Please help, IE popups at random

[gezuz]

Hi guys, first off I really appreciate anyone taking a looking at this. I'm pretty upset this has happened, as I just formatted my computer due system disk problems. Last night I download Google Sketch Up because I needed it for a project, and later that night I was getting IE popups all over my computer, even though I was using Mozilla. They would even come up at random times, without me being at the computer. I don't currently have a firewall or even virus scan on my computer.

I read the 5 steps to rid myself of this problem, but Panda ActiveScan quits IE in a error when it gets close to finishing, as does dss.exe, leaving me with only a hijackthis log. I really hope someone can help me out with this, I appreciate it a lot. Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:29 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 2352 bytes

[gezuz]

I got dss.exe to work, I'm running Windows XP. here are the results I got.

Deckard's System Scanner v20071014.68
Run by ak on 2007-11-29 18:04:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
46: 2007-11-30 02:04:11 UTC - RP46 - Deckard's System Scanner Restore Point
45: 2007-11-29 07:31:24 UTC - RP45 - Software Distribution Service 3.0
44: 2007-11-29 07:22:33 UTC - RP44 - Deckard's System Scanner Restore Point
43: 2007-11-29 05:57:47 UTC - RP43 - Removed Java 2 Runtime Environment, SE v1.4.2_03
42: 2007-11-28 22:40:36 UTC - RP42 - Removed Google SketchUp LayOut 6


-- First Restore Point --
1: 2007-11-28 10:39:45 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ak.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:29 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\ak\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ak.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07DF5A2D-5ADF-4733-A04B-FBBEBECE644F} - C:\Program Files\Internet Explorer\hokesocul83122.dll (file missing)
O2 - BHO: (no name) - {4CB8F4B4-5F66-4D9E-BC3B-184596A58824} - C:\WINDOWS\system32\cbxyvuu.dll
O2 - BHO: 0 - {4D48E27F-7788-4CA9-CD87-54DD00C172C7} - C:\Program Files\Windows Media Player\lavum443.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {90BC83F4-06EE-4ED0-84E2-19B423EC3A95} - C:\WINDOWS\system32\pmnnk.dll
O2 - BHO: (no name) - {AD1C57AC-7F14-4FB4-9F48-09807E9F12B7} - C:\Program Files\Internet Explorer\hokesocul4444.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: cbxyvuu - C:\WINDOWS\SYSTEM32\cbxyvuu.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\profsyb.html

--
End of file - 3601 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071128-100452-165 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20071128-100452-283 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20071128-100452-363 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20071128-100452-365 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
backup-20071128-100452-689 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=55424
backup-20071128-100452-700 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
backup-20071128-100452-761 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
backup-20071128-100452-820 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20071128-100452-827 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071128-100452-829 O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
backup-20071128-100452-973 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20071128-100453-510 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
backup-20071128-100453-516 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20071128-100453-998 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20071128-100454-364 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20071128-100455-345 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195710395548
backup-20071128-100455-592 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20071128-100456-248 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
backup-20071128-100456-488 O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
backup-20071128-100456-600 O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\profsyb.html
backup-20071128-100456-812 O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
backup-20071128-100456-842 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20071128-100456-864 O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
backup-20071128-100456-895 O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
backup-20071128-100456-928 O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
backup-20071128-100456-949 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
backup-20071128-100456-987 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
backup-20071128-102343-323 O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
backup-20071128-102343-372 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071128-102343-459 O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
backup-20071128-102343-495 O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
backup-20071128-102343-786 O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
backup-20071128-102343-882 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 core - c:\windows\system32\drivers\core.sys
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Network Monitor - c:\program files\network monitor\netmon.exe service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-26 00:13:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-29 and 2007-11-29 -----------------------------

