virus pop up help please.

davzs · 10-05-2009, 04:29 AM

hello, i have been getting pop ups every time i open my firefox web browser they are more and more pop ups each time, i would really appriciate it if someone could help me out the pop up site are.

1.hxxp://best-scanpc.org/win/?code=934
2.hxxp://media2.tmlatn.com/images/defaults41/approved/404.html
3.hxxp://www.pcsecurityshield.com/lp/shield-deluxe-27.aspx?trk=WTK&affid=541

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Dealio Toolbar\SearchSettings.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\SCOTTD~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Users\Scott Dac\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.daemon-search.com/startpage
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch_1.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [EPSON Stylus Photo RX560 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibpe.exe /fu "c:\users\scottd~1\appdata\local\temp\E_SDDB1.tmp" /EF "HKCU"
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ALaunch] c:\acer\alaunch\AlaunchClient.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
mRun: [eRecoveryService]
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Flashget] "c:\program files\flashget\FlashGet.exe" /min
mRun: [SearchSettings] c:\program files\dealio toolbar\SearchSettings.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\scottd~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\scottd~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\orion.lnk - c:\program files\convesoft\orion\Messenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETAUDIO.EXE
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETRES.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll,c:\windows\system32\fdSSDP32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\scottd~1\appdata\roaming\mozilla\firefox\profiles\apsro2sg.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - prefs.js: network.proxy.ftp - 212.125.176.132
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 212.125.176.132
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 212.125.176.132
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 212.125.176.132
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 212.125.176.132
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - component: c:\program files\mozilla firefox\extensions\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c}\components\DealioToolbarFF.dll
FF - component: c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-26 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-26 108552]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-5-29 41456]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2008-3-13 51200]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-24 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-2 297752]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-24 935208]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-29 1153368]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2008-3-13 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-13 179712]

=============== Created Last 30 ================

2009-09-30 08:29 <DIR> --d----- c:\program files\4Media
2009-09-29 20:34 <DIR> --d----- c:\users\scottd~1\appdata\roaming\Malwarebytes
2009-09-29 20:33 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-29 20:33 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-29 20:33 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-29 20:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-29 20:33 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-29 20:31 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-09-29 20:31 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-29 20:31 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-09-29 16:49 <DIR> --d----- c:\program files\Dealio Toolbar
2009-09-29 16:35 123,392 a------- c:\windows\system32\fdSSDP32.dll
2009-09-29 16:35 1,372 a------- c:\windows\system32\Tuaix.vbs
2009-09-13 07:28 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-13 07:28 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-13 07:28 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-13 07:28 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-13 07:28 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-13 07:28 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-13 07:28 17,920 a------- c:\windows\system32\netevent.dll
2009-09-13 07:28 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-13 07:28 10,240 a------- c:\windows\system32\finger.exe
2009-09-13 07:28 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-11 07:11 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-11 07:11 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-11 07:11 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-11 07:11 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-11 07:11 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-11 07:11 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-02 22:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 22:45 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2009-10-02 13:48 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-02 13:48 51,200 a------- c:\windows\inf\infpub.dat
2009-08-29 07:49 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 07:49 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-07-28 16:31 86,016 a------- c:\windows\inf\infstor.dat
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-05-08 19:00 0 a------- c:\users\scottd~1\appdata\roaming\wklnhst.dat
2008-09-15 14:55 56 a---h--- c:\programdata\ezsidmv.dat
2008-09-15 14:55 56 a---h--- c:\progra~2\ezsidmv.dat
2008-08-29 11:09 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-16 08:59 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-16 08:59 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-16 08:59 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 17:28:11.28 ===============

thank you for taking the time to read.

regards davzs.

i also have no access to a Windows Install disc, or a Boot CD :(

tetonbob · 10-07-2009, 09:46 AM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start ->Control Panel->Uninstall a Program)

Dealio Toolbar v4.0.1

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You can get help on disabling your protection programs here

Please include the C:\ComboFix.txt in your next reply for further review.

davzs · 10-10-2009, 04:01 PM

hello thanks for your reply, i have done what you have said and here is the log.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-788181773-3383885927-3893961033-500
c:\users\Scott Dac\AppData\Roaming\.#
c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684C.manifest
c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684O.manifest
c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684P.manifest
c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684S.manifest
c:\windows\system32\Tuaix.vbs

