Antivirus 2009 pop up 2

2skids · 01-16-2009, 12:39 AM

hi

sorry i didnt get back sooner
Antivirus 2009 pop up

Quote:

I keep getting this pop up, that tries to get me to download a .exe file, i know its bogus, I just want to get rid of it - see pic

also, sometimes IE opens up (i usually use firefox), and continually opens another tab after tab, not letting me close IE until its finished opening them all up

I've used clean up exe. then spybot then malawarebytes anti malaware, but its still there

The problem appears to have gone away since i installed a new anti virus Trend Micro.

any chance someone can can just check my log, to make sure its not hiding in the background or something.

DDS (Ver_09-01-07.01) - NTFSx86
Run by Mark at 17:38:44.03 on Fri 16/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1405 [GMT 11:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Telstra\BigPond Assist\assist.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Mark\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://www.dell.com
uWindow Title = Microsoft Internet Explorer provided by BigPond
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.bigpond.com
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1dfff0b3-9443-4c5d-8939-b482de434b24} - c:\windows\system32\zeyoheko.dll
BHO: WebCGMHlprObj Class: {56b38f40-4e70-11d4-a076-0080ad86ba2f} - c:\windows\cgmopenbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - No File
BHO: {A5366673-E8CA-11D3-9CD9-0090271D075B} - No File
BHO: {BDF3E430-B101-42AD-A544-FADC6B084872} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
mRun: [ecc] c:\program files\telstra\bigpond assist\assist.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imaget~1.lnk - c:\program files\sony corporation\image transfer\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: <NO NAME> =
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
AppInit_DLLs: c:\windows\system32\ c:\windows\system32\ c:\windows\system32\viyezoya.dll c:\windows\system32\kelinepe.dll c:\windows\system32\votoselu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll,
LSA: Notification Packages = scecli c:\windows\system32\kelinepe.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles\n8wt800b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\documents and settings\mark\application data\mozilla\firefox\profiles\n8wt800b.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\videoegg\loader\4115\npvideoegg-loader.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-7 28544]
R3 ip100xp;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2009-1-3 26752]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-7-30 334352]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-6-28 826512]
R4 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-1-11 49680]
R4 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-1-11 492888]
R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-7-30 36368]
R4 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-1-11 677128]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-3-10 20160]
S4 COSIDS_TB;COSIDS_TB;c:\progra~1\cosids\bin\TbMux32.exe [2005-5-26 165376]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-01-11 18:01 144,912 a------- c:\windows\system32\drivers\tmcomm.sys
2009-01-11 18:01 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-01-11 18:01 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-01-11 18:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-01-11 17:59 <DIR> --d----- c:\program files\Trend Micro
2009-01-11 17:49 <DIR> --d----- c:\docume~1\mark\applic~1\SiteAdvisor
2009-01-09 11:19 120 ---sh--- c:\windows\system32\ayivurob.ini
2009-01-09 10:53 120 ---sh--- c:\windows\system32\iyepukel.ini
2009-01-08 11:19 120 ---sh--- c:\windows\system32\ahewugid.ini
2009-01-07 18:26 120 ---sh--- c:\windows\system32\ivezukek.ini
2009-01-07 17:58 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-01-05 17:42 120 ---sh--- c:\windows\system32\apunegiw.ini
2009-01-04 10:16 <DIR> --d----- c:\program files\Lavasoft
2009-01-04 10:15 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-03 22:36 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-03 22:36 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-03 22:36 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-03 22:36 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-03 18:59 26,752 a----r-- c:\windows\system32\drivers\ipfnd51.sys
2008-12-26 20:26 <DIR> --d----- c:\program files\Free Video Joiner
2008-12-25 21:58 8,704 a------- c:\windows\system32\vidccleaner.exe
2008-12-25 21:58 217,088 a------- c:\windows\system32\skjpeg40.dll
2008-12-25 21:58 83,968 a------- c:\windows\system32\Skbase40.dll

==================== Find3M ====================

2008-12-13 17:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-27 12:42 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2008-11-27 12:42 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2008-11-27 12:39 1,195,384 a------- c:\windows\system32\drivers\vsapint.sys
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-10-24 22:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 23:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 23:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2006-03-05 10:44 21,254,280 a------- c:\program files\AdbeRdr707_en_US.exe
2004-06-27 18:16 4,871 a------- c:\documents and settings\mark\versions.dat
2002-07-31 19:55 230 ---sh--- c:\windows\WSYS049.SYS
2006-05-04 22:08 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-19 18:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat

============= FINISH: 17:40:07.98 ===============

**amateur** · 01-20-2009, 01:10 PM

Hello and welcome to TSF.

