\AVG7
2007-10-05 20:29:53 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-05 20:29:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-05 20:09:15 0 d-------- C:\Documents and Settings\Faheema\Application Data\Google
2007-10-05 20:08:46 0 d-------- C:\Documents and Settings\Faheema\Application Data\Mozilla
2007-10-05 19:40:41 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-10-05 16:48:59 11840 --a------ C:\WINDOWS\system32\ynlyanfm.dll
2007-10-05 00:16:47 1083319 ---hs---- C:\WINDOWS\system32\kjjjl.bak2
2007-10-04 22:37:59 297568 --a------ C:\WINDOWS\system32\ljjjk.dll
2007-10-01 20:24:15 0 d--h----- C:\WINDOWS\PIF
2007-09-07 00:43:39 0 d--h----- C:\Documents and Settings\All Users\Application Data\{690BA9C4-0FA7-4F20-801E-27BEDAEA6543}
2007-09-07 00:40:59 0 d-------- C:\iTutorial_Structure


-- Find3M Report ---------------------------------------------------------------

2007-10-07 19:24:25 0 d-------- C:\Program Files\LG USB Drive2.9
2007-10-07 19:22:31 0 d-------- C:\Program Files\Google
2007-10-07 19:22:07 0 d-------- C:\Program Files\Digital Line Detect
2007-10-07 19:22:07 0 d-------- C:\Program Files\DellSupport
2007-10-07 19:21:55 0 d-------- C:\Program Files\Dell Photo AIO Printer 922
2007-10-07 14:20:02 0 d-------- C:\Documents and Settings\Mine\Application Data\Virgin Broadband
2007-10-07 14:20:00 0 d-------- C:\Program Files\Virgin Broadband
2007-10-07 14:19:33 0 d-------- C:\Program Files\Common Files
2007-10-07 13:50:53 0 d-------- C:\Program Files\Java
2007-10-07 11:11:28 0 d-------- C:\Program Files\Quicknation
2007-09-17 0728 0 d-------- C:\Program Files\LimeWire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B83AB4C-784A-4582-A80D-7AD69912EE52}]
04/10/2007 22:38 297568 --a------ C:\WINDOWS\system32\ljjjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}]
06/10/2007 18:26 11840 --a------ C:\WINDOWS\system32\ypwgeroq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [28/05/2003 17:32]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/10/2004 16:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [20/04/2005 18:24]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [07/01/2004 01:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 01:05]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [27/01/2005 01:02]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [27/01/2003 17:16]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [30/12/2003 10:40]
"RecoverFromReboot"="C:\WINDOWS\Temp\RecoverFromReboot.exe" []
"LG US"="c:\program files\lg usb drive2.9\lg usb.exe" [21/02/2005 03:53]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [10/11/2004 19:36]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/09/2005 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/09/2005 09:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/06/2006 21:46]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [24/01/2007 14:12]
"workflow"="D:\installs\workflow.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [13/08/2007 21:46]
"FolderView"="C:\WINDOWS\system32\ibvjcggm.dll" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [05/10/2007 20:29]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [07/10/2007 11:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14/03/2007 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 11:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [30/07/2007 07:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Mine\Start Menu\Programs\Startup\
DESKTOP.INI [10/08/2004 13:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [20/04/2005 18:23:42]
broadband medic.lnk - C:\Program Files\ntl\broadband medic\bin\matcli.exe [21/07/2005 20:26:23]
DESKTOP.INI [10/08/2004 13:04:12]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [20/04/2005 18:18:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8CEFE835-8EBF-420F-AFA2-807008E32917}"= C:\WINDOWS\system32\iifghfe.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifghfe]
iifghfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjk]
C:\WINDOWS\system32\ljjjk.dll 04/10/2007 22:38 297568 C:\WINDOWS\SYSTEM32\ljjjk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrstsq]
rqrstsq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 12/01/2004 06:55 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL




-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 abloga.info #[Spamdexing]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com

16862 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-10-07 19:53:31 ------------



Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ajnabee\Cookies\ajnabee@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ajnabee\Cookies\ajnabee@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ajnabee\Cookies\ajnabee@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ajnabee\Cookies\ajnabee@doubleclick[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Ajnabee\Cookies\ajnabee@maxserving[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ajnabee\Cookies\ajnabee@questionmarket[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ajnabee\Cookies\ajnabee@tribalfusion[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Faheema\Cookies\faheema@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Faheema\Cookies\faheema@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Faheema\Cookies\faheema@adrevolver[3].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Faheema\Cookies\faheema@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Faheema\Cookies\faheema@advertising[1].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Faheema\Cookies\faheema@adviva[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Faheema\Cookies\faheema@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Faheema\Cookies\faheema@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Faheema\Cookies\faheema@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Faheema\Cookies\faheema@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Faheema\Cookies\faheema@mediaplex[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Faheema\Cookies\faheema@serving-sys[2].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Faheema\Cookies\faheema@xmts[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Faheema\Cookies\faheema@zedo[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Guest\Cookies\guest@serving-sys[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.com.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.advertising.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.xiti.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.go.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.adserver.easyad.info/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.overture.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.adviva.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\seufnt0s.default\cookies.txt[.888.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@112.2o7[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@247realmedia[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@2o7[2].txt
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@7search[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@adrevolver[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@ads.pointroll[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@adserver.filefront[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@advertising[1].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@adviva[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@as1.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@ath.belnk[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@belnk[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@bluestreak[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@bravenet[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@burstnet[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@c.goclick[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@casalemedia[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@centrport[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@cgi-bin[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@clickbank[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@counter.hitslink[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@dist.belnk[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@fastclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@findwhat[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@kmpads[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@perf.overture[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@phg.hitbox[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@serving-sys[2].txt
Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@smartadserver[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@statse.webtrendslive[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@tickle[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@tribalfusion[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@valueclick[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@weborama[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@www.burstbeacon[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@www5.addfreestats[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@yadro[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Waheeda\Cookies\waheeda@zedo[1].txt
Virus:Generic Trojan Disinfected C:\Program Files\Internet Explorer\BTOW Shared Files\btwebcontrol.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-3211123470-71134558-3376146041-1006\Dc824\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-3211123470-71134558-3376146041-1006\Dc825.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-3211123470-71134558-3376146041-1006\Dc832\apps\Process.exe
Virus:Trj/WmaDownloader.F Disinfected C:\RECYCLER\S-1-5-21-3211123470-71134558-3376146041-1006\Dc940.wma
Attached Files
File Type: txt extra.txt (14.9 KB, 0 views)
idlehands is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-10-2007, 03:17 PM   #2 (permalink)
Registered User
 
idlehands's Avatar
 
Join Date: Oct 2007
Posts: 8
OS: windows xp, service pack number 2


Re: constant pop ups - winantivirus
BUMP (past 72 hours) oh yeah also my computer's running slower than it used to ... and i'm now getting the pop-ups with firefox as well, though less frequent than i do with internet explorer ...
idlehands is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-14-2007, 04:55 AM   #3 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: constant pop ups - winantivirus
1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to s
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 11:31 AM   #4 (permalink)
Registered User
 
idlehands's Avatar
 
Join Date: Oct 2007
Posts: 8
OS: windows xp, service pack number 2


Re: constant pop ups - winantivirus
thanx, here's the reports ...

ComboFix 07-10-16.1 - Mine 2007-10-16 17:50:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.119 [GMT 1:00]
Running from: C:\Documents and Settings\Mine\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ebyidokf.dll
C:\WINDOWS\system32\fcwjexqc.dll
C:\WINDOWS\system32\fuucnjow.dll
C:\WINDOWS\SYSTEM32\kjjjl.bak2
C:\WINDOWS\SYSTEM32\kjjjl.bak2
C:\WINDOWS\SYSTEM32\kjjjl.ini
C:\WINDOWS\SYSTEM32\kjjjl.ini
C:\WINDOWS\SYSTEM32\kjjjl.ini2
C:\WINDOWS\SYSTEM32\kjjjl.ini2
C:\WINDOWS\SYSTEM32\kjjjl.tmp
C:\WINDOWS\SYSTEM32\kjjjl.tmp
C:\WINDOWS\system32\ljjjk.dll
C:\WINDOWS\system32\ogccclys.dll
C:\WINDOWS\system32\pyxxakga.dll
C:\WINDOWS\system32\tdxbmgla.dll
C:\WINDOWS\system32\tfwkkrqs.dll
C:\WINDOWS\system32\xsxuuova.dll
C:\WINDOWS\system32\ynlyanfm.dll
C:\WINDOWS\system32\ypwgeroq.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.