.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-10 21:49 . 2009-10-10 21:50 -------- d-----w- c:\users\Scott Dac\AppData\Local\temp
2009-10-10 21:49 . 2009-10-10 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-08 15:00 . 2009-10-08 15:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-08 09:20 . 2009-10-08 09:20 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\EA
2009-10-07 18:14 . 2009-10-07 18:14 -------- d-----w- c:\users\Scott Dac\AppData\Local\Unity
2009-10-07 18:14 . 2009-10-07 18:14 -------- d-----w- c:\program files\Unity
2009-10-06 16:27 . 2004-08-04 06:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-06 08:35 . 2009-10-06 08:35 680 ----a-w- c:\users\Scott Dac\AppData\Local\d3d9caps.dat
2009-10-03 07:01 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-29 19:34 . 2009-09-29 19:34 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\Malwarebytes
2009-09-29 19:33 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-29 19:33 . 2009-09-29 19:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-29 19:33 . 2009-09-29 19:33 -------- d-----w- c:\programdata\Malwarebytes
2009-09-29 19:33 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-29 19:31 . 2009-10-10 21:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-29 19:31 . 2009-10-10 21:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-13 06:28 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-13 06:28 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-13 06:28 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-13 06:28 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-13 06:28 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-13 06:28 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-13 06:28 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-13 06:28 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-13 06:28 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-13 06:28 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-11 06:11 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-11 06:11 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-11 06:11 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-11 06:11 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-11 06:11 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 17:23 . 2008-09-13 16:03 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\LimeWire
2009-09-30 21:52 . 2008-08-31 04:30 -------- d-----w- c:\program files\LimeWire
2009-09-30 17:46 . 2009-08-02 23:58 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\Nero
2009-09-29 15:57 . 2009-07-02 07:22 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-09-17 05:52 . 2009-07-30 07:59 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\vlc
2009-09-13 15:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-13 15:59 . 2009-03-29 18:22 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-29 06:49 . 2009-02-26 11:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-29 06:49 . 2009-02-26 11:21 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 06:49 . 2009-02-26 11:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-28 12:39 . 2009-09-02 21:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 21:45 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-24 20:14 . 2008-09-15 08:40 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\Skype
2009-08-23 19:27 . 2008-03-13 17:44 -------- d-----w- c:\program files\Acer GameZone
2009-08-23 19:11 . 2009-08-23 19:11 -------- d-----w- c:\programdata\Oberon Games
2009-08-23 19:02 . 2009-08-23 19:02 -------- d-----w- c:\programdata\InterAction studios
2009-08-23 18:56 . 2009-02-22 19:25 -------- d-----w- c:\program files\AviSynth 2.5
2009-08-22 20:39 . 2008-09-15 13:55 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\skypePM
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-21 21:52 . 2009-09-16 16:17 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-16 16:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-16 16:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-16 16:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-14 12:47 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-14 12:47 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-14 12:46 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-14 12:47 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-14 12:46 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 10:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-13 21741864]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-22 2356088]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-24 133656]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-24 136600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-03 2023704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-24 4702208]

c:\users\Scott Dac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-8 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-13 535336]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72123FFE-BB08-48F2-B7AF-257B2DDBCA8D}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{33A26CA1-D20E-48B1-8009-39DBF7D59ADC}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{419F4AE7-FEA0-457C-A110-0CCF57166A2E}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{51AE317D-CA38-483D-AC9E-4BDDE83DDAF8}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{E47BB8AF-CC1C-43AE-A5FF-1F405554A95E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B948D066-090D-4853-B422-CA46B337C418}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0833AD61-E309-4EA5-9EE8-6E954ED3D713}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{DB74E340-BB1C-468C-8385-013DC66FCCED}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{F76368E5-27F0-4FFB-86B6-A73CCEDDFAD2}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{1ABEE454-A090-43AD-9FCB-0A0672EB6326}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D568CE07-1B08-44F6-96D3-E002E0E9E8F4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6DBDAC54-9669-4CA2-8872-54F931FE84D1}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{62E561AB-CEDF-4D7F-A9C9-191945FEDF13}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{7F3EB3E2-51C9-46FA-8641-765E7F9FA8AD}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{3E24ABAA-5EE7-477B-9943-518B2A040EF5}c:\\program files\\easyphp 3.0\\mysql\\bin\\mysqld.exe"= UDP:c:\program files\easyphp 3.0\mysql\bin\mysqld.exe:mysqld
"UDP Query User{CF812CAC-8232-4AC8-BFA0-C5EC841AE1F0}c:\\program files\\easyphp 3.0\\mysql\\bin\\mysqld.exe"= TCP:c:\program files\easyphp 3.0\mysql\bin\mysqld.exe:mysqld
"{5B79F9C2-EC12-4D2F-ACEF-B27E3A5ACDF0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8213799D-4CAE-4756-8624-2F99557BFC98}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{38263D32-26E1-484F-B9CE-992694568CE7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{923DBBA4-1458-4745-BD55-5A97BDEFD0D3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{336DDD05-1BE5-41F1-ACEC-B7458984276A}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{AF4761E4-71C7-4120-9033-A663C96DB183}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{A6F4AF42-8E12-4ED7-8F2E-B18BC1678AF7}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{74FE2E03-C6CE-4320-85DE-CAFA0F27E44E}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [26/02/2009 12:21 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [26/02/2009 12:21 108552]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [29/05/2008 09:20 41456]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [13/03/2008 19:45 51200]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [24/07/2009 15:14 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/07/2009 08:21 297752]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [13/03/2008 18:04 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [13/03/2008 18:04 179712]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-08-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Scott Dac\AppData\Roaming\Mozilla\Firefox\Profiles\apsro2sg.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - prefs.js: network.proxy.ftp - 212.125.176.132
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 212.125.176.132
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 212.125.176.132
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 212.125.176.132
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 212.125.176.132
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 22:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\SCOTTD~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-10 22:52
ComboFix-quarantined-files.txt 2009-10-10 21:52

Pre-Run: 24,133,558,272 bytes free
Post-Run: 24,260,562,944 bytes free

274 --- E O F --- 2009-10-09 09:57

tetonbob · 10-10-2009, 04:05 PM

Hi -

It seems like part of that log is missing.

Please ensure that you include the header information when posting a log. The header contains important information about your system critical to our review. Press Ctrl+A to select all, Ctrl+C to copy all, then Ctrl+V to paste all into a thread.

If need be, please attach the log, which should be located at C:\ComboFix.txt

davzs · 10-11-2009, 02:36 AM

i think i have it all this time thanks.