If you still need help, please post a fresh DDS.txt as it has been a while since you posted. Do not attach the dds.txt. Copy/paste the contents of the report directly into the reply box.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don’t hear from you in three days this thread will be closed.

2skids · 01-21-2009, 02:13 AM

DDS (Ver_09-01-18.01) - NTFSx86
Run by Mark at 20:10:54.04 on Wed 21/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1401 [GMT 11:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Telstra\BigPond Assist\assist.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Documents and Settings\Mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://www.dell.com
uWindow Title = Microsoft Internet Explorer provided by BigPond
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.bigpond.com
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1dfff0b3-9443-4c5d-8939-b482de434b24} - c:\windows\system32\zeyoheko.dll
BHO: WebCGMHlprObj Class: {56b38f40-4e70-11d4-a076-0080ad86ba2f} - c:\windows\cgmopenbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - No File
BHO: {A5366673-E8CA-11D3-9CD9-0090271D075B} - No File
BHO: {BDF3E430-B101-42AD-A544-FADC6B084872} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
mRun: [ecc] c:\program files\telstra\bigpond assist\assist.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imaget~1.lnk - c:\program files\sony corporation\image transfer\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: <NO NAME> =
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
AppInit_DLLs: c:\windows\system32\ c:\windows\system32\ c:\windows\system32\viyezoya.dll c:\windows\system32\kelinepe.dll c:\windows\system32\votoselu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll,
LSA: Notification Packages = scecli c:\windows\system32\kelinepe.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles\n8wt800b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\documents and settings\mark\application data\mozilla\firefox\profiles\n8wt800b.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\videoegg\loader\4115\npvideoegg-loader.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-7 28544]
R3 ip100xp;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2009-1-3 26752]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-7-30 334352]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-6-28 826512]
R4 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-1-11 49680]
R4 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-1-11 492888]
R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-7-30 36368]
R4 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-1-11 677128]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-3-10 20160]
S4 COSIDS_TB;COSIDS_TB;c:\progra~1\cosids\bin\TbMux32.exe [2005-5-26 165376]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-01-16 17:42 250 a------- c:\windows\gmer.ini
2009-01-11 18:01 144,912 a------- c:\windows\system32\drivers\tmcomm.sys
2009-01-11 18:01 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-01-11 18:01 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-01-11 18:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-01-11 17:59 <DIR> --d----- c:\program files\Trend Micro
2009-01-11 17:49 <DIR> --d----- c:\docume~1\mark\applic~1\SiteAdvisor
2009-01-09 11:19 120 ---sh--- c:\windows\system32\ayivurob.ini
2009-01-09 10:53 120 ---sh--- c:\windows\system32\iyepukel.ini
2009-01-08 11:19 120 ---sh--- c:\windows\system32\ahewugid.ini
2009-01-07 18:26 120 ---sh--- c:\windows\system32\ivezukek.ini
2009-01-07 17:58 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-01-05 17:42 120 ---sh--- c:\windows\system32\apunegiw.ini
2009-01-04 10:16 <DIR> --d----- c:\program files\Lavasoft
2009-01-04 10:15 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-03 22:36 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-03 22:36 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-03 22:36 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-03 22:36 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-03 18:59 26,752 a----r-- c:\windows\system32\drivers\ipfnd51.sys
2008-12-26 20:26 <DIR> --d----- c:\program files\Free Video Joiner
2008-12-25 21:58 8,704 a------- c:\windows\system32\vidccleaner.exe
2008-12-25 21:58 217,088 a------- c:\windows\system32\skjpeg40.dll
2008-12-25 21:58 83,968 a------- c:\windows\system32\Skbase40.dll