2007-11-29 16:57:54 0 d-------- C:\Program Files\Panicware
2007-11-29 16:43:24 0 d-------- C:\Documents and Settings\ak\Application Data\U3
2007-11-29 13:02:33 0 d-------- C:\Documents and Settings\ak\Application Data\Grisoft
2007-11-29 13:02:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-29 12:57:16 0 d-------- C:\WINDOWS\pss
2007-11-29 01:20:41 0 d-------- C:\Documents and Settings\ak\Application Data\InterVideo
2007-11-29 00:18:54 0 d-------- C:\Program Files\InterActual
2007-11-28 22:00:46 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-28 14:40:47 6958 ---hs---- C:\WINDOWS\system32\knnmp.bak2
2007-11-28 10:03:34 0 d-------- C:\Program Files\Trend Micro
2007-11-28 02:40:40 6496 ---hs---- C:\WINDOWS\system32\knnmp.bak1
2007-11-28 02:39:25 323168 --a------ C:\WINDOWS\system32\pmnnk.dll
2007-11-28 02:20:02 0 d-------- C:\Program Files\Temporary
2007-11-28 02:19:14 46592 --a------ C:\WINDOWS\system32\drivers\FMTR.sys <Not Verified; LocusSoftware, Inc.; FMTR>
2007-11-28 02:19:10 0 d-------- C:\Program Files\SpyGuardPro
2007-11-28 02:19:10 0 d-------- C:\Program Files\Common Files\SpyGuardPro
2007-11-28 02:18:30 169147 --a------ C:\WINDOWS\TTC-4444.exe
2007-11-28 02:17:22 0 d-------- C:\WINDOWS\system32\?ymantec
2007-11-28 02:16:55 7713 --a------ C:\WINDOWS\system32\ldcore.dll
2007-11-28 02:16:49 35840 --a------ C:\WINDOWS\mrofinu77.exe
2007-11-28 02:16:20 36352 --a------ C:\WINDOWS\system32\cbxyvuu.dll
2007-11-28 02:16:16 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-11-28 02:16:14 0 d-------- C:\Program Files\Network Monitor
2007-11-28 02:16:11 80640 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-11-28 02:16:10 0 d-------- C:\WINDOWS\system32\m8
2007-11-28 02:16:10 0 d-------- C:\WINDOWS\system32\j2
2007-11-28 02:16:10 0 d-------- C:\WINDOWS\system32\c1
2007-11-28 02:16:07 0 d-------- C:\WINDOWS\system32\rMa02yy
2007-11-28 02:16:07 0 d-------- C:\Temp
2007-11-28 02:15:54 35840 --a------ C:\WINDOWS\winshow.exe <Not Verified; ; winshow>
2007-11-28 02:13:40 0 d-------- C:\WINDOWS\Sun
2007-11-28 02:03:10 0 d-------- C:\Program Files\Google
2007-11-26 00:14:35 0 d-------- C:\Program Files\iPod
2007-11-26 00:14:28 0 d-------- C:\Program Files\iTunes
2007-11-26 00:13:20 0 d-------- C:\Program Files\QuickTime
2007-11-26 00:13:00 0 d-------- C:\Program Files\Apple Software Update
2007-11-26 00:12:51 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-11-26 00:12:11 0 d-------- C:\Program Files\Common Files\Apple
2007-11-26 00:12:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-25 21:02:00 0 d-------- C:\Program Files\mIRC
2007-11-25 21:02:00 0 d-------- C:\Documents and Settings\ak\Application Data\mIRC
2007-11-23 12:46:19 0 d-------- C:\Program Files\DivX
2007-11-23 11:43:19 0 d-------- C:\Documents and Settings\ak\Application Data\AdobeUM
2007-11-23 11:43:11 0 d-------- C:\Documents and Settings\ak\Application Data\Adobe
2007-11-23 11:43:02 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-23 10:55:38 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-11-23 10:55:32 0 d-------- C:\Program Files\Codec Pack - All In 1
2007-11-23 08:53:07 0 d-------- C:\WINDOWS\RegisteredPackages
2007-11-23 08:51:45 0 d-------- C:\Program Files\Winamp
2007-11-23 08:51:45 0 d-------- C:\Documents and Settings\ak\Application Data\Winamp
2007-11-23 08:02:46 0 d-------- C:\Program Files\Overland
2007-11-23 07:49:35 0 d-------- C:\Program Files\Microsoft Works
2007-11-23 07:49:21 0 d-------- C:\Program Files\MSBuild
2007-11-23 07:47:32 0 d-------- C:\Program Files\Microsoft.NET
2007-11-23 07:39:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-22 19:54:35 0 d-------- C:\Documents and Settings\ak\Application Data\Macromedia
2007-11-22 19:54:28 1429 --a------ C:\WINDOWS\mozver.dat
2007-11-22 18:27:36 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-22 18:27:27 0 d-------- C:\Documents and Settings\ak\Application Data\Mozilla
2007-11-21 23:47:15 0 d-------- C:\Old Akira files
2007-11-21 23:03:35 0 d-------- C:\ZSNES
2007-11-21 22:46:42 0 d-------- C:\Documents and Settings\ak\Application Data\OfficeUpdate12
2007-11-21 22:46:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-21 22:43:20 0 d-------- C:\WINDOWS\SHELLNEW
2007-11-21 22:39:19 0 dr-h----- C:\MSOCache
2007-11-21 22:24:03 0 d-------- C:\WINDOWS\network diagnostic
2007-11-21 22:19:51 0 d-------- C:\Program Files\MSXML 4.0
2007-11-21 21:55:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-11-21 21:49:02 0 d-------- C:\WINDOWS\system32\PreInstall
2007-11-21 21:49:00 0 d--h----- C:\WINDOWS\$hf_mig$
2007-11-21 21:46:17 0 d--hs---- C:\Documents and Settings\ak\UserData
2007-11-21 21:41:36 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-11-21 21:38:52 58048 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-21 21:38:51 108256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