ComboFix 09-10-10.01 - Scott Dac 10/10/2009 22:43.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3062.1676 [GMT 1:00]
Running from: c:\users\Scott Dac\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-788181773-3383885927-3893961033-500
c:\users\Scott Dac\AppData\Roaming\.#
c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684C.manifest
c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684O.manifest
c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684P.manifest
c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684S.manifest
c:\windows\system32\Tuaix.vbs

.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-10 21:49 . 2009-10-10 21:50 -------- d-----w- c:\users\Scott Dac\AppData\Local\temp
2009-10-10 21:49 . 2009-10-10 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-08 15:00 . 2009-10-08 15:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-08 09:20 . 2009-10-08 09:20 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\EA
2009-10-07 18:14 . 2009-10-07 18:14 -------- d-----w- c:\users\Scott Dac\AppData\Local\Unity
2009-10-07 18:14 . 2009-10-07 18:14 -------- d-----w- c:\program files\Unity
2009-10-06 16:27 . 2004-08-04 06:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-06 08:35 . 2009-10-06 08:35 680 ----a-w- c:\users\Scott Dac\AppData\Local\d3d9caps.dat
2009-10-03 07:01 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-29 19:34 . 2009-09-29 19:34 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\Malwarebytes
2009-09-29 19:33 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-29 19:33 . 2009-09-29 19:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-29 19:33 . 2009-09-29 19:33 -------- d-----w- c:\programdata\Malwarebytes
2009-09-29 19:33 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-29 19:31 . 2009-10-10 21:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-29 19:31 . 2009-10-10 21:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-13 06:28 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-13 06:28 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-13 06:28 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-13 06:28 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-13 06:28 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-13 06:28 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-13 06:28 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-13 06:28 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-13 06:28 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-13 06:28 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-11 06:11 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-11 06:11 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-11 06:11 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-11 06:11 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-11 06:11 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 17:23 . 2008-09-13 16:03 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\LimeWire
2009-09-30 21:52 . 2008-08-31 04:30 -------- d-----w- c:\program files\LimeWire
2009-09-30 17:46 . 2009-08-02 23:58 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\Nero
2009-09-29 15:57 . 2009-07-02 07:22 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-09-17 05:52 . 2009-07-30 07:59 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\vlc
2009-09-13 15:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-13 15:59 . 2009-03-29 18:22 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-29 06:49 . 2009-02-26 11:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-29 06:49 . 2009-02-26 11:21 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 06:49 . 2009-02-26 11:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-28 12:39 . 2009-09-02 21:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 21:45 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-24 20:14 . 2008-09-15 08:40 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\Skype
2009-08-23 19:27 . 2008-03-13 17:44 -------- d-----w- c:\program files\Acer GameZone
2009-08-23 19:11 . 2009-08-23 19:11 -------- d-----w- c:\programdata\Oberon Games
2009-08-23 19:02 . 2009-08-23 19:02 -------- d-----w- c:\programdata\InterAction studios
2009-08-23 18:56 . 2009-02-22 19:25 -------- d-----w- c:\program files\AviSynth 2.5
2009-08-22 20:39 . 2008-09-15 13:55 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\skypePM
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-21 21:52 . 2009-09-16 16:17 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-16 16:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-16 16:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-16 16:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-14 12:47 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-14 12:47 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-14 12:46 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-14 12:47 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-14 12:46 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 10:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-13 21741864]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-22 2356088]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-24 133656]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-24 136600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-03 2023704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-24 4702208]

c:\users\Scott Dac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-8 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-13 535336]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72123FFE-BB08-48F2-B7AF-257B2DDBCA8D}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{33A26CA1-D20E-48B1-8009-39DBF7D59ADC}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{419F4AE7-FEA0-457C-A110-0CCF57166A2E}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{51AE317D-CA38-483D-AC9E-4BDDE83DDAF8}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{E47BB8AF-CC1C-43AE-A5FF-1F405554A95E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B948D066-090D-4853-B422-CA46B337C418}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0833AD61-E309-4EA5-9EE8-6E954ED3D713}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{DB74E340-BB1C-468C-8385-013DC66FCCED}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{F76368E5-27F0-4FFB-86B6-A73CCEDDFAD2}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{1ABEE454-A090-43AD-9FCB-0A0672EB6326}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D568CE07-1B08-44F6-96D3-E002E0E9E8F4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6DBDAC54-9669-4CA2-8872-54F931FE84D1}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{62E561AB-CEDF-4D7F-A9C9-191945FEDF13}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{7F3EB3E2-51C9-46FA-8641-765E7F9FA8AD}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{3E24ABAA-5EE7-477B-9943-518B2A040EF5}c:\\program files\\easyphp 3.0\\mysql\\bin\\mysqld.exe"= UDP:c:\program files\easyphp 3.0\mysql\bin\mysqld.exe:mysqld
"UDP Query User{CF812CAC-8232-4AC8-BFA0-C5EC841AE1F0}c:\\program files\\easyphp 3.0\\mysql\\bin\\mysqld.exe"= TCP:c:\program files\easyphp 3.0\mysql\bin\mysqld.exe:mysqld
"{5B79F9C2-EC12-4D2F-ACEF-B27E3A5ACDF0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8213799D-4CAE-4756-8624-2F99557BFC98}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{38263D32-26E1-484F-B9CE-992694568CE7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{923DBBA4-1458-4745-BD55-5A97BDEFD0D3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{336DDD05-1BE5-41F1-ACEC-B7458984276A}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{AF4761E4-71C7-4120-9033-A663C96DB183}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{A6F4AF42-8E12-4ED7-8F2E-B18BC1678AF7}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{74FE2E03-C6CE-4320-85DE-CAFA0F27E44E}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [26/02/2009 12:21 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [26/02/2009 12:21 108552]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [29/05/2008 09:20 41456]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [13/03/2008 19:45 51200]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [24/07/2009 15:14 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/07/2009 08:21 297752]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [13/03/2008 18:04 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [13/03/2008 18:04 179712]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-08-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Scott Dac\AppData\Roaming\Mozilla\Firefox\Profiles\apsro2sg.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - prefs.js: network.proxy.ftp - 212.125.176.132
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 212.125.176.132
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 212.125.176.132
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 212.125.176.132
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 212.125.176.132
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 22:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\SCOTTD~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-10 22:52
ComboFix-quarantined-files.txt 2009-10-10 21:52