2007-10-16 17:47 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 14:21 <DIR> d-------- C:\Documents and Settings\Waheeda\Application Data\Comodo
2007-10-15 14:20 <DIR> d-------- C:\Documents and Settings\Waheeda\Application Data\AVG7
2007-10-11 03:10 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-10 19:40 582,656 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2007-10-08 23:19 <DIR> d-------- C:\Program Files\My Google Gadgets
2007-10-08 23:07 55,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_skt32.sys
2007-10-08 22:58 48,384 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_pkt32.sys
2007-10-08 22:56 <DIR> d-------- C:\Program Files\Common Files\Authentium
2007-10-08 22:53 <DIR> d-------- C:\Program Files\Raxco
2007-10-08 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2007-10-08 22:52 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-10-08 22:52 <DIR> d-------- C:\Program Files\CA
2007-10-08 22:31 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\InstallShield
2007-10-07 19:47 <DIR> d-------- C:\Deckard
2007-10-07 14:33 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-07 14:33 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
2007-10-07 14:16 <DIR> d-------- C:\Program Files\ZonedOut
2007-10-07 12:17 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\Comodo
2007-10-07 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-07 11:26 <DIR> d-------- C:\Program Files\Comodo
2007-10-07 11:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-10-07 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-06 19:25 <DIR> d-------- C:\Program Files\TrojanHunter 4.0
2007-10-06 05:46 <DIR> d-------- C:\Program Files\MSN Messenger
2007-10-06 02:04 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-06 01:13 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-10-06 01:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-05 20:31 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\AVG7
2007-10-05 20:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-05 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-05 20:19 29,530,464 --a------ C:\Program Files\avg75free_488a1157.exe
2007-10-05 19:40 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-01 20:24 <DIR> d--h----- C:\WINDOWS\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 03:32 --------- d-----w C:\Program Files\LimeWire
2007-10-09 00:18 --------- d-----w C:\Program Files\DivX
2007-10-08 21:54 --------- d-----w C:\Program Files\AOL 9.0
2007-10-08 21:45 --------- d-----w C:\Program Files\Virgin Broadband
2007-10-08 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2007-10-08 21:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-07 18:24 --------- d-----w C:\Program Files\LG USB Drive2.9
2007-10-07 18:22 --------- d-----w C:\Program Files\Google
2007-10-07 18:22 --------- d-----w C:\Program Files\Digital Line Detect
2007-10-07 18:22 --------- d-----w C:\Program Files\DellSupport
2007-10-07 18:21 --------- d-----w C:\Program Files\Dell Photo AIO Printer 922
2007-10-07 13:20 --------- d-----w C:\Documents and Settings\Waheeda\Application Data\Virgin Broadband
2007-10-07 13:20 --------- d-----w C:\Documents and Settings\Mine\Application Data\Virgin Broadband
2007-10-07 12:50 --------- d-----w C:\Program Files\Java
2007-10-07 10:11 --------- d-----w C:\Program Files\Quicknation
2007-10-06 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-09-06 23:43 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{690BA9C4-0FA7-4F20-801E-27BEDAEA6543}
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-30 18:18 207,736 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2006-08-31 03:20 24,192 ----a-w C:\Documents and Settings\Mine\usbsermptxp.sys
2006-08-31 03:20 22,768 ----a-w C:\Documents and Settings\Mine\usbsermpt.sys
2005-09-16 23:24 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-09-13 20:32 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 17:32]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-20 18:24]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40]
"LG US"="c:\program files\lg usb drive2.9\lg usb.exe" [2005-02-21 03:53]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 19:36]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-01 21:46]
"workflow"="D:\installs\workflow.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 21:46]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-05 20:29]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-07 11:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 07:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2005-04-20 18:23:42]
broadband medic.lnk - C:\Program Files\ntl\broadband medic\bin\matcli.exe [2005-07-21 20:26:23]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-04-20 18:18:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifghfe]
iifghfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrstsq]
rqrstsq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2004-01-12 06:55 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver ;C:\WINDOWS\system32\DRIVERS\w70n51.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874}
S3 USTOR;LG USB Drive;C:\WINDOWS\system32\DRIVERS\UStork.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-16 08:30:44 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3AA0273-5D46-428A-BFE4-364028EBE978}.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 18:11:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-16 18:14:25 - machine was rebooted
.
--- E O F ---