2007-11-21 21:38:33 0 d-------- C:\Program Files\Common Files\Network Associates
2007-11-21 21:28:55 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-21 21:28:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-21 21:28:02 0 d-------- C:\Program Files\Network Associates
2007-11-21 21:22:36 0 d-------- C:\CD files
2007-11-21 21:21:53 0 d-------- C:\Applications
2007-11-21 21:17:37 0 d-------- C:\Documents and Settings\ak\Application Data\Apple Computer
2007-11-21 21:17:24 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-11-21 21:17:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-21 21:17:05 0 d-------- C:\WINDOWS\Downloaded Installations
2007-11-21 21:14:55 483328 --a------ C:\WINDOWS\system32\hphmon05.exe <Not Verified; Hewlett-Packard; HP Photosmart>
2007-11-21 21:14:43 6848 --a------ C:\WINDOWS\system32\hphmon05.dat
2007-11-21 21:14:41 0 d-------- C:\Program Files\Hewlett-Packard
2007-11-21 21:14:38 4308 -----n--- C:\WINDOWS\hphmdl01.dat
2007-11-21 21:14:38 18403 --a------ C:\WINDOWS\HPHins01.dat
2007-11-21 21:12:02 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-11-21 21:12:02 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2007-11-21 21:11:42 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-11-21 21:08:34 0 d-------- C:\Program Files\Common Files\HP
2007-11-21 21:05:53 0 d-------- C:\Program Files\HP
2007-11-21 21:05:26 38867 -----n--- C:\WINDOWS\hpomdl03.dat
2007-11-21 21:05:26 29072 --a------ C:\WINDOWS\hpoins03.dat
2007-11-21 21:04:06 0 d-------- C:\WINDOWS\system32\URTTemp
2007-11-21 21:02:56 0 d-------- C:\Documents and Settings\ak\Application Data\Sun
2007-11-21 21:02:44 0 d-------- C:\Program Files\Java
2007-11-21 21:02:32 0 d-------- C:\Documents and Settings\ak\Application Data\Sonic
2007-11-21 21:02:19 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-11-21 21:02:18 0 d-------- C:\Program Files\Sonic
2007-11-21 21:02:18 0 d-------- C:\Program Files\RecordNow!
2007-11-21 21:01:00 0 d-------- C:\Program Files\Common Files\Intuit
2007-11-21 21:00:50 0 d-------- C:\Program Files\Quicken
2007-11-21 20:59:08 0 d-------- C:\Documents and Settings\ak\Application Data\Symantec
2007-11-21 20:58:57 0 d-------- C:\Program Files\Symantec
2007-11-21 20:58:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-21 20:58:13 0 d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-11-21 20:37:27 0 d-------- C:\Program Files\InterVideo
2007-11-21 20:36:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-11-21 20:36:13 991232 -ra------ C:\WINDOWS\system32\W22MLRES.DLL <Not Verified; Intel Corporation; Intel(R) PRO/Wireless 7100 Adapter>
2007-11-21 20:36:13 0 d-------- C:\Program Files\Intel
2007-11-21 20:35:08 0 d-------- C:\Program Files\ATI Technologies
2007-11-21 20:34:43 0 d-------- C:\Program Files\Synaptics
2007-11-21 20:21:21 32356 -----n--- C:\WINDOWS\system32\pusbfd1.sys <Not Verified; Phoenix Technologies K.K.; USB FDD DRIVER>
2007-11-21 20:21:21 0 d-------- C:\swsetup
2007-11-21 20:21:18 0 d-------- C:\Program Files\HPQ
2007-11-21 20:20:49 0 d-------- C:\WINDOWS\Options
2007-11-21 20:20:44 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-11-21 20:19:59 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2007-11-21 20:19:59 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2007-11-21 20:19:58 978944 --a------ C:\WINDOWS\SynthCoreA.Dll <Not Verified; Analog Devices, Inc.; SoundMAX Wavetable>
2007-11-21 20:19:57 45056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll <Not Verified; Analog Devices, Inc.; Analog Devices, Inc. SynthCore11Resources>
2007-11-21 20:19:57 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not Verified; SoundMAX; Staccato Systems SynthCore R2.0 Synthesizer>
2007-11-21 20:19:57 49152 --a------ C:\WINDOWS\system32\S11thk32.dll <Not Verified; SoundMAX; Staccato Systems SynthCore R2.0 Synthesizer>
2007-11-21 20:19:57 380928 --a------ C:\WINDOWS\SynCor.exe <Not Verified; Analog Devices, Inc.; SynthCore>
2007-11-21 20:19:56 765952 --a------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2007-11-21 20:19:55 0 d-------- C:\WINDOWS\VirtualEar
2007-11-21 20:19:53 44 --a------ C:\WINDOWS\system32\msssc.dll
2007-11-21 20:19:53 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2007-11-21 20:19:53 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2007-11-21 20:19:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-21 20:19:53 0 d-------- C:\Program Files\Analog Devices
2007-11-21 20:19:49 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-21 20:19:37 0 d-a------ C:\hp
2007-11-21 20:19:12 0 d-------- C:\SYSTEM.SAV
2007-11-21 20:18:26 0 d-------- C:\Documents and Settings\ak\Application Data\Identities
2007-11-21 20:18:19 0 dr------- C:\Documents and Settings\ak\Favorites
2007-11-21 20:18:19 0 d-------- C:\Documents and Settings\ak\Desktop
2007-11-21 20:18:19 0 d--hs---- C:\Documents and Settings\ak\Cookies