Pre-Run: 24,133,558,272 bytes free
Post-Run: 24,260,562,944 bytes free

274 --- E O F --- 2009-10-09 09:57

tetonbob · 10-11-2009, 09:39 AM

I see you have Malwarebytes' AntiMalware installed.

Please update it's definitions, and run a new Quick Scan.

Launch Malwarebytes' Antimalware
On the updates tab, click on Check for Updates
If an update is found, it will begin. Once the update is complete..
Click on the Scanner tab. Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Also...

Press the Windows key + R > in the Run box copy/paste the following, then press Enter:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

Are you still getting the popups/redirects?

davzs · 10-11-2009, 12:08 PM

i'm getting no more pop ups or redirects :) hopefully that everything is sorted :) thank you.

Malwarebytes' Anti-Malware 1.41
Database version: 2943
Windows 6.0.6001 Service Pack 1

11/10/2009 19:07:10
mbam-log-2009-10-11 (19-07-10).txt

Scan type: Quick Scan
Objects scanned: 89125
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------------------------------------------
"Nero SoundTrax Help
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Arcade Deluxe
Acer Crystal Eye webcam
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Reader 8.1.0
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AdobeColorCommonSetRGB
Advertising Center
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 7.30
AVG Free 8.5
Backspin Billiards
Bonjour
Broadcom Gigabit Integrated Controller
Camera RAW Plug-In for EPSON Creativity Suite
DAEMON Tools Toolbar
DolbyFiles
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON PRINT Image Framer Tool
EPSON Printer Software
EPSON Scan
FlashGet 1.9.6.1073
FlashGet(JetCar)
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImagXpress
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Kick N Rush
Launch Manager
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKVtoolnix 2.2.0
MobileMe Control Panel
Movie Templates - Starter Kit
Mozilla Firefox (3.0.14)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OGA Notifier 2.0.0048.0
PDF Settings CS4
Playlist tool
PowerProducer
Private folder Utility
QuickTime
RapidShare Manager
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Rolex Milgauss Screen Saver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
SoundTrax
Synaptics Pointing Device Driver
System Requirements Lab
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vista Codec Package
VLC media player 1.0.1
WinAVI MP4 Converter
WinAVI Video Converter
WinAVIVideoConverter
Winbond CIR Drivers
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
winpwn-2.5 2.5.0.2
WinRAR archiver
WinSCP 4.1.7
Yahoo! Toolbar

tetonbob · 10-11-2009, 12:25 PM

Things are looking good, a few more tasks to perform

Uninstall the following via the Add/Remove Panel (Start->Control Panel->Uninstall a Program)

Java(TM) 6 Update 7

This is outdated, and a security risk by having it installed still. Unfortunately, Java does not uninstall these older versions when you update, nor tell you that you should. Java(TM) 6 Update 11 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. Otherwise, the latest version of Java can be downloaded here:

http://java.sun.com/javase/downloads/index.jsp

Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 16 -"Click the "Download" button to the right, and follow the prompts.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.

davzs · 10-14-2009, 02:35 PM

thigs seem fine browsing all day nothing poped up at all the log file only contained this so i think i may have done somthing wrong.

log
--------------------------
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

tetonbob · 10-14-2009, 02:38 PM

Hmm, that is odd. I wonder, did the scan run to completion? Did it find anything?

One thing that did slip my mind is you're running Windows Vista, and it's best to run the online scan by right clicking the IE shortcut, then selecting Run As Administrator.

Would you mind trying it again?

davzs · 10-15-2009, 03:56 AM

Quote:

Originally Posted by tetonbob

Hmm, that is odd. I wonder, did the scan run to completion? Did it find anything?

One thing that did slip my mind is you're running Windows Vista, and it's best to run the online scan by right clicking the IE shortcut, then selecting Run As Administrator.

Would you mind trying it again?

it found 3 infected mate, i will run that again for you and see what we get then thankyou for your time i really appriciate it.

davzs · 10-15-2009, 03:57 PM

that worked, here is the log file :)...also getting no pop ups

------------------------------------------------------------------------------
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=59b7fd8c7348f54ca541b3fd0fd3c5d2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-10-15 09:55:34
# local_time=2009-10-15 10:55:34 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1026 61 83 100 6534475951971
# compatibility_mode=5889 61 66 100 547615214555121
# scanned=156687
# found=3
# cleaned=0
# scan_time=3849
C:\Users\Scott Dac\Documents\LimeWire\Saved\ja rule loose change - bonus track.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Users\Scott Dac\Documents\Nero\Nero 9.0.9.4b\Nero 9.0.9.4b.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I
C:\Users\Scott Dac\Documents\Nero\Nero Move It 1.0.10.0\Nero Move it 1.0.10.0.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I

tetonbob · 10-15-2009, 05:39 PM

Great, thanks for letting me know that worked.