==================== Find3M ====================

2008-12-13 17:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-27 12:42 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2008-11-27 12:42 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2008-11-27 12:39 1,195,384 a------- c:\windows\system32\drivers\vsapint.sys
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-10-24 22:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 23:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 23:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2006-03-05 10:44 21,254,280 a------- c:\program files\AdbeRdr707_en_US.exe
2004-06-27 18:16 4,871 a------- c:\documents and settings\mark\versions.dat
2002-07-31 19:55 230 ---sh--- c:\windows\WSYS049.SYS
2006-05-04 22:08 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-19 18:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat

============= FINISH: 20:12:40.26 ===============

**amateur** · 01-21-2009, 05:38 AM

Hi,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

2skids · 01-22-2009, 12:03 AM

Danke

ComboFix 09-01-21.02 - Mark 2009-01-22 17:29:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1504 [GMT 11:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ahewugid.ini
c:\windows\system32\apunegiw.ini
c:\windows\system32\ayivurob.ini
c:\windows\system32\ivezukek.ini
c:\windows\system32\iyepukel.ini
c:\windows\system32\open.ico
c:\windows\system32\sirenacm(2).dll
c:\windows\system32\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-22 to 2009-01-22 )))))))))))))))))))))))))))))))
.

2009-01-22 09:45 . 2009-01-22 09:45 <DIR> d-------- c:\windows\SYSTEM32\Service
2009-01-16 17:42 . 2009-01-16 17:42 250 --a------ c:\windows\gmer.ini
2009-01-11 18:01 . 2008-07-30 03:06 144,912 --a------ c:\windows\SYSTEM32\DRIVERS\tmcomm.sys
2009-01-11 18:01 . 2008-07-30 03:06 50,192 --a------ c:\windows\SYSTEM32\DRIVERS\tmactmon.sys
2009-01-11 18:01 . 2008-07-30 03:06 49,680 --a------ c:\windows\SYSTEM32\DRIVERS\tmevtmgr.sys
2009-01-11 18:00 . 2009-01-11 18:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2009-01-11 17:59 . 2009-01-11 18:01 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 17:49 . 2009-01-11 17:49 <DIR> d-------- c:\documents and settings\Mark\Application Data\SiteAdvisor
2009-01-07 17:58 . 2008-06-19 17:24 28,544 --a------ c:\windows\SYSTEM32\DRIVERS\pavboot.sys
2009-01-04 11:33 . 2009-01-04 11:33 <DIR> d-------- c:\documents and settings\Administrator.DELLA\Application Data\Malwarebytes
2009-01-04 10:16 . 2009-01-04 10:16 <DIR> d-------- c:\program files\Lavasoft
2009-01-04 10:16 . 2009-01-04 10:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-04 10:15 . 2009-01-04 10:15 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-03 22:36 . 2009-01-03 22:36 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-03 22:36 . 2009-01-03 22:36 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-03 22:36 . 2009-01-03 22:36 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-03 22:36 . 2009-01-03 22:36 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-03 18:59 . 2006-03-27 13:48 26,752 -ra------ c:\windows\SYSTEM32\DRIVERS\ipfnd51.sys
2008-12-26 20:26 . 2008-12-26 20:28 <DIR> d-------- c:\program files\Free Video Joiner
2008-12-25 21:58 . 1998-07-09 20:41 217,088 --a------ c:\windows\SYSTEM32\skjpeg40.dll
2008-12-25 21:58 . 1998-03-04 11:40 83,968 --a------ c:\windows\SYSTEM32\Skbase40.dll
2008-12-25 21:58 . 2004-03-09 11:39 8,704 --a------ c:\windows\SYSTEM32\vidccleaner.exe
2008-12-25 21:56 . 2008-12-25 21:56 <DIR> d-------- c:\documents and settings\Mark\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 06:35 --------- d-----w c:\program files\LimeWire
2009-01-11 06:54 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-11 06:54 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 06:54 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-09 08:35 --------- d-----w c:\program files\Java
2008-12-25 10:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 01:42 36,368 ----a-w c:\windows\system32\drivers\tmpreflt.sys
2008-11-27 01:42 205,328 ----a-w c:\windows\system32\drivers\tmxpflt.sys
2008-11-27 01:39 1,195,384 ----a-w c:\windows\system32\drivers\vsapint.sys
2006-03-04 23:44 21,254,280 ----a-w c:\program files\AdbeRdr707_en_US.exe
2004-06-27 07:16 4,871 ----a-w c:\documents and settings\Mark\versions.dat
2006-05-04 11:08 2,516 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
2008-09-19 07:26 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008091920080920\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-30 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ecc"="c:\program files\Telstra\BigPond Assist\assist.exe" [2004-12-17 278528]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-30 970808]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\SYSTEM32\nwiz.exe]
"SMSERIAL"="sm56hlpr.exe" [2004-12-29 c:\windows\sm56hlpr.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-04-06 24576]
Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2004-04-17 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclUSBSrv.exe"=
"c:\\WINDOWS\\SYSTEM32\\dwwin.exe"=
"c:\\WINDOWS\\SYSTEM32\\taskmgr.exe"=