2007-11-21 20:18:19 0 dr-h----- C:\Documents and Settings\ak\Application Data
2007-11-21 20:18:18 0 d--h----- C:\Documents and Settings\ak\Templates
2007-11-21 20:18:18 0 dr------- C:\Documents and Settings\ak\Start Menu
2007-11-21 20:18:18 0 dr-h----- C:\Documents and Settings\ak\SendTo
2007-11-21 20:18:18 0 dr-h----- C:\Documents and Settings\ak\Recent
2007-11-21 20:18:18 0 d--h----- C:\Documents and Settings\ak\PrintHood
2007-11-21 20:18:18 2621440 --ah----- C:\Documents and Settings\ak\NTUSER.DAT
2007-11-21 20:18:18 0 d--h----- C:\Documents and Settings\ak\NetHood
2007-11-21 20:18:18 0 dr------- C:\Documents and Settings\ak\My Documents
2007-11-21 20:18:18 0 d--h----- C:\Documents and Settings\ak\Local Settings
2007-11-21 20:17:09 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-11-21 20:17:07 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-11-21 20:17:07 0 d-------- C:\WINDOWS\Prefetch
2007-11-21 20:17:05 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-11-21 20:17:05 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-11-21 20:17:05 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-11-21 20:17:05 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-11-21 20:17:04 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-11-21 20:16:33 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-11-21 20:16:33 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-11-21 20:16:33 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-11-21 20:16:33 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-11-21 20:16:32 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-11-21 20:13:08 0 d-------- C:\WINDOWS\system32\xircom
2007-11-21 20:13:08 0 d-------- C:\Program Files\microsoft frontpage
2007-11-21 20:13:05 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-11-21 20:12:57 0 -rahs---- C:\MSDOS.SYS
2007-11-21 20:12:57 0 -rahs---- C:\IO.SYS
2007-11-21 20:12:57 0 --a------ C:\CONFIG.SYS
2007-11-21 20:12:57 0 --a------ C:\AUTOEXEC.BAT
2007-11-21 20:11:57 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-11-21 20:11:46 0 dr------- C:\WINDOWS\Offline Web Pages
2007-11-21 20:11:46 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-21 20:11:34 0 d--h----- C:\Program Files\WindowsUpdate
2007-11-21 20:11:14 0 d-------- C:\WINDOWS\system32\DirectX
2007-11-21 20:10:50 0 d---s---- C:\WINDOWS\Tasks
2007-11-21 20:10:49 0 d-------- C:\Program Files\Common Files\MSSoap
2007-11-21 20:10:46 0 d-------- C:\WINDOWS\srchasst
2007-11-21 20:10:45 0 d-------- C:\WINDOWS\system32\Macromed
2007-11-21 20:10:39 0 d-------- C:\Program Files\Movie Maker
2007-11-21 20:10:33 0 d-------- C:\WINDOWS\system32\Restore
2007-11-21 20:10:17 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-21 20:09:55 0 d-------- C:\WINDOWS\Registration
2007-11-21 20:09:25 0 d-------- C:\Program Files\Online Services
2007-11-21 20:09:20 0 d-------- C:\Program Files\Messenger
2007-11-21 20:09:16 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-21 20:08:46 0 d-------- C:\Program Files\Windows NT
2007-11-21 20:08:44 0 d-------- C:\WINDOWS\system32\MsDtc
2007-11-21 20:08:42 0 d-------- C:\WINDOWS\system32\Com
2007-11-21 11:44:22 0 d--hs---- C:\WINDOWS\Installer
2007-11-21 11:44:21 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-21 11:44:18 0 dr------- C:\Program Files
2007-11-21 11:44:18 0 d-------- C:\Program Files\Common Files
2007-11-21 11:44:18 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-11-21 11:42:31 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-11-21 11:42:31 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-11-21 11:42:31 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-11-21 11:42:31 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-11-21 11:42:31 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-11-21 11:42:31 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-11-21 11:42:31 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-11-21 11:42:31 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-11-21 11:42:31 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-11-21 11:42:31 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-11-21 11:42:31 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-11-21 11:42:31 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-11-21 11:42:31 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-11-21 11:42:31 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-11-21 11:42:31 0 dr------- C:\Documents and Settings\All Users\Documents
2007-11-21 11:42:31 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-11-21 11:42:19 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-11-21 11:42:19 0 d-------- C:\WINDOWS\system32\CatRoot
2007-11-21 11:42:13 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-11-21 11:42:13 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-11-21 11:42:13 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-11-21 11:42:13 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-11-21 11:41:52 0 d--hs---- C:\System Volume Information
