|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-30-2008, 05:16 AM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 42
OS: Win98/Me/XP
|
[SOLVED] Pop-ups every second warning of virus and spyware
Hi,
My sons computer is infected with something. There are warnings every second in the form of pop-ups, web pages or yellow balloons. I can't determine if these warnings are correct or if the "warnings" are the problem itself. Here is the log: Logfile of random's system information tool 1.04 (written by random/random) Run by Per Andréasson at 2008-10-30 11:47:08 Microsoft Windows XP Professional Service Pack 2 System drive C: has 6 GB (16%) free of 38 GB Total RAM: 1024 MB (61% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:47:10, on 2008-10-30 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Applications\wcs.exe C:\Program Files\Applications\iebtm.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Applications\wcm.exe C:\WINDOWS\system32\algg.exe C:\Program Files\Applications\iebtmm.exe C:\Program Files\VResLab\VResLab.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Per Andréasson\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Per Andréasson.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - C:\Program Files\Applications\iebt.dll O2 - BHO: 512686 helper - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - C:\WINDOWS\system32\512686\512686.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: VResLabWarningBHO Class - {B494E7BB-1E33-4922-A947-F74EFF4E714F} - C:\Program Files\VResLab\VResLabWarning.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\AAV\AAV.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [VResLab] "C:\Program Files\VResLab\VResLab.exe" O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\AAV\AAV.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Skrivbordssökning.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.onlyiesettings.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.onlyiesettings.com/redirect.php (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O22 - SharedTaskScheduler: gey - {ba934431-76af-4c99-93c2-c3d21944a72e} - C:\WINDOWS\system32\gcqltg.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 9108 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Kontrollera uppdateringar för Windows Live Toolbar.job C:\WINDOWS\tasks\Norton Security Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}] dsWebAllowBHO Class - C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 265432] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058}] C:\Program Files\Applications\iebt.dll [2008-10-30 8704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51B15F5A-E98B-4658-B9CB-9307B74773A7}] 512686 Class - C:\WINDOWS\system32\512686\512686.dll [2008-10-28 15872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live inloggningshjälpen - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-07-03 2403392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-22 737776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B494E7BB-1E33-4922-A947-F74EFF4E714F}] VResLabWarningBHO Class - C:\Program Files\VResLab\VResLabWarning.dll [2008-10-23 78848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - Internet Service - C:\Program Files\Applications\iebr.dll [2008-10-28 16896] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-06-18 46592] "CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-08-28 24576] "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] "Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2007-01-15 108160] "D-Link AirPlus XtremeG"=C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe [2006-06-16 1323008] "ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2006-06-01 49152] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-02-25 385024] "ANTIVIRUS"=C:\Program Files\AAV\AAV.exe [2008-10-27 467968] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "smile"=C:\Program Files\Applications\wcs.exe [2008-10-28 19456] "start"=C:\Program Files\Applications\iebtm.exe [2008-10-28 20480] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-05 68856] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] "VResLab"=C:\Program Files\VResLab\VResLab.exe [2008-10-23 1814528] "wblogon"=C:\WINDOWS\system32\algg.exe [2008-10-28 20992] "ANTIVIRUS"=C:\Program Files\AAV\AAV.exe [2008-10-27 467968] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe [2008-03-25 218496] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Windows Skrivbordssökning.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] gey - {ba934431-76af-4c99-93c2-c3d21944a72e} - C:\WINDOWS\system32\gcqltg.dll [2008-10-26 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Ground Control II\gcii.exe"="C:\Program Files\Ground Control II\gcii.exe:*:Enabled:Ground Control II" "C:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe"="C:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe:*:Enabled:Freelancer" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Soldat\Soldat.exe"="C:\Soldat\Soldat.exe:*:Enabled:Soldat" "C:\Documents and Settings\Per Andréasson\My Documents\Download\DE_Full-Client_Downloader.exe"="C:\Documents and Settings\Per Andréasson\My Documents\Download\DE_Full-Client_Downloader.exe:*:Enabled:Full-Client Downloader" "C:\Program Files\Joymax\Darkeden\darkeden.exe"="C:\Program Files\Joymax\Darkeden\darkeden.exe:*:Enabled:DarkEden" "C:\World of Warcraft\BackgroundDownloader.exe"="C:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\VResLab\VResLab.exe"="C:\Program Files\VResLab\VResLab.exe:*:Enabled:VirusResponse Lab 2009" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2008-10-30 11:47:07 ----D---- C:\rsit 