R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [2009-01-07 28544]
R3 ip100xp;ASUS NX1001 Network Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\ipfnd51.sys [2009-01-03 26752]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\SYSTEM32\DRIVERS\TM_CFW.sys [2008-07-30 334352]
R4 tmevtmgr;tmevtmgr;c:\windows\SYSTEM32\DRIVERS\tmevtmgr.sys [2009-01-11 49680]
R4 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-01-11 492888]
R4 tmpreflt;tmpreflt;c:\windows\SYSTEM32\DRIVERS\tmpreflt.sys [2008-07-30 36368]
R4 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-01-11 677128]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\SYSTEM32\DRIVERS\ADM8511.SYS [2007-03-10 20160]
S4 COSIDS_TB;COSIDS_TB;c:\progra~1\COSIDS\BIN\TbMux32.exe [2005-05-26 165376]
.
Contents of the 'Scheduled Tasks' folder

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1dfff0b3-9443-4c5d-8939-b482de434b24} - c:\windows\system32\zeyoheko.dll
HKCU-Run-Sonic RecordNow! - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = <local>;*.local
DPF: {6E50ED2D-0791-4A2E-B0C1-F1AF044CE3F7} - hxxp://daltrnsql.attenza.com/ap/bin/SystemProfiler.cab
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\n8wt800b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\n8wt800b.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 17:40:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-01-22 17:48:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-22 06:47:16

Pre-Run: 57,279,844,352 bytes free
Post-Run: 57,283,989,504 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=4 Default=4 Failed=7 LastKnownGood=2 Sets=1,2,4,6,7
204 --- E O F --- 2008-12-18 12:13:03

**amateur** · 01-22-2009, 05:31 AM

Hi,

You have the following old programs that can be removed via Add or Remove Programs in Control Panel. Old java versions have vulnerabilities and must be removed. Leave Java(TM) 6 Update 11 alone as it's the latest version:

e-tax 2004
e-tax 2005
e-tax 2006
e-tax 2006 - FTB Module
e-tax 2007
e-tax 2007 - FTB Module
e-tax 2008
HijackThis 1.99.1

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Java Servlet Development Kit 2.0
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

Looks like you don't have LimeWire any more, which is good. You can go ahead and delete its folder too:

c:\program files\LimeWire

=============================================

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

===========================================

Please post back the Kaspersky report and let me know how the computer is running now.

2skids · 01-23-2009, 06:45 PM

My Computer seems to be working fine now

here the report, and thanks so much for your help

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 24, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, January 23, 2009 18:01:56
Records in database: 1675780
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 159369
Threat name: 4
Infected objects: 6
Suspicious objects: 1
Duration of the scan: 02:38:17

File name / Threat name / Threats count
C:\Documents and Settings\Mark\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1FF.tmp Infected: Trojan.Win32.Monder.aidz 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\200.tmp Infected: Trojan.Win32.Agent.bfdf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\201.tmp Infected: Trojan.Win32.Agent.bfdf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\202.tmp Infected: Trojan.Win32.Agent.bfdf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\26.tmp Infected: Trojan.Win32.Agent.bfdf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\29.tmp Infected: Trojan-Spy.Win32.Agent.jrg 1

The selected area was scanned.