2007-11-21 11:41:52 0 d-------- C:\Documents and Settings
2007-11-21 11:35:25 0 d-------- C:\WINDOWS
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\WinSxS
2007-11-21 11:35:25 0 dr------- C:\WINDOWS\Web
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\twain_32
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\wins
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\wbem
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\usmt
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\spool
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\ShellExt
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\Setup
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\ras
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\oobe
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\npp
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\mui
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\inetsrv
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\IME
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\icsxml
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\ias
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\export
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\drivers
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-11-21 11:35:25 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\dhcp
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\config
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\3076
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\2052
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1054
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1042
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1041
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1037
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1033
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1031
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1028
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1025
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\security
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Resources
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\repair
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Provisioning
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\PeerNet
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\pchealth
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\mui
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\msapps
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\msagent
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Media
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\java
2007-11-21 11:35:25 0 d--h----- C:\WINDOWS\inf
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\ime
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Help
2007-11-21 11:35:25 0 dr--s---- C:\WINDOWS\Fonts
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Driver Cache
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Debug
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Cursors
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Connection Wizard
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Config
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\AppPatch
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-11-21 11:42:31 62 --ahs---- C:\Documents and Settings\ak\Application Data\desktop.ini
2007-10-22 10:57:52 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07DF5A2D-5ADF-4733-A04B-FBBEBECE644F}]
C:\Program Files\Internet Explorer\hokesocul83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}]
11/28/2007 02:16 AM 36352 --a------ C:\WINDOWS\system32\cbxyvuu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D48E27F-7788-4CA9-CD87-54DD00C172C7}]
C:\Program Files\Windows Media Player\lavum443.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90BC83F4-06EE-4ED0-84E2-19B423EC3A95}]
11/28/2007 02:39 AM 323168 --a------ C:\WINDOWS\system32\pmnnk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD1C57AC-7F14-4FB4-9F48-09807E9F12B7}]
C:\Program Files\Internet Explorer\hokesocul4444.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/14/2007 11:43 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 01:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows Media Player\profsyb.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}"= C:\WINDOWS\system32\cbxyvuu.dll [11/28/2007 02:16 AM 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyvuu]
cbxyvuu.dll 11/28/2007 02:16 AM 36352 C:\WINDOWS\system32\cbxyvuu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnnk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-11-29 18:07:17 ------------

