warning pop up

[shank50_1]

i removed applehebi virus but i need to remove false windows pop up when i launch iexplorer it stops me using google etc.how do i send a log report?
please keep it simple ive tried everything i know.i dont want to remove any
important files.regards john.

[Angelfire777]

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

[shank50_1]

hello i got rid of applehebi virus,but a false security windows message appears,your computer is infected please download anti spyware everytime i use internet explorer,google etc. i have attached log files etc
am using windows xp pro authentic version. i was trying to use winrar thought it was c net but suspect it was hacked version. regards john.



DDS (Version 1.0) - NTFSx86
Run by dell user at 20:11:35.31 on 29/11/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.767.417 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdacoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\dell user\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60287
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-13 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-14 76040]
R2 lxda_device;lxda_device;c:\windows\system32\lxdacoms.exe -service []
S3 NAL;Nal Service ;\??\c:\windows\system32\drivers\iqvw32.sys [2002-11-22 20096]

=============== Created Last 30 ================

2008-11-27 14:24 389,120 a------- c:\windows\system32\CF5000.exe
2008-11-27 13:11 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2008-11-27 12:20 <DIR> --d----- c:\documents and settings\dell user\.housecall6.6
2008-11-26 16:04 607,640 a------- C:\jre-6u10-windows-i586-p-iftw.exe
2008-11-26 16:04 209,816 a------- C:\jre-6u10-windows-i586-p-iftw-k.exe
2008-11-26 16:00 0 a------- C:\jre-6u10-windows-i586-p.exe.bak
2008-11-26 16:00 0 -------- C:\jre-6u10-windows-i586-p.exe
2008-11-26 15:59 1,227 a------- C:\jre-6u10-windows-i586-p.exe.sdm
2008-11-26 15:59 <DIR> --d----- c:\documents and settings\dell user\.SunDownloadManager
2008-11-26 15:55 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-26 15:55 73,728 a------- c:\windows\system32\javacpl.cpl
2008-11-26 10:32 <DIR> --d----- c:\docume~1\dellus~1\applic~1\Malwarebytes
2008-11-26 10:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-11-26 10:20 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-26 10:19 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-26 09:57 <DIR> --d----- c:\docume~1\dellus~1\applic~1\AVGTOOLBAR
2008-11-26 09:57 <DIR> --d----- c:\docume~1\dellus~1\applic~1\iolo
2008-11-26 09:57 <DIR> --d----- c:\docume~1\dellus~1\applic~1\Vso
2008-11-26 09:57 <DIR> --d----- c:\docume~1\dellus~1\applic~1\RegClean
2008-11-26 09:57 <DIR> --dsh--- c:\documents and settings\dell user\UserData
2008-11-26 09:57 <DIR> --d----- c:\documents and settings\dell user\WINDOWS
2008-11-26 09:57 <DIR> --d-h--- c:\documents and settings\dell user\WLANProfiles
2008-11-26 09:57 <DIR> --d----- c:\documents and settings\dell user
2008-11-25 13:48 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2008-11-25 13:40 <DIR> --d----- c:\program files\Windows Live Toolbar
2008-11-25 13:35 <DIR> -cd----- c:\program files\common files\WindowsLiveInstaller
2008-11-20 21:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Arovax
2008-11-20 21:30 <DIR> --d----- c:\program files\Arovax AntiSpyware
2008-11-20 18:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-11-20 17:22 <DIR> --d----- c:\program files\Lavasoft
2008-11-20 17:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft

==================== Find3M ====================

2008-11-20 20:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2008-10-17 11:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-09-15 12:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-10 13:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ahead
2008-09-10 01:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-05-14 09:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2008-05-05 11:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo
2008-04-24 10:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Citrix
2008-04-12 11:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IM
2008-04-12 11:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IncrediMail

============= FINISH: 20:12:24.05 ===============

[sUBs]

You previously ran ComboFix. Please show me the log that it produced.
It should be located at C:\ComboFix.txt

[shank50_1]

hi i have attached the combo fix log below,i got rid of applehebi virus but am redirected to a false windows security pop up when i use internet explorer,it says infected with spyware please download antispyware!
system is wind xp pro sp3 laptop dell latitude d600,i attached other files in an earlier thread,hope this helps.