2008-10-30 11:27:36 ----A---- C:\WINDOWS\gmer.ini 2008-10-30 11:27:35 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2008-10-30 11:27:35 ----A---- C:\WINDOWS\gmer.exe 2008-10-30 11:27:35 ----A---- C:\WINDOWS\gmer.dll 2008-10-28 12:52:10 ----D---- C:\Program Files\AAV 2008-10-28 12:46:31 ----D---- C:\Program Files\VResLab 2008-10-28 12:46:31 ----A---- C:\WINDOWS\system32\algg.exe 2008-10-28 12:46:28 ----D---- C:\WINDOWS\system32\512686 2008-10-28 12:46:15 ----D---- C:\Program Files\Applications 2008-10-24 20:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-16 20:07:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-16 20:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-16 20:07:14 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-16 20  35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$2008-10-16 20 18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$2008-10-16 18:15:32 ----D---- C:\Program Files\Freelancer Companion 2008-10-16 12:35:45 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard 2008-10-06 10:31:57 ----D---- C:\WINDOWS\Ubisoft ======List of files/folders modified in the last 1 months====== 2008-10-30 11:47:09 ----D---- C:\WINDOWS\Prefetch 2008-10-30 11:27:36 ----D---- C:\WINDOWS 2008-10-30 11:27:35 ----D---- C:\WINDOWS\system32\drivers 2008-10-30 11:12:42 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-30 11:12:41 ----D---- C:\WINDOWS\Temp 2008-10-29 17:34:03 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-10-28 12:52:12 ----D---- C:\WINDOWS\system32 2008-10-28 12:52:10 ----RD---- C:\Program Files 2008-10-26 10:23:56 ----SHD---- C:\WINDOWS\Installer 2008-10-26 10:23:52 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-10-26 10:22:47 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-26 09:35:27 ----AS---- C:\WINDOWS\system32\gcqltg.dll 2008-10-26 09:35:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-24 20:59:28 ----HD---- C:\WINDOWS\inf 2008-10-24 20:59:24 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-10-24 20:58:49 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-21 15:12:30 ----D---- C:\World of Warcraft 2008-10-19 14:55:02 ----A---- C:\WINDOWS\system32\CmdLineExt.dll 2008-10-16 20:07:30 ----A---- C:\WINDOWS\imsins.BAK 2008-10-16 20:07:03 ----D---- C:\Program Files\Internet Explorer 2008-10-16 18:29:41 ----D---- C:\Program Files\EA GAMES 2008-10-16 18:29:40 ----HD---- C:\Program Files\InstallShield Installation Information 2008-10-15 17:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-10 14:00:03 ----D---- C:\Program Files\Norton Security Scan 2008-10-03 18:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2006-12-21 31560] R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2006-02-28 37376] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2007-01-15 43176] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-02-28 14848] R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS [] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2006-12-21 94424] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2006-05-11 472096] R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-07-23 659356] R3 bcm4sbxp;ASUSTeK/Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2002-08-22 41600] R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-08-28 186068] R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-09-19 496800] R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-08-28 6144] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-08-28 136448] R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-08-28 145504] R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-08-28 823456] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-02-28 9600] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-08-28 113840] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-02-28 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480] S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-02-28 60800] S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2007-01-15 23352] S3 bDMusicb;bDMusicb; \??\C:\DOCUME~1\PERAND~1\LOCALS~1\Temp\bDMusicb.sys [] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [] S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-30 85969] S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-08-28 135696] S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-02-28 61824] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2007-01-15 59008] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032] R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520] S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152] S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2007-01-15 132736] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2007-01-15 255616] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2007-01-15 370304] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-03 138168] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader Service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- Best Regards, Tomas |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-31-2008, 02:32 PM
|
#2 (permalink) | |
|
Analyst, Security Team
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,358
OS: W2K SP4 + XP SP2 + Vista
|
Re: Pop-ups every second warning of virus and spyware
Quote:
My name is Katana and I will be helping you to remove any infection(s) that you may have. Please observe these rules while we work:
If you can do those few things, everything should go smoothly  Please Note, your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe ---------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware Please download Malwarebytes' Anti-Malware to your desktop.