[gezuz]

Finished pandascan, and bump attached

[forhockey]

Hi gezuz,

Quote:

Hi guys, first off I really appreciate anyone taking a looking at this. I'm pretty upset this has happened, as I just formatted my computer due system disk problems. Last night I download Google Sketch Up because I needed it for a project, and later that night I was getting IE popups all over my computer, even though I was using Mozilla. They would even come up at random times, without me being at the computer. I don't currently have a firewall or even virus scan on my computer.

The first thing you should do after a format is to get Anti-Virus protection!!!! Why on earth would you connect to the internet without one installed??

Lets try and get rid of the popups, then install an Anti-Virus program.

-------------------------------------------------------------

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Download combofix from here or Alternate link

**Save it directly to your desktop**

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

A log will be produced that will ultimately be named C:\ComboFix.txt I'll need that in your next reply

---------------------------------------------------------------

Here are three very good free Antivirus products which are available:

• Avast!
• AVG
• Avira Personal Edition Classic

Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan.

Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

[gezuz]

Forhockey-

Thank you very much for your help. I didn't install anti virusware because I had a presentation due the next day, and I was very stressed out. Getting my computer working was huge, but I still had a lot of work to do. I installed AVG recently, so I have some protection. As your instructions, here is the text file attached.

[gezuz]

Forhockey-

Thank you very much for your help. I didn't install anti virusware because I had a presentation due the next day, and I was very stressed out. Getting my computer working was huge, but I still had a lot of work to do. I installed AVG recently, so I have some protection. As your instructions, here is the text file attached.

[forhockey]

Hi gezuz,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

--------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

KILLALL::

File::
C:\WINDOWS\system32\jpdlkodb.ini
C:\WINDOWS\system32\ejvpllcg.ini

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07DF5A2D-5ADF-4733-A04B-FBBEBECE644F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D48E27F-7788-4CA9-CD87-54DD00C172C7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD1C57AC-7F14-4FB4-9F48-09807E9F12B7}]

Save this as CFScript




Refering to the picture above, drag CFScript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------

Reply back with the following logs:

C:\ComboFix.txt
Kaspersky Online Scan Results
Update on system behavior

[gezuz]

I haven't experienced a popup since the 2nd ComboFix.exe, but I haven't used mozilla much since then. Attached are the two files requested.

Again, thank you for your help. It is much appreciated.

[forhockey]

Hi gezuz,

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

SpyGuardPro

--------------------------------------------------------------

Delete the following Folder indicated in BLUE

C:\Program Files\SpyGuardPro


--------------------------------------------------------------

Run Deckard's System Scanner (dss.exe) again, and post the resulting log.

--------------------------------------------------------------

Please include the following in your next reply:

C:\Deckard\System Scanner\main.txt

[gezuz]

There was nothing under Add/Remove programs, but I deleted the Spyguard folder in Program Files. Attached is the new main.txt. Thanks for taking a look at it.

[forhockey]

Well done, your logs are clean! There are just a few more things I would like you to do.


Go to Start > Run - type ComboFix /u

Click OK

----------------------------------------------------------------

Microsoft Updates

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Malware Prevention Tools

These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.

• SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
• IE-Spyad - Here is an installation guide -> http://www.techsupportforum.com/cont...ticles/63.html
• MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
• McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.
• SpywareGuard - real-time protection that detects and blocks spyware before it can execute.

Alternative Web Browsers

Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

• Firefox
• Opera

Firewalls

If you do not have a firewall, here are a few free ones available for personal use:

Understanding and Using Firewalls

• Comodo Personal Firewall
• ZoneAlarm
• OutPost Firewall

Informational Reading

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

• PC SAFETY AND SECURITY
• How Did I Get Infected In The First Place?.
• THE ANTI-SPYWARE TUTORIAL
• STRONG PASSWORDS

Please respond to this thread one more time so we can mark this thread as resolved.

[gezuz]

Thank you very much, I really appreciate the time you took to do this. I'll keep my computer safe in the future. Thanks again.

[forhockey]

You're welcome. Safe surfing