**amateur** · 01-23-2009, 08:43 PM

Hi,

Quote:

My Computer seems to be working fine now

Good to hear that.

The items detected by Kaspersky are in the Quarantine folder of Trend Micro and in the Deleted Items folder of your Outlook Express. Unfortunately, Kaspersky does not indicate the specific infected mail. Therefore, I would suggest that you empty the Deleted Items folder.

If you have no further malware issues, you're all set to go. The logs are clean.

Click Start then Run
Now type Combofix /u in the runbox and click OK. Notice the space between the Combofix and the /

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

It's vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Secunia Software Inspector Scan can help you find out which programs need to be updated.

Please respond to this thread one more time so we can mark this thread as resolved.

Happy Surfing and Think Prevention!

2skids · 01-24-2009, 03:59 AM

resolved

thanks again for all your help

**amateur** · 01-24-2009, 08:26 PM

You're very welcome. Glad we could help. Stay safe!

01-20-2009, 01:10 PM	#2 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,441 OS: XP SP3	Re: Antivirus 2009 pop up 2 Hello and welcome to TSF. If you still need help, please post a fresh DDS.txt as it has been a while since you posted. Do not attach the dds.txt. Copy/paste the contents of the report directly into the reply box. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Please note that the forum is very busy and if I don’t hear from you in three days this thread will be closed. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

01-21-2009, 02:13 AM	#3 (permalink)
2skids Registered User Join Date: Jun 2005 Posts: 19 OS: xp	Re: Antivirus 2009 pop up 2 DDS (Ver_09-01-18.01) - NTFSx86 Run by Mark at 20:10:54.04 on Wed 21/01/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1401 [GMT 11:00] AV: Trend Micro Internet Security On-access scanning enabled (Updated) FW: Trend Micro Personal Firewall enabled ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Telstra\BigPond Assist\assist.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Documents and Settings\Mark\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.au/ uDefault_Page_URL = hxxp://www.dell.com uWindow Title = Microsoft Internet Explorer provided by BigPond uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.bigpond.com mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com.au/ uInternet Settings,ProxyOverride = <local>;.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: {1dfff0b3-9443-4c5d-8939-b482de434b24} - c:\windows\system32\zeyoheko.dll BHO: WebCGMHlprObj Class: {56b38f40-4e70-11d4-a076-0080ad86ba2f} - c:\windows\cgmopenbho.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - No File BHO: {A5366673-E8CA-11D3-9CD9-0090271D075B} - No File BHO: {BDF3E430-B101-42AD-A544-FADC6B084872} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [Sonic RecordNow!] uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe mRun: [ecc] c:\program files\telstra\bigpond assist\assist.exe mRun: [UpdReg] c:\windows\UpdReg.EXE mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SMSERIAL] sm56hlpr.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imaget~1.lnk - c:\program files\sony corporation\image transfer\SonyTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE mPolicies-explorer: <NO NAME> = IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll AppInit_DLLs: c:\windows\system32\ c:\windows\system32\ c:\windows\system32\viyezoya.dll c:\windows\system32\kelinepe.dll c:\windows\system32\votoselu.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll, LSA: Notification Packages = scecli c:\windows\system32\kelinepe.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles\n8wt800b.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ FF - component: c:\documents and settings\mark\application data\mozilla\firefox\profiles\n8wt800b.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\videoegg\loader\4115\npvideoegg-loader.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service FF - user.js: network.proxy.type - 0 FF - user.js: network.proxy.http - user_pref(network.proxy.http_port,); FF - user.js: network.proxy.no_proxies_on - ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-7 28544] R3 ip100xp;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2009-1-3 26752] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-7-30 334352] R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664] R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-6-28 826512] R4 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-1-11 49680] R4 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-1-11 492888] R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-7-30 36368] R4 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-1-11 677128] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-3-10 20160] S4 COSIDS_TB;COSIDS_TB;c:\progra~1\cosids\bin\TbMux32.exe [2005-5-26 165376] ============== File Associations =============== regfile=regedit.exe "%1" % scrfile="%1" %* =============== Created Last 30 ================ 2009-01-16 17:42 250 a------- c:\windows\gmer.ini 2009-01-11 18:01 144,912 a------- c:\windows\system32\drivers\tmcomm.sys 2009-01-11 18:01 50,192 a------- c:\windows\system32\drivers\tmactmon.sys 2009-01-11 18:01 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys 2009-01-11 18:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro 2009-01-11 17:59 <DIR> --d----- c:\program files\Trend Micro 2009-01-11 17:49 <DIR> --d----- c:\docume~1\mark\applic~1\SiteAdvisor 2009-01-09 11:19 120 ---sh--- c:\windows\system32\ayivurob.ini 2009-01-09 10:53 120 ---sh--- c:\windows\system32\iyepukel.ini 2009-01-08 11:19 120 ---sh--- c:\windows\system32\ahewugid.ini 2009-01-07 18:26 120 ---sh--- c:\windows\system32\ivezukek.ini 2009-01-07 17:58 28,544 a------- c:\windows\system32\drivers\pavboot.sys 2009-01-05 17:42 120 ---sh--- c:\windows\system32\apunegiw.ini 2009-01-04 10:16 <DIR> --d----- c:\program files\Lavasoft 2009-01-04 10:15 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2009-01-03 22:36 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-01-03 22:36 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-01-03 22:36 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-01-03 22:36 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-01-03 18:59 26,752 a----r-- c:\windows\system32\drivers\ipfnd51.sys 2008-12-26 20:26 <DIR> --d----- c:\program files\Free Video Joiner 2008-12-25 21:58 8,704 a------- c:\windows\system32\vidccleaner.exe 2008-12-25 21:58 217,088 a------- c:\windows\system32\skjpeg40.dll 2008-12-25 21:58 83,968 a------- c:\windows\system32\Skbase40.dll ==================== Find3M ==================== 2008-12-13 17:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll 2008-11-27 12:42 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys 2008-11-27 12:42 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys 2008-11-27 12:39 1,195,384 a------- c:\windows\system32\drivers\vsapint.sys 2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll 2008-10-24 22:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 23:36 286,720 a------- c:\windows\system32\gdi32.dll 2008-10-23 23:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll 2006-03-05 10:44 21,254,280 a------- c:\program files\AdbeRdr707_en_US.exe 2004-06-27 18:16 4,871 a------- c:\documents and settings\mark\versions.dat 2002-07-31 19:55 230 ---sh--- c:\windows\WSYS049.SYS 2006-05-04 22:08 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys 2008-09-19 18:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat ============= FINISH: 20:12:40.26 ===============