This file should be deleted, many .mp3 files downloaded via torrent or p2p can be infected.

C:\Users\Scott Dac\Documents\LimeWire\Saved\ja rule loose change - bonus track.mp3

I don't see Limewire installed any longer, which is a good thing. P2P applications can be a major vector for infecting machines. You may want to consider deleting this entire folder:

C:\Users\Scott Dac\Documents\LimeWire

The other two of those finds can be ignored if that's your choice. They are getting flagged because AskToolbar has a bad reputation for it's "opt-out" addition to many software installs these days. They seem like they might be installer files, based on the location, so if not needed, you may wish to consider deleting them also:

C:\Users\Scott Dac\Documents\Nero\Nero 9.0.9.4b\Nero 9.0.9.4b.exe
C:\Users\Scott Dac\Documents\Nero\Nero Move It 1.0.10.0\Nero Move it 1.0.10.0.exe

Other than that....We should be done here. Some final housekeeping instructions, and protection information for you.

Your logs appear clean.You should be good to go. We still have a few items to address.

Disconnect from the internet and disable your AntiVirus temporarily.

Press the Windows key + R -> in the Run box which opens -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures.

Re-enable your AntiVirus now. Reconnect to the internet at your leisure.

Delete any remaining tools we've used (DDS and GMER) and logs from them.

Empty your Recycle Bin.

After malware removal, it's a good idea to flush out existing, possibly infected System Restore points, and set a new clean point with which tt go forward.

Clear & Reset System Restore's Cache

Press the Windows key + R
Type or copy/paste control sysdm.cpl,,4 & press Enter
Click on Continue
Under Automatic Restore points
- Uncheck (untick) all the boxes under Create restore points automatically on the selected disks section.
- Click Turn System Restore Off.
- Click Apply
Turn System Restore back on now.
Check (tick) all the boxes under Create restore points automatically on the selected disks section.
Click OK.

============================================

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

Microsoft Windows Update -

To update Windows, click on Start > Windows Update (or Start > All Programs > Windows Update if you are using the new Vista Start Menu). If the Windows Update is not found there, go to this link - http://update.microsoft.com/ .

This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Winpatrol

Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

You can get a free copy of Winpatrol or use the Plus version for more features.

You can read Winpatrol's FAQ if you run into problems.
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Do not install more than one AntiVirus program because they will conflict with each other.
Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer
http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

davzs · 10-17-2009, 10:56 AM

thankyou very very much for your help with my matter everything is running fine now

much appriciated davzs. :)

tetonbob · 10-17-2009, 11:31 AM

Hi, davzs. I'm glad to have helped, and happy to hear all is well.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.