----------------------------------------------------------- ----------------------------------------------------------- Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
__________________
 |
|
|
|
|
|
11-02-2008, 12:35 PM
|
#3 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 42
OS: Win98/Me/XP
|
Re: Pop-ups every second warning of virus and spyware
Hi,
Thank you for helping us! I ran Malwarebytes' Anti-Malware. It seems to have done a lot of good. After restarting the computer there hasn't been any more pop-ups and Internet Explorer runs undisturbed. I've posted the log below. Please note that without thinking, I installed Anti-Malware in Swedish. This has resulted in some Swedish headlines in the log file. Sorry about that. Let me know if you need any translations. ComboFix didn't run all the way, though. It deleted some files and then stopped with the message: '"C:\WINDOWS\system32\"' is not recognized as an internal or external command, operable program or batch file. Best regards, Tomas ------ Malwarebytes' Anti-Malware 1.30 Databasversion: 1356 Windows 5.1.2600 Service Pack 2 2008-11-02 19:58:34 mbam-log-2008-11-02 (19-58-34).txt Skanningstyp: Fullständig skanning (C:\|E:\|) Antal skannade objekt: 128146 Förfluten tid: 1 hour(s), 1 minute(s), 54 second(s) Infekterade minnesprocesser: 5 Infekterade minnesmoduler: 1 Infekterade registernycklar: 58 Infekterade registervärden: 12 Infekterade registerdataposter: 14 Infekterade mappar: 13 Infekterade filer: 45 Infekterade minnesprocesser: C:\WINDOWS\system32\algg.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Unloaded process successfully. Infekterade minnesmoduler: C:\WINDOWS\system32\gcqltg.dll (Trojan.Zlob) -> Delete on reboot. Infekterade registernycklar: HKEY_CLASSES_ROOT\CLSID\{ba934431-76af-4c99-93c2-c3d21944a72e} (Trojan.Zlob.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\z444.z444mgr (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2F5E2DA4-B0D9-1715-429D-5B5DCE6535AF} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b494e7bb-1e33-4922-a947-f74eff4e714f} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b494e7bb-1e33-4922-a947-f74eff4e714f} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b494e7bb-1e33-4922-a947-f74eff4e714f} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vreslab (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\VResLab (Rogue.AntiVirusLab) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\vreslabwarning.warningbho (Rogue.AntiVirusLab) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\vreslabwarning.warningbho.1 (Rogue.AntiVirusLab) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VResLab (Rogue.AntiVirusLab) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully. Infekterade registervärden: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ba934431-76af-4c99-93c2-c3d21944a72e} (Trojan.Zlob.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vreslab (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. Infekterade registerdataposter: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. Infekterade mappar: C:\Program Files\VResLab (Rogue.AntiVirusLab) -> Delete on reboot. C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\AAV (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\512686 (Trojan.BHO) -> Quarantined and deleted successfully. Infekterade filer: C:\WINDOWS\system32\gcqltg.dll (Trojan.Zlob.H) -> Delete on reboot. C:\Program Files\VResLab\VResLab.exe (Rogue.VirusHeat) -> Delete on reboot. C:\WINDOWS\system32\512686\512686.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebr.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\VResLab\VResLabWarning.dll (Rogue.PestPatrol) -> Quarantined and deleted successfully. C:\Program Files\VResLab\uninst.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\AAV\AAV.cpl (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. C:\Program Files\AAV\AAV.exe (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. C:\Program Files\AAV\AAV.ooo (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. C:\Program Files\AAV\AAV1.dat (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\AAV.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\algg.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\Online Spyware Test.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Per Andréasson\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Quarantined and deleted successfully. C:\Documents and Settings\Per Andréasson\Desktop\Advanced Antivirus.lnk (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\Per Andréasson\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Per Andréasson\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Per Andréasson\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Per Andréasson\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Per Andréasson\Local Settings\Temp\xrg1.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Per Andréasson\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Per Andréasson\Start Menu\VirusResponse Lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Quarantined and deleted successfully. |
|
|
|
|
11-02-2008, 02:12 PM
|
#4 (permalink) |
|
Analyst, Security Team
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,358
OS: W2K SP4 + XP SP2 + Vista
|
Re: Pop-ups every second warning of virus and spyware
Please have a look for C:\Combofix.txt if you find it, please post the contents here.
If you can't find it please post a fresh RSIT log
__________________
|
|
|
|
|
11-03-2008, 01:56 PM
|
#5 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 42
OS: Win98/Me/XP
|
Re: Pop-ups every second warning of virus and spyware
No Combofix.txt anywhere on the hard drive, I'm afraid.