01-21-2009, 05:38 AM	#4 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,441 OS: XP SP3	Re: Antivirus 2009 pop up 2 Hi, We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

01-22-2009, 12:03 AM	#5 (permalink)
2skids Registered User Join Date: Jun 2005 Posts: 19 OS: xp	Re: Antivirus 2009 pop up 2 Danke ComboFix 09-01-21.02 - Mark 2009-01-22 17:29:21.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1504 [GMT 11:00] Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe AV: Trend Micro Internet Security On-access scanning disabled (Updated) FW: Trend Micro Personal Firewall enabled * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ahewugid.ini c:\windows\system32\apunegiw.ini c:\windows\system32\ayivurob.ini c:\windows\system32\ivezukek.ini c:\windows\system32\iyepukel.ini c:\windows\system32\open.ico c:\windows\system32\sirenacm(2).dll c:\windows\system32\uninstall.exe . ((((((((((((((((((((((((( Files Created from 2008-12-22 to 2009-01-22 ))))))))))))))))))))))))))))))) . 2009-01-22 09:45 . 2009-01-22 09:45 <DIR> d-------- c:\windows\SYSTEM32\Service 2009-01-16 17:42 . 2009-01-16 17:42 250 --a------ c:\windows\gmer.ini 2009-01-11 18:01 . 2008-07-30 03:06 144,912 --a------ c:\windows\SYSTEM32\DRIVERS\tmcomm.sys 2009-01-11 18:01 . 2008-07-30 03:06 50,192 --a------ c:\windows\SYSTEM32\DRIVERS\tmactmon.sys 2009-01-11 18:01 . 2008-07-30 03:06 49,680 --a------ c:\windows\SYSTEM32\DRIVERS\tmevtmgr.sys 2009-01-11 18:00 . 2009-01-11 18:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro 2009-01-11 17:59 . 2009-01-11 18:01 <DIR> d-------- c:\program files\Trend Micro 2009-01-11 17:49 . 2009-01-11 17:49 <DIR> d-------- c:\documents and settings\Mark\Application Data\SiteAdvisor 2009-01-07 17:58 . 2008-06-19 17:24 28,544 --a------ c:\windows\SYSTEM32\DRIVERS\pavboot.sys 2009-01-04 11:33 . 2009-01-04 11:33 <DIR> d-------- c:\documents and settings\Administrator.DELLA\Application Data\Malwarebytes 2009-01-04 10:16 . 2009-01-04 10:16 <DIR> d-------- c:\program files\Lavasoft 2009-01-04 10:16 . 2009-01-04 10:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-01-04 10:15 . 2009-01-04 10:15 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-03 22:36 . 2009-01-03 22:36 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-01-03 22:36 . 2009-01-03 22:36 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-01-03 22:36 . 2009-01-03 22:36 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-01-03 22:36 . 2009-01-03 22:36 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-01-03 18:59 . 2006-03-27 13:48 26,752 -ra------ c:\windows\SYSTEM32\DRIVERS\ipfnd51.sys 2008-12-26 20:26 . 2008-12-26 20:28 <DIR> d-------- c:\program files\Free Video Joiner 2008-12-25 21:58 . 1998-07-09 20:41 217,088 --a------ c:\windows\SYSTEM32\skjpeg40.dll 2008-12-25 21:58 . 1998-03-04 11:40 83,968 --a------ c:\windows\SYSTEM32\Skbase40.dll 2008-12-25 21:58 . 2004-03-09 11:39 8,704 --a------ c:\windows\SYSTEM32\vidccleaner.exe 2008-12-25 21:56 . 2008-12-25 21:56 <DIR> d-------- c:\documents and settings\Mark\Application Data\InstallShield . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-16 06:35 --------- d-----w c:\program files\LimeWire 2009-01-11 06:54 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-11 06:54 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-11 06:54 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-01-09 08:35 --------- d-----w c:\program files\Java 2008-12-25 10:58 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-27 01:42 36,368 ----a-w c:\windows\system32\drivers\tmpreflt.sys 2008-11-27 01:42 205,328 ----a-w c:\windows\system32\drivers\tmxpflt.sys 2008-11-27 01:39 1,195,384 ----a-w