10-07-2009, 09:46 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,676 OS: 2000 Pro; XP Pro; XP Home	Re: virus pop up help please. Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. --------------------------------------------------------------------------------------------- Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum. --------------------------------------------------------------------------------------------- Uninstall the following via the Add/Remove Panel (Start ->Control Panel->Uninstall a Program) Dealio Toolbar v4.0.1 --------------------------------------------------------------------------------------------- Please visit this webpage for download links, and instructions for running combofix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can get help on disabling your protection programs here Please include the C:\ComboFix.txt in your next reply for further review. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-10-2009, 04:01 PM	#3 (permalink)
davzs Registered User Join Date: Oct 2009 Posts: 8 OS: vista	Re: virus pop up help please. hello thanks for your reply, i have done what you have said and here is the log. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-788181773-3383885927-3893961033-500 c:\users\Scott Dac\AppData\Roaming\.# c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684C.manifest c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684O.manifest c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684P.manifest c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684S.manifest c:\windows\system32\Tuaix.vbs . ((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 ))))))))))))))))))))))))))))))) . 2009-10-10 21:49 . 2009-10-10 21:50 -------- d-----w- c:\users\Scott Dac\AppData\Local\temp 2009-10-10 21:49 . 2009-10-10 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-08 15:00 . 2009-10-08 15:00 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-10-08 09:20 . 2009-10-08 09:20 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\EA 2009-10-07 18:14 . 2009-10-07 18:14 -------- d-----w- c:\users\Scott Dac\AppData\Local\Unity 2009-10-07 18:14 . 2009-10-07 18:14 -------- d-----w- c:\program files\Unity 2009-10-06 16:27 . 2004-08-04 06:00 506368 ----a-w- c:\windows\system32\msxml.dll 2009-10-06 08:35 . 2009-10-06 08:35 680 ----a-w- c:\users\Scott Dac\AppData\Local\d3d9caps.dat 2009-10-03 07:01 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-09-29 19:34 . 2009-09-29 19:34 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\Malwarebytes 2009-09-29 19:33 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-29 19:33 . 2009-09-29 19:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-29 19:33 . 2009-09-29 19:33 -------- d-----w- c:\programdata\Malwarebytes 2009-09-29 19:33 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-29 19:31 . 2009-10-10 21:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-09-29 19:31 . 2009-10-10 21:40 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-13 06:28 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-09-13 06:28 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-09-13 06:28 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-09-13 06:28 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-09-13 06:28 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-09-13 06:28 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll 2009-09-13 06:28 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-09-13 06:28 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-09-13 06:28 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-09-13 06:28 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe 2009-09-11 06:11 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll 2009-09-11 06:11 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll 2009-09-11 06:11 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2009-09-11 06:11 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2009-09-11 06:11 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-09 17:23 . 2008-09-13 16:03 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\LimeWire 2009-09-30 21:52 . 2008-08-31 04:30 -------- d-----w- c:\program files\LimeWire 2009-09-30 17:46 . 2009-08-02 23:58 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\Nero 2009-09-29 15:57 . 2009-07-02 07:22 -------- d-----w- c:\programdata\AVG Security Toolbar 2009-09-17 05:52 . 2009-07-30 07:59 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\vlc 2009-09-13 15:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-09-13 15:59 . 2009-03-29 18:22 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-29 06:49 . 2009-02-26 11:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-29 06:49 . 2009-02-26 11:21 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-29 06:49 . 2009-02-26 11:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-28 12:39 . 2009-09-02 21:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 10:15 . 2009-09-02 21:45 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-24 20:14 . 2008-09-15 08:40 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\Skype 2009-08-23 19:27 . 2008-03-13 17:44 -------- d-----w- c:\program files\Acer GameZone 2009-08-23 19:11 . 2009-08-23 19:11 -------- d-----w- c:\programdata\Oberon Games 2009-08-23 19:02 . 2009-08-23 19:02 -------- d-----w- c:\programdata\InterAction studios 2009-08-23 18:56 . 2009-02-22 19:25 -------- d-----w- c:\program files\AviSynth 2.5 2009-08-22 20:39 . 2008-09-15 13:55 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\skypePM 2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-21 21:52 . 2009-09-16 16:17 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-09-16 16:17 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-09-16 16:17 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-09-16 16:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-17 14:35 . 2009-08-14 12:47 71680 ----a-w- c:\windows\system32\atl.dll 2009-07-14 13:00 . 2009-08-14 12:47 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-14 12:59 . 2009-08-14 12:46 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-07-14 12:58 . 2009-08-14 12:47 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-07-14 10:59 . 2009-08-14 12:46 8147456 ----a-w- c:\windows\system32\wmploc.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-02 10:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-13 21741864] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-22 2356088] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-24 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-24 133656] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704] "PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-24 136600] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-03 2023704] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-24 4702208] c:\users\Scott Dac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-8 101440] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-13 535336] SETAUDIO.EXE [2008-4-4 20480] SETRES.EXE [2008-4-4 20480] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{72123FFE-BB08-48F2-B7AF-257B2DDBCA8D}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{33A26CA1-D20E-48B1-8009-39DBF7D59ADC}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{419F4AE7-FEA0-457C-A110-0CCF57166A2E}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{51AE317D-CA38-483D-AC9E-4BDDE83DDAF8}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{E47BB8AF-CC1C-43AE-A5FF-1F405554A95E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B948D066-090D-4853-B422-CA46B337C418}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0833AD61-E309-4EA5-9EE8-6E954ED3D713}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{DB74E340-BB1C-468C-8385-013DC66FCCED}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{F76368E5-27F0-4FFB-86B6-A73CCEDDFAD2}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{1ABEE454-A090-43AD-9FCB-0A0672EB6326}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{D568CE07-1B08-44F6-96D3-E002E0E9E8F4}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6DBDAC54-9669-4CA2-8872-54F931FE84D1}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{62E561AB-CEDF-4D7F-A9C9-191945FEDF13}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{7F3EB3E2-51C9-46FA-8641-765E7F9FA8AD}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "TCP Query User{3E24ABAA-5EE7-477B-9943-518B2A040EF5}c:\\program files\\easyphp 3.0\\mysql\\bin\\mysqld.exe"= UDP:c:\program files\easyphp 3.0\mysql\bin\mysqld.exe:mysqld "UDP Query User{CF812CAC-8232-4AC8-BFA0-C5EC841AE1F0}c:\\program files\\easyphp 3.0\\mysql\\bin\\mysqld.exe"= TCP:c:\program files\easyphp 3.0\mysql\bin\mysqld.exe:mysqld "{5B79F9C2-EC12-4D2F-ACEF-B27E3A5ACDF0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{8213799D-4CAE-4756-8624-2F99557BFC98}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{38263D32-26E1-484F-B9CE-992694568CE7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{923DBBA4-1458-4745-BD55-5A97BDEFD0D3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{336DDD05-1BE5-41F1-ACEC-B7458984276A}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet "UDP Query User{AF4761E4-71C7-4120-9033-A663C96DB183}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet "TCP Query User{A6F4AF42-8E12-4ED7-8F2E-B18BC1678AF7}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{74FE2E03-C6CE-4320-85DE-CAFA0F27E44E}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe::Enabled:eDSfsu "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\encryption.exe::Enabled:encryption "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\decryption.exe::Enabled:decryption "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe::Enabled:eDSMgr "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe::Enabled:eDStbmngr "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe::Enabled:eDSfsu "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\encryption.exe::Enabled:encryption "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\decryption.exe::Enabled:decryption "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe::Enabled:eDSMgr "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe::Enabled:eDStbmngr R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [26/02/2009 12:21 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [26/02/2009 12:21 108552] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [29/05/2008 09:20 41456] R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [13/03/2008 19:45 51200] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [24/07/2009 15:14 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/07/2009 08:21 297752] R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [13/03/2008 18:04 43008] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [13/03/2008 18:04 179712] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2008-08-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.daemon-search.com/startpage mStart Page = hxxp://en.uk.acer.yahoo.com uInternet Settings,ProxyOverride = <local>;.local IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Scott Dac\AppData\Roaming\Mozilla\Firefox\Profiles\apsro2sg.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p= FF - prefs.js: network.proxy.ftp - 212.125.176.132 FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - 212.125.176.132 FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - 212.125.176.132 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - 212.125.176.132 FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - 212.125.176.132 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHANS REMOVED - - - - HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe HKLM-Run-eRecoveryService - (no file) *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-10 22:50 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\users\SCOTTD~1\AppData\Local\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ************************************************************************ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-10-10 22:52 ComboFix-quarantined-files.txt 2009-10-10 21:52 Pre-Run: 24,133,558,272 bytes free Post-Run: 24,260,562,944 bytes free 274 --- E O F --- 2009-10-09 09:57