Here's a fresh RSIT log. Best Regards, Tomas --- Logfile of random's system information tool 1.04 (written by random/random) Run by Per Andréasson at 2008-11-03 21:50:19 Microsoft Windows XP Professional Service Pack 2 System drive C: has 7 GB (18%) free of 38 GB Total RAM: 1024 MB (65% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:50, on 2008-11-03 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Per Andréasson\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Per Andréasson.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Skrivbordssökning.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6496 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Kontrollera uppdateringar för Windows Live Toolbar.job C:\WINDOWS\tasks\Norton Security Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}] dsWebAllowBHO Class - C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 265432] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live inloggningshjälpen - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-07-03 2403392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-22 737776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-06-18 46592] "CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-08-28 24576] "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] "Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2007-01-15 108160] "D-Link AirPlus XtremeG"=C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe [2006-06-16 1323008] "ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2006-06-01 49152] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-02-25 385024] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-05 68856] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Windows Skrivbordssökning.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Ground Control II\gcii.exe"="C:\Program Files\Ground Control II\gcii.exe:*:Enabled:Ground Control II" "C:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe"="C:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe:*:Enabled:Freelancer" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III" "C:\Soldat\Soldat.exe"="C:\Soldat\Soldat.exe:*:Enabled:Soldat" "C:\Documents and Settings\Per Andréasson\My Documents\Download\DE_Full-Client_Downloader.exe"="C:\Documents and Settings\Per Andréasson\My Documents\Download\DE_Full-Client_Downloader.exe:*:Enabled:Full-Client Downloader" "C:\Program Files\Joymax\Darkeden\darkeden.exe"="C:\Program Files\Joymax\Darkeden\darkeden.exe:*:Enabled:DarkEden" "C:\World of Warcraft\BackgroundDownloader.exe"="C:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\VResLab\VResLab.exe"="C:\Program Files\VResLab\VResLab.exe:*:Enabled:VirusResponse Lab 2009" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 3 months====== 2008-11-02 20:16:11 ----D---- C:\WINDOWS\temp 2008-11-02 20:12:49 ----A---- C:\WINDOWS\zip.exe 2008-11-02 20:12:49 ----A---- C:\WINDOWS\VFIND.exe 2008-11-02 20:12:49 ----A---- C:\WINDOWS\SWXCACLS.exe 2008-11-02 20:12:49 ----A---- C:\WINDOWS\SWSC.exe 2008-11-02 20:12:49 ----A---- C:\WINDOWS\SWREG.exe 2008-11-02 20:12:49 ----A---- C:\WINDOWS\sed.exe 2008-11-02 20:12:49 ----A---- C:\WINDOWS\NIRCMD.exe 2008-11-02 20:12:49 ----A---- C:\WINDOWS\grep.exe 2008-11-02 20:12:49 ----A---- C:\WINDOWS\fdsv.exe 2008-11-02 20:12:45 ----D---- C:\Qoobox 2008-11-02 20:12:45 ----D---- C:\ComboFix 2008-11-02 20:12:44 ----A---- C:\WINDOWS\system32\CF20183.exe 2008-11-02 18:52:50 ----D---- C:\Documents and Settings\Per Andréasson\Application Data\Malwarebytes 2008-11-02 18:52:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-02 18:52:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-30 11:47:07 ----D---- C:\rsit 2008-10-30 11:27:36 ----A---- C:\WINDOWS\gmer.ini 2008-10-30 11:27:35 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2008-10-30 11:27:35 ----A---- C:\WINDOWS\gmer.exe 2008-10-30 11:27:35 ----A---- C:\WINDOWS\gmer.dll 2008-10-28 12:46:15 ----D---- C:\Program Files\Applications 2008-10-24 20:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-16 20:07:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-16 20:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-16 20:07:14 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-16 20 35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$2008-10-16 20 18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$2008-10-16 18:15:32 ----D---- C:\Program Files\Freelancer Companion 2008-10-16 12:35:45 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard 2008-10-06 10:31:57 ----D---- C:\WINDOWS\Ubisoft 2008-09-25 20:32:29 ----D---- C:\WINDOWS\system32\CatRoot_bak 2008-09-13 13:35:38 ----D---- C:\Logs 2008-09-12 21:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-09-12 18:09:31 ----D---- C:\World of Warcraft 2008-09-12 18:09:31 ----D---- C:\Program Files\Common Files\Blizzard Entertainment 2008-08-25 17:01:10 ----D---- C:\Program Files\Sun 2008-08-25 17:00:54 ----A---- C:\WINDOWS\system32\javaws.exe 2008-08-25 17:00:54 ----A---- C:\WINDOWS\system32\javaw.exe 2008-08-25 17:00:54 ----A---- C:\WINDOWS\system32\java.exe 2008-08-22 15:05:58 ----D---- C:\Program Files\Joymax 2008-08-22 06:40:03 ----D---- C:\Runescape 2008-08-15 20:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-08-15 20:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-08-15 20:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$ 2008-08-15 20:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-08-15 20:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2008-08-15 20:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-08-15 20:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-08-08 11:42:08 ----D---- C:\Program Files\Three Rings Design ======List of files/folders modified in the last 3 months====== 2008-11-03 21:43:19 ----D---- C:\WINDOWS 2008-11-02 20:36:49 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-02 20:15:13 ----D---- C:\WINDOWS\system32\drivers 2008-11-02 20:15:13 ----D---- C:\WINDOWS\system32 2008-11-02 20:15:11 ----D---- C:\WINDOWS\AppPatch 2008-11-02 20:15:11 ----D---- C:\Program Files\Common Files 2008-11-02 20:13:45 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-02 20:12:45 ----D---- C:\WINDOWS\Prefetch 2008-11-02 20:12:45 ----D---- C:\WINDOWS\ERDNT 2008-11-02 20:01:25 ----RD---- C:\Program Files 2008-11-02 19:09:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-26 10:23:56 ----SHD---- C:\WINDOWS\Installer 2008-10-26 10:23:52 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-10-26 10:22:47 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-26 09:35:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-24 20:59:28 ----HD---- C:\WINDOWS\inf 2008-10-24 20:59:24 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-10-24 20:58:49 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-19 14:55:02 ----A---- C:\WINDOWS\system32\CmdLineExt.dll 2008-10-16 20:07:30 ----A---- C:\WINDOWS\imsins.BAK 2008-10-16 20:07:03 ----D---- C:\Program Files\Internet Explorer 2008-10-16 18:29:41 ----D---- C:\Program Files\EA GAMES 2008-10-16 18:29:40 ----HD---- C:\Program Files\InstallShield Installation Information 2008-10-15 17:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-10 14:00:03 ----D---- C:\Program Files\Norton Security Scan 2008-10-03 18:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll 2008-09-29 18:55:14 ----D---- C:\WINDOWS\system32\CatRoot 2008-09-25 18:40:12 ----D---- C:\WINDOWS\Help 2008-09-12 21:01:51 ----D---- C:\WINDOWS\WinSxS 2008-08-27 09:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-08-26 08:24:31 ----A---- C:\WINDOWS\system32\wininet.dll 2008-08-26 08:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll 2008-08-26 08:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll 2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\url.dll 2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll 2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\occache.dll 2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\mstime.dll 2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\msrating.dll 2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll 2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll 2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll 2008-08-26 08:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll 2008-08-26 08:24:29 ----A---- C:\WINDOWS\system32\iernonce.dll 2008-08-26 08:24:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll 2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll 2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll 2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll 2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\icardie.dll 2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll 2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll 2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll 2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\advpack.dll 2008-08-25 17:00:53 ----D---- C:\Program Files\Java 2008-08-25 09:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe 2008-08-25 09:37:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe 2008-08-23 06:54:51 ----A---- C:\WINDOWS\system32\ieakui.dll 2008-08-22 15:00:31 ----D---- C:\Program Files\LEGO Company 2008-08-21 16:32:26 ----D---- C:\WINDOWS\system32\Restore 2008-08-15 20:02:54 ----D---- C:\Program Files\Messenger 2008-08-14 11:00:45 ----A---- C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 10:22:13 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-09 10:38:14 ----D---- C:\Documents and Settings\Per Andréasson\Application Data\bang ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2006-12-21 31560] R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2006-02-28 37376] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2007-01-15 43176] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-02-28 14848] R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS [] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2006-12-21 94424] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2006-05-11 472096] R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-07-23 659356] R3 bcm4sbxp;ASUSTeK/Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2002-08-22 41600] R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-08-28 186068] R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-09-19 496800] R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-08-28 6144] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-08-28 136448] R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-08-28 145504] R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-08-28 823456] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-02-28 9600] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-08-28 113840] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-02-28 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480] S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-02-28 60800] S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2007-01-15 23352] S3 bDMusicb;bDMusicb; \??\C:\DOCUME~1\PERAND~1\LOCALS~1\Temp\bDMusicb.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [] S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-30 85969] S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-08-28 135696] S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-02-28 61824] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2007-01-15 59008] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032] R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520] S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152] S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2007-01-15 132736] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2007-01-15 255616] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2007-01-15 370304] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-03 138168] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader Service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- |
|
|
|
|
11-03-2008, 02:16 PM
|
#6 (permalink) |
|
Analyst, Security Team
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,358
OS: W2K SP4 + XP SP2 + Vista
|
Re: Pop-ups every second warning of virus and spyware
Step 1
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below
Note: Do not mouse-click combofix's window while it is running. That may cause it to stall. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. ComboFix SHOULD NOT be used unless requested by a forum helper ----------------------------------------------------------- ----------------------------------------------------------- Step 2 Kaspersky Online Scanner . Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal NOTE:- This scan is best done from IE (Internet Explorer) NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html Read the Requirements and limitations before you click Accept. Once the database has downloaded, click My Computer in the left pane Now go and put the kettle on ! When the scan has completed, click Save Report As... Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt) Click Save - by default the file will be saved to your Desktop, but you can change this if you wish. **Note** To optimize scanning time and produce a more sensible report for review:
----------------------------------------------------------- ----------------------------------------------------------- Step 3 Remove Programs Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there, click on the program to highlight it, and click on remove.
----------------------------------------------------------- ----------------------------------------------------------- Step 4 Logs/Information to Post in Reply Please post the following logs/Information in your reply
__________________
|
|
|
|
|
11-04-2008, 04:31 PM
|
#7 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 42
OS: Win98/Me/XP
|
Re: Pop-ups every second warning of virus and spyware
Combofix still doesn't work on this computer, I'm afraid. It runs until it says "Completed Stage_50" and then it stops with the same error message as described earlier. No Combofix log anyware.