and the other one ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:53, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\program files\lg usb drive2.9\lg usb.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LG US] c:\program files\lg usb drive2.9\lg usb.exe sys_auto_run C:\Program Files\LG USB Drive2.9
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [workflow] D:\installs\workflow.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://darktwistd.spaces.live.com//P...d/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189376696000
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: iifghfe - iifghfe.dll (file missing)
O20 - Winlogon Notify: rqrstsq - rqrstsq.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 10465 bytes


not too sure if i did the last one right or i should do the deckard's system scanner
Last edited by idlehands; 10-16-2007 at 11:36 AM.
idlehands is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 11:43 AM   #5 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: constant pop ups - winantivirus
Do a HijackThis scan & place a check next to these items and select "Fix checked":

O20 - Winlogon Notify: iifghfe - iifghfe.dll (file missing)
O20 - Winlogon Notify: rqrstsq - rqrstsq.dll (file missing)


---------------


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 03:58 PM   #6 (permalink)
Registered User
 
idlehands's Avatar
 
Join Date: Oct 2007
Posts: 8
OS: windows xp, service pack number 2


Re: constant pop ups - winantivirus
I did everything and didn't encounter any problems. Used internet explorer for a bit and it seemed faster and I didn't get any pop-ups yey, not sure if they're gone for good. These are the reports ...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:35, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\program files\lg usb drive2.9\lg usb.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LG US] c:\program files\lg usb drive2.9\lg usb.exe sys_auto_run C:\Program Files\LG USB Drive2.9
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [workflow] D:\installs\workflow.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://darktwistd.spaces.live.com//P...d/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189376696000
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 10508 bytes

KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 16, 2007 10:49:54 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/10/2007
Kaspersky Anti-Virus database records: 436887
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 65143
Number of viruses found 6
Number of infected objects 30
Number of suspicious objects 0
Duration of the scan process 02:12:13

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Virgin Broadband\PCguard\Logs\Firewall - Blocked Packets - 10-16-2007--18-12-53.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Virgin Broadband\PCguard\Logs\FirewallService10-16-2007--18-10-04.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Virgin Broadband\PCguard\Logs\Fw_Session.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Virgin Broadband\PCguard\Logs\SafetyConsoleLog10-16-2007--18-11-14.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Virgin Broadband\PCguard\Logs\ServiceModel10-16-2007--18-11-05.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mine\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Mine\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Mine\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Mine\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Mine\Application Data\Virgin Broadband\advisor\client_gateway.log Object is locked skipped
C:\Documents and Settings\Mine\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\rpm1n.cf1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1m.cf1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1mh.ht1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\rpm1nh.ht1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\History\History.IE5\MSHist012007101620071017\index.dat Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Temp\fla16E6.tmp Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Temp\~DF187A.tmp Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Temp\~DF449D.tmp Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Temp\~DF8AB4.tmp Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Temp\~DFC27A.tmp Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Temporary Internet Files\Content.IE5\R24QO7T6\get_video[1] Object is locked skipped
C:\Documents and Settings\Mine\My Documents\My Videos\vdownloader\VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped
C:\Documents and Settings\Mine\My Documents\My Videos\vdownloader.zip/VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped
C:\Documents and Settings\Mine\My Documents\My Videos\vdownloader.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Mine\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mine\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CA\PPRT\logs\2007-10-16.csv Object is locked skipped
C:\Program Files\ntl\broadband medic\log\mpbtn.log Object is locked skipped
C:\Program Files\ntl\broadband medic\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\ntl\broadband medic\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\ntl\broadband medic\SmartBridge\SmartBridge.log Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ebyidokf.dll.vir Infected: Trojan.Win32.BHO.om skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\fcwjexqc.dll.vir Infected: Trojan.Win32.BHO.om skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\fuucnjow.dll.vir Infected: Trojan.Win32.BHO.om skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ljjjk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wb skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ogccclys.dll.vir Infected: Trojan.Win32.BHO.om skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\pyxxakga.dll.vir Infected: Trojan.Win32.BHO.om skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\tdxbmgla.dll.vir Infected: Trojan.Win32.BHO.om skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\tfwkkrqs.dll.vir Infected: Trojan.Win32.BHO.om skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\xsxuuova.dll.vir Infected: Trojan.Win32.BHO.om skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ynlyanfm.dll.vir Infected: Trojan.Win32.BHO.om skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ypwgeroq.dll.vir Infected: Trojan.Win32.BHO.om skipped
C:\qoobox\Quarantine\catchme2007-10-16_181027.94.zip/ljjjk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wb skipped
C:\qoobox\Quarantine\catchme2007-10-16_181027.94.zip ZIP: infected - 1 skipped
C:\quarantine\adv494[1].htm.Vir Infected: Exploit.HTML.ObjData skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP247\A0062438.dll Infected: not-a-virus:AdWare.Win32.Comet.bb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP269\A0064775.dll Infected: not-a-virus:Dialer.Win32.BT.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP272\A0067209.dll Infected: Trojan.Win32.BHO.om skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP272\A0067210.dll Infected: Trojan.Win32.BHO.om skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP272\A0067211.dll Infected: Trojan.Win32.BHO.om skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP272\A0067212.dll Infected: Trojan.Win32.BHO.om skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP272\A0067213.dll Infected: Trojan.Win32.BHO.om skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP272\A0067214.dll Infected: Trojan.Win32.BHO.om skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP272\A0067215.dll Infected: Trojan.Win32.BHO.om skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP272\A0067216.dll Infected: Trojan.Win32.BHO.om skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP272\A0067217.dll Infected: Trojan.Win32.BHO.om skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP272\A0067218.dll Infected: Trojan.Win32.BHO.om skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP272\A0067224.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP272\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
idlehands is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 04:35 PM   #7 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: constant pop ups - winantivirus
Quote:
C:\Documents and Settings\Mine\My Documents\My Videos\vdownloader\VDownloader.exe ------> Downloader.Win32.VDown.a skipped
C:\Documents and Settings\Mine\My Documents\My Videos\vdownloader.zip/VDownloader.exe ------> Downloader.Win32.VDown.a skipped
C:\Documents and Settings\Mine\My Documents\My Videos\vdownloader.zip ZIP: infected - 1
This is a program that you use. Kaspersky flagged it as malicious.
Please let me know if you would like to keep it.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 05:51 PM   #8 (permalink)
Registered User
 