ComboFix 08-11-30.01 - dell user 2008-12-01 12:10:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.362 [GMT 0:00]
Running from: c:\documents and settings\dell user\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\dell user\Application Data\inst.exe
C:\setup.exe
c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-11-27 13:11 . 2007-08-01 22:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-27 12:20 . 2008-11-27 13:27 <DIR> d-------- c:\documents and settings\dell user\.housecall6.6
2008-11-26 16:04 . 2008-11-26 16:04 607,640 --a------ C:\jre-6u10-windows-i586-p-iftw.exe
2008-11-26 16:04 . 2008-11-26 16:04 209,816 --a------ C:\jre-6u10-windows-i586-p-iftw-k.exe
2008-11-26 16:00 . 2008-11-26 16:00 0 --a------ C:\jre-6u10-windows-i586-p.exe.bak
2008-11-26 16:00 . 2008-11-26 16:03 0 --------- C:\jre-6u10-windows-i586-p.exe
2008-11-26 15:59 . 2008-11-26 16:05 <DIR> d-------- c:\documents and settings\dell user\.SunDownloadManager
2008-11-26 15:59 . 2008-11-26 15:59 1,227 --a------ C:\jre-6u10-windows-i586-p.exe.sdm
2008-11-26 15:55 . 2008-11-26 15:55 <DIR> d-------- c:\windows\Sun
2008-11-26 15:55 . 2008-11-26 15:55 <DIR> d-------- c:\program files\Java
2008-11-26 15:55 . 2008-11-26 15:55 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-26 15:55 . 2008-11-26 15:55 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-26 10:32 . 2008-11-26 10:32 <DIR> d-------- c:\documents and settings\dell user\Application Data\Malwarebytes
2008-11-26 10:32 . 2008-11-26 10:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-26 10:20 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-26 10:19 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-26 09:57 . 2008-11-26 09:57 <DIR> d--h----- c:\documents and settings\dell user\WLANProfiles
2008-11-26 09:57 . 2008-11-26 09:57 <DIR> d-------- c:\documents and settings\dell user\WINDOWS
2008-11-26 09:57 . 2008-11-26 14:48 <DIR> d--hs---- c:\documents and settings\dell user\UserData
2008-11-26 09:57 . 2008-11-26 09:57 <DIR> d-------- c:\documents and settings\dell user\Application Data\Vso
2008-11-26 09:57 . 2008-11-26 09:57 <DIR> d-------- c:\documents and settings\dell user\Application Data\RegClean
2008-11-26 09:57 . 2008-11-26 09:57 <DIR> d-------- c:\documents and settings\dell user\Application Data\iolo
2008-11-26 09:57 . 2008-11-26 09:57 <DIR> d-------- c:\documents and settings\dell user\Application Data\CyberLink
2008-11-26 09:57 . 2008-11-26 09:57 <DIR> d-------- c:\documents and settings\dell user\Application Data\AVGTOOLBAR
2008-11-26 09:57 . 2008-11-26 09:57 <DIR> d-------- c:\documents and settings\dell user\Application Data\Ahead
2008-11-26 09:57 . 2008-11-26 09:57 <DIR> d-------- c:\documents and settings\dell user\Application Data\Acronis
2008-11-26 09:57 . 2008-11-27 12:20 <DIR> d-------- c:\documents and settings\dell user
2008-11-26 09:46 . 2008-11-26 09:50 <DIR> d---s---- c:\documents and settings\Administrator
2008-11-25 14:14 . 2008-11-25 14:14 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Acronis
2008-11-25 13:49 . 2008-11-26 09:51 <DIR> d-------- c:\documents and settings\shank\Contacts
2008-11-25 13:48 . 2008-11-25 13:48 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-25 13:40 . 2008-11-26 09:51 <DIR> d-------- c:\program files\Windows Live Toolbar
2008-11-25 13:35 . 2008-11-26 09:52 <DIR> d----c--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-25 13:34 . 2008-11-25 13:50 <DIR> d-------- c:\program files\Windows Live
2008-11-25 13:34 . 2008-11-25 13:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-24 12:22 . 2008-11-24 12:22 <DIR> d-------- c:\program files\Alwil Software
2008-11-20 21:30 . 2008-11-26 09:55 <DIR> d-------- c:\program files\Arovax AntiSpyware
2008-11-20 21:30 . 2008-11-20 21:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Arovax
2008-11-20 20:46 . 2008-11-20 20:46 <DIR> d-------- c:\documents and settings\shank\Application Data\STOPzilla!
2008-11-20 18:51 . 2008-11-26 09:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-20 18:12 . 2008-11-26 09:56 <DIR> d-------- c:\documents and settings\shank\Application Data\BitTorrent
2008-11-20 18:11 . 2008-11-26 09:56 <DIR> d-------- c:\documents and settings\shank\Application Data\DNA
2008-11-20 17:57 . 2008-11-26 09:57 <DIR> d-------- c:\documents and settings\shank\Application Data\AVGTOOLBAR
2008-11-20 17:53 . 2008-11-26 09:57 <DIR> d---s---- c:\documents and settings\shank
2008-11-20 17:22 . 2008-11-20 17:22 <DIR> d-------- c:\program files\Lavasoft
2008-11-20 17:22 . 2008-11-26 09:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 12:21 33,472,544 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-01 12:18 6,151,913 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-01 12:16 393,044 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-01 11:54 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-21 21:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-20 20:06 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2008-11-20 19:59 3,077,120 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2008-11-20 19:59 1,705,984 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2008-11-19 14:42 2,866,688 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2008-11-18 15:18 452,096 ----a-w c:\windows\Internet Logs\xDB19.tmp
2008-11-13 19:41 3,319,296 ----a-w c:\windows\Internet Logs\xDB17.tmp
2008-11-13 19:41 1,647,616 ----a-w c:\windows\Internet Logs\xDB18.tmp
2008-11-12 11:24 1,641,984 ----a-w c:\windows\Internet Logs\xDB16.tmp
2008-10-31 15:43 1,153,024 ----a-w c:\windows\Internet Logs\xDB15.tmp
2008-10-27 14:01 561,152 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-10-25 00:38 354,304 ----a-w c:\windows\Internet Logs\xDB12.tmp
2008-10-25 00:38 1,613,312 ----a-w c:\windows\Internet Logs\xDB13.tmp
2008-10-24 23:59 3,024,384 ----a-w c:\windows\Internet Logs\xDB10.tmp
2008-10-24 23:59 1,612,800 ----a-w c:\windows\Internet Logs\xDB11.tmp
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 11:28 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 10:52 1,561,600 ----a-w c:\windows\Internet Logs\xDBF.tmp
2008-10-04 01:30 3,287,040 ----a-w c:\windows\Internet Logs\xDBD.tmp
2008-10-04 01:30 1,555,968 ----a-w c:\windows\Internet Logs\xDBE.tmp
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 10:04 3,004,416 ----a-w c:\windows\Internet Logs\xDBC.tmp
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-07-23 11:24 87,608 ----a-w c:\documents and settings\dell user\Application Data\ezpinst.exe
2008-07-23 11:24 47,360 ----a-w c:\documents and settings\dell user\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-31 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-24 413696]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-26 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-12 05:55 110592 c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^dell user^Start Menu^Programs^Startup^Magnifier.lnk]
path=c:\documents and settings\dell user\Start Menu\Programs\Startup\Magnifier.lnk
backup=c:\windows\pss\Magnifier.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\system32\\lxdacoms.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-13 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-14 76040]
R2 lxda_device;lxda_device;c:\windows\system32\lxdacoms.exe -service []
S3 NAL;Nal Service ;\??\c:\windows\system32\Drivers\iqvw32.sys [2002-11-22 20096]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70d00374-8e5c-11dd-b658-000cf1552c17}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.tees.ac.uk/induction/
.
Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE []
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 12:18:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\1XConfig.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdacoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\RegSrvc.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-01 12:22:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-01 12:22:40