I ran Kaspersky. The log is included in this post. I have now removed Java update 3 and 5. The system is much better! I haven't seen any problems since I ran Malwarebytes' Anti-Malware after your first reply. Best Regards, Tomas Here's the Kaspersky log: --- -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, November 5, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, November 04, 2008 16:31:03 Records in database: 1369581 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Files scanned: 91480 Threat name: 1 Infected objects: 2 Suspicious objects: 0 Duration of the scan: 01:20:09 File name / Threat name / Threats count C:\Documents and Settings\Per Andréasson\My Documents\Download\AAVSetup.exe Infected: not-a-virus:FraudTool.Win32.AdvancedAntivirus.i 2 The selected area was scanned. |
|
|
|
|
11-05-2008, 01:56 AM
|
#8 (permalink) |
|
Analyst, Security Team
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,358
OS: W2K SP4 + XP SP2 + Vista
|
Re: Pop-ups every second warning of virus and spyware
I'm glad things are working better, but it's very strange that Combofix won't run ???
Download and Run DirLook Please download DirLook by jpshortstuff from here.
Note: Scanning may take longer for large folders ----------------------------------------------------------- ----------------------------------------------------------- OTMoveIt Please download OTMoveIt3 by OldTimer and save it to your desktop
Code:
:Files C:\Documents and Settings\Per Andréasson\My Documents\Download\AAVSetup.exe :Commands [Purity] [EmptyTemp]
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
__________________
|
|
|
|
|
11-06-2008, 11:54 AM
|
#9 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 42
OS: Win98/Me/XP
|
Re: Pop-ups every second warning of virus and spyware
First I just want to remind you of the fact that I'm very greatful that you take the time to help us with this.
Here are the logs: DirLook: ---- DirLook.exe v2.0 by jpshortstuff Log created at 19:38 on 06/11/2008 ================================== Contents of "C:\Qoobox" ---FOLDERS--- LastRun (Created on 02/11/2008 at 19:12) d----- Quarantine (Created on 02/11/2008 at 19:12) d----- Test (Created on 02/11/2008 at 19:12) d----- TestC (Created on 02/11/2008 at 19:12) d----- ---FILES--- BackEnv (10480 bytes - created on 04/11/2008 at 19:20, modified on 04/11/2008 at 19:41) --a--- ================================== Contents of "C:\ComboFix" ---FOLDERS--- N_ (Created on 04/11/2008 at 19:41) d----- ---FILES--- 023.dat (47118 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- 023v.dat (2126 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- appdata.folder.dat (237 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- Assoc.cmd (3241 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- Attrib.cfexe (11264 bytes - created on 04/11/2008 at 19:41, modified on 28/02/2006 at 12:00) -ra--- autorun_inf.dat (5648 bytes - created on 04/11/2008 at 19:43, modified on 04/11/2008 at 19:43) --a--- badclsid (1937524 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- BitsPath (0 bytes - created on 04/11/2008 at 19:44, modified on 04/11/2008 at 19:44) --a--- BitsStr (485 bytes - created on 04/11/2008 at 19:44, modified on 04/11/2008 at 19:44) --a--- Boot.bat (7809 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- BootSect (7680 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- C.bat (615213 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 20:00) --a--- cache.folder.dat (250 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- Cachetemp0300 (280 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- catchme.cfexe (145920 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- catch_k.dat (66 bytes - created on 04/11/2008 at 19:44, modified on 04/11/2008 at 19:44) --a--- CCS.bat (33 bytes - created on 04/11/2008 at 19:44, modified on 04/11/2008 at 19:44) --a--- cfdummy (8192 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- cfrun (3 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- CFVersionOld (13 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- CHCP.bat (16 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- clsid.dat (470398 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- Combo-Fix.sys (1024 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- Combobatch.bat (6778 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- ComboFix-Download.exe (61440 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- ComboFix.txt (329 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:44) --a--- Cookies.folder.dat (154 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- Creg.dat (573010 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:43) --a--- CregC.cmd (3186 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- CregC.dat (20111 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:44) --a--- d-del2A.dat (0 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:44) --a--- d-del2AA.dat (0 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:44) --a--- dd.cfexe (101376 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- del00 (0 bytes - created on 04/11/2008 at 19:44, modified on 04/11/2008 at 19:44) --a--- DelClsid.bat (1763 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- desktop.folder.dat (99 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- dll_whitelist.dat (3193 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- dnd.dat (16988 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- DPF.sed (298 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- DPF.str (746 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- drevB.dat (283 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:23) --a--- Drives.dat (3 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- Drives00 (606 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- dumphive.cfexe (51200 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- embedded.sed (303 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- Env.sed (628 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- ERDNT.e_e (163328 bytes - created on 04/11/2008 at 19:41, modified on 20/10/2005 at 19:02) --a--- ERDNTDOS.LOC (2815 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- ERDNTWIN.LOC (3275 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- ErrTrap1 (0 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- ERUNT.cfexe (157696 bytes - created on 04/11/2008 at 19:41, modified on 20/10/2005 at 19:00) -ra--- erunt.dat (10 bytes - created on 04/11/2008 at 19:41, modified on 02/11/2008 at 19:12) --a--- ERUNT.LOC (4090 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- Exe.reg (7213 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- executables.dat (117 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- extract.cfexe (52736 