10-10-2009, 04:05 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,676 OS: 2000 Pro; XP Pro; XP Home	Re: virus pop up help please. Hi - It seems like part of that log is missing. Please ensure that you include the header information when posting a log. The header contains important information about your system critical to our review. Press Ctrl+A to select all, Ctrl+C to copy all, then Ctrl+V to paste all into a thread. If need be, please attach the log, which should be located at C:\ComboFix.txt __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-11-2009, 02:36 AM	#5 (permalink)
davzs Registered User Join Date: Oct 2009 Posts: 8 OS: vista	Re: virus pop up help please. i think i have it all this time thanks. ComboFix 09-10-10.01 - Scott Dac 10/10/2009 22:43.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3062.1676 [GMT 1:00] Running from: c:\users\Scott Dac\Downloads\ComboFix.exe SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-788181773-3383885927-3893961033-500 c:\users\Scott Dac\AppData\Roaming\.# c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684C.manifest c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684O.manifest c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684P.manifest c:\users\Scott Dac\AppData\Roaming\02000000e39ed847684S.manifest c:\windows\system32\Tuaix.vbs . ((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 ))))))))))))))))))))))))))))))) . 2009-10-10 21:49 . 2009-10-10 21:50 -------- d-----w- c:\users\Scott Dac\AppData\Local\temp 2009-10-10 21:49 . 2009-10-10 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-08 15:00 . 2009-10-08 15:00 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-10-08 09:20 . 2009-10-08 09:20 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\EA 2009-10-07 18:14 . 2009-10-07 18:14 -------- d-----w- c:\users\Scott Dac\AppData\Local\Unity 2009-10-07 18:14 . 2009-10-07 18:14 -------- d-----w- c:\program files\Unity 2009-10-06 16:27 . 2004-08-04 06:00 506368 ----a-w- c:\windows\system32\msxml.dll 2009-10-06 08:35 . 2009-10-06 08:35 680 ----a-w- c:\users\Scott Dac\AppData\Local\d3d9caps.dat 2009-10-03 07:01 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-09-29 19:34 . 2009-09-29 19:34 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\Malwarebytes 2009-09-29 19:33 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-29 19:33 . 2009-09-29 19:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-29 19:33 . 2009-09-29 19:33 -------- d-----w- c:\programdata\Malwarebytes 2009-09-29 19:33 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-29 19:31 . 2009-10-10 21:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-09-29 19:31 . 2009-10-10 21:40 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-13 06:28 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-09-13 06:28 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-09-13 06:28 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-09-13 06:28 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-09-13 06:28 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-09-13 06:28 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll 2009-09-13 06:28 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-09-13 06:28 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-09-13 06:28 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-09-13 06:28 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe 2009-09-11 06:11 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll 2009-09-11 06:11 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll 2009-09-11 06:11 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2009-09-11 06:11 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2009-09-11 06:11 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-09 17:23 . 2008-09-13 16:03 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\LimeWire 2009-09-30 21:52 . 2008-08-31 04:30 -------- d-----w- c:\program files\LimeWire 2009-09-30 17:46 . 2009-08-02 23:58 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\Nero 2009-09-29 15:57 . 2009-07-02 07:22 -------- d-----w- c:\programdata\AVG Security Toolbar 2009-09-17 05:52 . 2009-07-30 07:59 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\vlc 2009-09-13 15:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-09-13 15:59 . 2009-03-29 18:22 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-29 06:49 . 2009-02-26 11:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-29 06:49 . 2009-02-26 11:21 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-29 06:49 . 2009-02-26 11:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-28 12:39 . 2009-09-02 21:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 10:15 . 2009-09-02 21:45 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-24 20:14 . 2008-09-15 08:40 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\Skype 2009-08-23 19:27 . 2008-03-13 17:44 -------- d-----w- c:\program files\Acer GameZone 2009-08-23 19:11 . 2009-08-23 19:11 -------- d-----w- c:\programdata\Oberon Games 2009-08-23 19:02 . 2009-08-23 19:02 -------- d-----w- c:\programdata\InterAction studios 2009-08-23 18:56 . 2009-02-22 19:25 -------- d-----w- c:\program files\AviSynth 2.5 2009-08-22 20:39 . 2008-09-15 13:55 -------- d-----w- c:\users\Scott Dac\AppData\Roaming\skypePM 2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-21 21:52 . 2009-09-16 16:17 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-09-16 16:17 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-09-16 16:17 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-09-16 16:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-17 14:35 . 2009-08-14 12:47 71680 ----a-w- c:\windows\system32\atl.dll 2009-07-14 13:00 . 2009-08-14 12:47 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-14 12:59 . 2009-08-14 12:46 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-07-14 12:58 . 2009-08-14 12:47 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-07-14 10:59 . 2009-08-14 12:46 8147456 ----a-w- c:\windows\system32\wmploc.