Pre-Run: 26,990,284,800 bytes free
Post-Run: 27,013,103,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

214 --- E O F --- 2008-11-26 12:19:26

[shank50_1]

i have submitted the files and combofix log as requested but pop up has gone i think?

[Angelfire777]

I'm sorry but you were supposed to post a DDS log and gmer log.. The link I gave you specifically said that you should not run combofix on your own.

If you did run it anyway, please post all your logs on your next reply so I can take a look at it.

[tetonbob]

Hello, shank50_1 -

Please do not create multiple topics for the same issue. I've merged your several topics into this one. How are we to find your logs if you keep creating new topics? Please bookmark this topic, and also ensure you have email notifications set to instant.

To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Angelfire777, back to you.

[Angelfire777]

Hi,

Are you still being redirected?

Configure your machine to view hidden files:

• Click Start.
• Open My Computer..
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the "Hidden files and folders" heading select Show hidden files and folders.
• Uncheck the Hide Protected Operating System Files Option.
• Click Yes to confirm.
• Click OK.

*delete these leftover folders from programs you've uninstalled previously:

c:\documents and settings\shank\Application Data\BitTorrent
c:\documents and settings\shank\Application Data\DNA
c:\documents and settings\All Users\Application Data\STOPzilla!
c:\documents and settings\shank\Application Data\STOPzilla!
c:\program files\Alwil Software


*Next, it's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

[shank50_1]

sorry angel im new to this site! my problem seems to have gone now you truly are an angel. i love it when youre angry! lol.

[Angelfire777]

lol.. I'm not angry

I suggest you run the scan and allow me to look at the log when it's done

[shank50_1]

hi angel i ran kasperski but the scan showed no threats etc, i assume this is a good thing right? will monitor the situation,thanks for your time and patience,im glad your not angry anymore lol. feel free to e mail me anytime if you get bored with the computer diagnostics.ps. missing you already.take care. john,your obedient servant .riddle, 3 men in a boat they have 4 cigarrettes and no matches! how do they light the cigarrettes?

[Angelfire777]

Yes, that should be a good thing.

Answer to riddle: They throw one cigarette overboard and then the boat
becomes lighter.

I cheated :P

Click start > run > copy and paste:

combofix /u

That will hide your system files, clear your system restore cache and uninstall combofix.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

And miekiemoes' "How to Prevent Malware"

Happy safe surfing!

Note: Please reply to this thread one last time so I could mark it as resolved.

[shank50_1]

hi angel have done as you said,uninstalled combi fix and hidden files,many thanks,will donate,remember angel a heart is not judged by how much you love,but how much you are loved by others.john.