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- favorites.folder.dat (103 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- fdsv.cfexe (89504 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- fi.cfexe (110592 bytes - created on 04/11/2008 at 19:41, modified on 12/11/2002 at 04:38) -ra--- Fin.dat (804 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- FIND3M.bat (102259 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- FINDSTR.cfexe (27136 bytes - created on 04/11/2008 at 19:41, modified on 28/02/2006 at 12:00) -ra--- FIXLSP.bat (3849 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- FProps.vbs (15388 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- f_system (0 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- Gateway (13 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- grep.cfexe (80412 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- gsar.cfexe (15360 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- handle.cfexe (181776 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- hidec.exe (1536 bytes - created on 04/11/2008 at 19:41, modified on 16/08/2005 at 00:54) --a--- history.bat (2117 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- image001.gif (1057 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- kmd.dat (11 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- l2mfiles.dat (0 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- Lang.bat (138153 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- LegacyFull (1156 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- LegacyNoSvc (122 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- lnkread.vbs (1528 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- localappdata.folder.dat (226 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- LocalService.dat (225 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- LocalServiceNetworkRestricted.dat (91 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- localsettings.folder.dat (234 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- LocalSystemNetworkRestricted.dat (198 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- Lock (0 bytes - created on 04/11/2008 at 19:43, modified on 04/11/2008 at 19:43) --a--- LSPDone (2 bytes - created on 04/11/2008 at 19:44, modified on 04/11/2008 at 19:44) --a--- LspFixed.reg (46315 bytes - created on 04/11/2008 at 19:44, modified on 04/11/2008 at 19:44) --a--- md5deep.cfexe (40448 bytes - created on 04/11/2008 at 19:41, modified on 02/04/2006 at 20:18) -ra--- MenuFolder.dat (72 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- MenuFolderB.dat (14 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- moveex.cfexe (38400 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- MoveIt.bat (3174 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- mtee.cfexe (11264 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- MWindows.dat (456 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- mypictures.folder.dat (130 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- ND_.bat (3005 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- netsvc.bad.dat (29150 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:44) --a--- netsvc.dat (525 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- NetworkService.dat (88 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- NirCmd.cfexe (28672 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- nircmd.com (28672 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- NirCmd.inf (2161 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- NirCmdC.cfexe (27648 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- NlsLanguageDefault (6 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- notifykeys.dat (176 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- NULL (0 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- OriO4 (513 bytes - created on 04/11/2008 at 19:43, modified on 04/11/2008 at 19:43) --a--- OsId.txt (77 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- OSid.vbs (924 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- OsVer (43 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- patched.af (0 bytes - created on 04/11/2008 at 19:43, modified on 04/11/2008 at 19:43) --a--- pend.txt (802 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- personal.folder.dat (106 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- Policies.dat (1429 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- PreDIR (35 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- Profiles.Folder.dat (285 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- progfile.dat (366530 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:44) --a--- programs.folder.dat (187 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- psexec.cfexe (131072 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- Purity.dat (404 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- purityB.dat (344 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- pv.cfexe (73728 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- raw_system.dat (8246641 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- RCLink (6536 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- RcVer00 (7 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- RegDo.sed (9205 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- region.dat (1277 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- regt.cfexe (146432 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- RenVDel.dat (0 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:43) --a--- RestoreO4.bat (1758 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- rogues.dat (820 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- run.sed (1148 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- run2.sed (287 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- safeboot.dat (329 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- safeboot.def.dat (1660 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- safeboot.def.vista.dat (463 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- SafeBootRepair.bat (15317 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- sed.cfexe (98816 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- SetEnvmt.bat (12755 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- SetPath.bat (10480 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- setpath.cfexe (29990 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- SF.cfexe (49152 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- sfx.cmd (14 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- srizbi.md5 (5404 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- startmenu.folder.dat (105 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- startup.folder.dat (211 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- StartUpFile.dat (15 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- Sum01 (40 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- SuspectLegacy (108 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- suspectSvc.dat (298 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:44) --a--- SvcCovered (43037 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:44) --a--- SvcDiff (0 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- SvcDrv.vbs (1128 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- svcdump (12428 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- SvcDumpB (2866 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- SvcDumpFull (294998 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- SvcFull (2866 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- svchost.dat (555 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- svclist.dat (21114 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- svclist.sed (254 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- SvcTarget.dat (117 bytes - created on 04/11/2008 at 19:42, modified on 02/11/2008 at 19:13) --a--- svc_wht.dat (11934 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- SWREG.cfexe (161792 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- swreg.exe (161792 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- swsc.cfexe (136704 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- swxcacls.cfexe (212480 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- SysPath.dat (4041 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- system_ini.dat (276 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- temp0600 (0 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- temp2200 (0 bytes - created on 04/11/2008 at 19:43, modified on 04/11/2008 at 19:43) --a--- temp3800 (75 bytes - created on 04/11/2008 at 19:43, modified on 04/11/2008 at 19:43) --a--- temp4900 (178 bytes - created on 04/11/2008 at 19:44, modified on 04/11/2008 at 19:44) --a--- temp4901 (0 bytes - created on 04/11/2008 at 19:44, modified on 04/11/2008 at 19:44) --a--- templates.folder.dat (103 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- toolbar.sed (413 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- unhand.dat (581 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- unzip.cfexe (102400 bytes - created on 04/11/2008 at 19:41, modified on 13/04/2003 at 07:00) -ra--- UserFolderB.dat (258 bytes - created on 04/11/2008 at 19:42, modified on 04/11/2008 at 19:42) --a--- V-dll.dat (0 bytes - created on 04/11/2008 at 19:43, modified on 04/11/2008 at 19:43) --a--- V-FilesB.dat (0 bytes - created on 04/11/2008 at 19:43, modified on 04/11/2008 at 19:43) --a--- v-tmp.dat (0 bytes - created on 04/11/2008 at 19:43, modified on 04/11/2008 at 19:43) --a--- vfind.cfexe (49152 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- v_str.dat (4179 bytes - created on 04/11/2008 at 19:43, modified on 04/11/2008 at 19:43) --a--- v_wht.dat (39082 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- whitedir.dat (15461 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- whitedirB.dat (401 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- whitedirCreated.dat (1107 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- WhiteLegacy.dat (2687 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- Windir.dat (70627 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:42) --a--- WRP.cfexe (26112 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- XP.mac (2 bytes - created on 04/11/2008 at 19:41, modified on 04/11/2008 at 19:41) --a--- zDomain.dat (23773 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) --a--- zip.cfexe (68096 bytes - created on 04/11/2008 at 19:41, modified on 31/08/2000 at 07:00) -ra--- ================================== =EOF= ---- OTMoveIt needs to reboot the computer. I will be back in a minute. /Tomas |
|
|
|
|
11-06-2008, 12:02 PM
|
#10 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 42
OS: Win98/Me/XP
|
Re: Pop-ups every second warning of virus and spyware
OTMoveIt log:
---- ========== FILES ========== C:\Documents and Settings\Per Andréasson\My Documents\Download\AAVSetup.exe moved successfully. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11062008_194155 Files moved on Reboot... File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. ---- Best Regards, Tomas |
|
|
|
|
11-06-2008, 12:32 PM
|
#11 (permalink) |
|
Analyst, Security Team
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,358
OS: W2K SP4 + XP SP2 + Vista
|
Re: Pop-ups every second warning of virus and spyware
Please do the following and let me know what happens.
__________________
|
|
|
|
|
11-09-2008, 07:33 AM
|
#13 (permalink) |
|
Analyst, Security Team
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,358
OS: W2K SP4 + XP SP2 + Vista
|
Re: Pop-ups every second warning of virus and spyware
Well, at least Combofix uninstalled correctly
 Congratulations your logs look clean :) Let's see if I can help you keep it that way First lets tidy up Please delete DirLook.exe and C:\dl_log.txt Open OTMoveIt Click Cleanup, it will now connect to the internet and get a list of files to delete. When a box pops up click YES. Delete any logs we have produced and empty your recycle bin The following is some info to help you stay safe and clean. ( Vista users must ensure that any programs are Vista compatible BEFORE installing ) You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future. Online Scanners I would recommend a scan at one or more of the following sites at least once a month. http://www.pandasecurity.com/activescan http://www.kaspersky.com/kos/eng/par...avwebscan.html !!! Make sure that all your programs are updated !!! Secunia Software Inspector does all the work for you, .... see HERE for details AntiSpyware
Prevention
Internet Browsers
Cleaning Temporary Internet Files and Tracking Cookies
Also PLEASE read this article.....So How Did I Get Infected In The First Place The last and most important thing I can tell you is UPDATE. If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk. Malware changes on a day to day basis. You should update every week at the very least. If you follow this advice then (with a bit of luck) you will never have to hear from me again :D If you could post back one more time to let me know everything is OK, then I can have this thread archived. Happy surfing K'
__________________
|
|
|
|
|
11-09-2008, 08:17 AM
|
#14 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 42
OS: Win98/Me/XP
|
Re: Pop-ups every second warning of virus and spyware
Katana,
Thank you once again for your time! I've tidied up after our work and have now started to go through your list of tips for keeping the mashine clean in the future. Best Regards, Tomas |
|
|
|
| Thread Tools | |
|
|