c:\windows\system32\drivers\vsapint.sys 2006-03-04 23:44 21,254,280 ----a-w c:\program files\AdbeRdr707_en_US.exe 2004-06-27 07:16 4,871 ----a-w c:\documents and settings\Mark\versions.dat 2006-05-04 11:08 2,516 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys 2008-09-19 07:26 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008091920080920\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-30 497008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ecc"="c:\program files\Telstra\BigPond Assist\assist.exe" [2004-12-17 278528] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016] "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-30 970808] "nwiz"="nwiz.exe" [2006-06-01 c:\windows\SYSTEM32\nwiz.exe] "SMSERIAL"="sm56hlpr.exe" [2004-12-29 c:\windows\sm56hlpr.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-04-06 24576] Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2004-04-17 73728] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\System32\ctmp3.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\PC Connectivity Solution\\Transports\\NclUSBSrv.exe"= "c:\\WINDOWS\\SYSTEM32\\dwwin.exe"= "c:\\WINDOWS\\SYSTEM32\\taskmgr.exe"= R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [2009-01-07 28544] R3 ip100xp;ASUS NX1001 Network Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\ipfnd51.sys [2009-01-03 26752] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\SYSTEM32\DRIVERS\TM_CFW.sys [2008-07-30 334352] R4 tmevtmgr;tmevtmgr;c:\windows\SYSTEM32\DRIVERS\tmevtmgr.sys [2009-01-11 49680] R4 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-01-11 492888] R4 tmpreflt;tmpreflt;c:\windows\SYSTEM32\DRIVERS\tmpreflt.sys [2008-07-30 36368] R4 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-01-11 677128] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\SYSTEM32\DRIVERS\ADM8511.SYS [2007-03-10 20160] S4 COSIDS_TB;COSIDS_TB;c:\progra~1\COSIDS\BIN\TbMux32.exe [2005-05-26 165376] . Contents of the 'Scheduled Tasks' folder 2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] . - - - - ORPHANS REMOVED - - - - BHO-{1dfff0b3-9443-4c5d-8939-b482de434b24} - c:\windows\system32\zeyoheko.dll HKCU-Run-Sonic RecordNow! - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com.au/ uInternet Settings,ProxyOverride = <local>;.local DPF: {6E50ED2D-0791-4A2E-B0C1-F1AF044CE3F7} - hxxp://daltrnsql.attenza.com/ap/bin/SystemProfiler.cab FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\n8wt800b.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ FF - component: c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\n8wt800b.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service FF - user.js: network.proxy.type - 0 FF - user.js: network.proxy.http - user_pref(network.proxy.http_port,); FF - user.js: network.proxy.no_proxies_on - . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-22 17:40:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE c:\program files\Trend Micro\BM\TMBMSRV.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\SYSTEM32\CTsvcCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\SYSTEM32\nvsvc32.exe c:\program files\Trend Micro\Internet Security\SfCtlCom.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\windows\SYSTEM32\MsPMSPSv.exe c:\program files\iPod\bin\iPodService.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************ . Completion time: 2009-01-22 17:48:33 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-22 06:47:16 Pre-Run: 57,279,844,352 bytes free Post-Run: 57,283,989,504 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn Current=4 Default=4 Failed=7 LastKnownGood=2 Sets=1,2,4,6,7 204 --- E O F --- 2008-12-18 12:13:03