idlehands's Avatar
 
Join Date: Oct 2007
Posts: 8
OS: windows xp, service pack number 2


Re: constant pop ups - winantivirus
yeah wouldn't mind keeping it if you know how i can, if not it can go ...
idlehands is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 05:57 PM   #9 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: constant pop ups - winantivirus
In that case, we'll leave it be & go after the rest of the other files.

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\quarantine\adv494[1].htm.Vir"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

nircmd wait 3000
start combofix /u
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 06:02 PM   #10 (permalink)
Registered User
 
idlehands's Avatar
 
Join Date: Oct 2007
Posts: 8
OS: windows xp, service pack number 2


Re: constant pop ups - winantivirus
Fix.bat said deleted successfully .. with exclamation marks
idlehands is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 06:08 PM   #11 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: constant pop ups - winantivirus
Did ComboFix not uninstall itself?
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 06:13 PM   #12 (permalink)
Registered User
 
idlehands's Avatar
 
Join Date: Oct 2007
Posts: 8
OS: windows xp, service pack number 2


Re: constant pop ups - winantivirus
yeah it did, sorry didn't realise i should write that too ha! yup uninstalled and the fix.bat said deleted successfully
idlehands is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 06:20 PM   #13 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: constant pop ups - winantivirus
Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. ANTIVIRUS SOFTWARE
    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  2. FIREWALL
    Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here ? http://www.bleepingcomputer.com/forums/tutorial60.html


  3. Microsoft Windows Update ? http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  4. SPYWAREBLASTER
    SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

    Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial49.html


  5. IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Kindly respond to this thread once more so we can mark this thread as resolved.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 06:28 PM   #14 (permalink)
Registered User
 
idlehands's Avatar
 
Join Date: Oct 2007
Posts: 8
OS: windows xp, service pack number 2


Re: constant pop ups - winantivirus
That's amazing! Thank you so much for your help and time, I really appreciate it, and I will definitely follow those steps to make sure it doesn't happen again. You're a real life saver
idlehands is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:35 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85