01-22-2009, 05:31 AM	#6 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,441 OS: XP SP3	Re: Antivirus 2009 pop up 2 Hi, You have the following old programs that can be removed via Add or Remove Programs in Control Panel. Old java versions have vulnerabilities and must be removed. Leave Java(TM) 6 Update 11 alone as it's the latest version: e-tax 2004 e-tax 2005 e-tax 2006 e-tax 2006 - FTB Module e-tax 2007 e-tax 2007 - FTB Module e-tax 2008 HijackThis 1.99.1 J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 2 J2SE Runtime Environment 5.0 Update 4 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java 2 Runtime Environment, SE v1.4.2_03 Java 2 Runtime Environment, SE v1.4.2_05 Java Servlet Development Kit 2.0 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6 Update 1 Looks like you don't have LimeWire any more, which is good. You can go ahead and delete its folder too: c:\program files\LimeWire ============================================= Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner Note To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan. Click Accept, when prompted to download and install the program files and database of malware definitions. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save Report As... button. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. =========================================== Please post back the Kaspersky report and let me know how the computer is running now. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

01-23-2009, 06:45 PM	#7 (permalink)
2skids Registered User Join Date: Jun 2005 Posts: 19 OS: xp	Re: Antivirus 2009 pop up 2 My Computer seems to be working fine now here the report, and thanks so much for your help -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Saturday, January 24, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, January 23, 2009 18:01:56 Records in database: 1675780 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Files scanned: 159369 Threat name: 4 Infected objects: 6 Suspicious objects: 1 Duration of the scan: 02:38:17 File name / Threat name / Threats count C:\Documents and Settings\Mark\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\1FF.tmp Infected: Trojan.Win32.Monder.aidz 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\200.tmp Infected: Trojan.Win32.Agent.bfdf 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\201.tmp Infected: Trojan.Win32.Agent.bfdf 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\202.tmp Infected: Trojan.Win32.Agent.bfdf 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\26.tmp Infected: Trojan.Win32.Agent.bfdf 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\29.tmp Infected: Trojan-Spy.Win32.Agent.jrg 1 The selected area was scanned.

01-24-2009, 03:59 AM	#9 (permalink)
2skids Registered User Join Date: Jun 2005 Posts: 19 OS: xp	Re: Antivirus 2009 pop up 2 resolved thanks again for all your help

01-24-2009, 08:26 PM	#10 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,441 OS: XP SP3	Re: Antivirus 2009 pop up 2 You're very welcome. Glad we could help. Stay safe! __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006