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-02 10:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-13 21741864] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-22 2356088] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-24 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-24 133656] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704] "PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-24 136600] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-03 2023704] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-24 4702208] c:\users\Scott Dac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-8 101440] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-13 535336] SETAUDIO.EXE [2008-4-4 20480] SETRES.EXE [2008-4-4 20480] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{72123FFE-BB08-48F2-B7AF-257B2DDBCA8D}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{33A26CA1-D20E-48B1-8009-39DBF7D59ADC}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{419F4AE7-FEA0-457C-A110-0CCF57166A2E}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{51AE317D-CA38-483D-AC9E-4BDDE83DDAF8}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{E47BB8AF-CC1C-43AE-A5FF-1F405554A95E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B948D066-090D-4853-B422-CA46B337C418}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0833AD61-E309-4EA5-9EE8-6E954ED3D713}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{DB74E340-BB1C-468C-8385-013DC66FCCED}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{F76368E5-27F0-4FFB-86B6-A73CCEDDFAD2}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{1ABEE454-A090-43AD-9FCB-0A0672EB6326}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{D568CE07-1B08-44F6-96D3-E002E0E9E8F4}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6DBDAC54-9669-4CA2-8872-54F931FE84D1}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{62E561AB-CEDF-4D7F-A9C9-191945FEDF13}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{7F3EB3E2-51C9-46FA-8641-765E7F9FA8AD}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "TCP Query User{3E24ABAA-5EE7-477B-9943-518B2A040EF5}c:\\program files\\easyphp 3.0\\mysql\\bin\\mysqld.exe"= UDP:c:\program files\easyphp 3.0\mysql\bin\mysqld.exe:mysqld "UDP Query User{CF812CAC-8232-4AC8-BFA0-C5EC841AE1F0}c:\\program files\\easyphp 3.0\\mysql\\bin\\mysqld.exe"= TCP:c:\program files\easyphp 3.0\mysql\bin\mysqld.exe:mysqld "{5B79F9C2-EC12-4D2F-ACEF-B27E3A5ACDF0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{8213799D-4CAE-4756-8624-2F99557BFC98}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{38263D32-26E1-484F-B9CE-992694568CE7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{923DBBA4-1458-4745-BD55-5A97BDEFD0D3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{336DDD05-1BE5-41F1-ACEC-B7458984276A}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet "UDP Query User{AF4761E4-71C7-4120-9033-A663C96DB183}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet "TCP Query User{A6F4AF42-8E12-4ED7-8F2E-B18BC1678AF7}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{74FE2E03-C6CE-4320-85DE-CAFA0F27E44E}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe::Enabled:eDSfsu "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\encryption.exe::Enabled:encryption "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\decryption.exe::Enabled:decryption "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe::Enabled:eDSMgr "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe::Enabled:eDStbmngr "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe::Enabled:eDSfsu "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\encryption.exe::Enabled:encryption "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\decryption.exe::Enabled:decryption "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe::Enabled:eDSMgr "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe::Enabled:eDStbmngr R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [26/02/2009 12:21 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [26/02/2009 12:21 108552] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [29/05/2008 09:20 41456] R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [13/03/2008 19:45 51200] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [24/07/2009 15:14 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/07/2009 08:21 297752] R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [13/03/2008 18:04 43008] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [13/03/2008 18:04 179712] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2008-08-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.daemon-search.com/startpage mStart Page = hxxp://en.uk.acer.yahoo.com uInternet Settings,ProxyOverride = <local>;.local IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Scott Dac\AppData\Roaming\Mozilla\Firefox\Profiles\apsro2sg.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p= FF - prefs.js: network.proxy.ftp - 212.125.176.132 FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - 212.125.176.132 FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - 212.125.176.132 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - 212.125.176.132 FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - 212.125.176.132 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHANS REMOVED - - - - HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe HKLM-Run-eRecoveryService - (no file) *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-10 22:50 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\users\SCOTTD~1\AppData\Local\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ************************************************************************ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-10-10 22:52 ComboFix-quarantined-files.txt 2009-10-10 21:52 Pre-Run: 24,133,558,272 bytes free Post-Run: 24,260,562,944 bytes free 274 --- E O F --- 2009-10-09 09:57

10-11-2009, 09:39 AM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,676 OS: 2000 Pro; XP Pro; XP Home	Re: virus pop up help please. I see you have Malwarebytes' AntiMalware installed. Please update it's definitions, and run a new Quick Scan. Launch Malwarebytes' Antimalware On the updates tab, click on Check for Updates If an update is found, it will begin. Once the update is complete.. Click on the Scanner tab. Select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply. Also... Press the Windows key + R > in the Run box copy/paste the following, then press Enter: C:\QooBox\Add-Remove Programs.txt A text file should open. Please post the contents of that file in your next reply. Are you still getting the popups/redirects? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-11-2009, 12:08 PM	#7 (permalink)
davzs Registered User Join Date: Oct 2009 Posts: 8 OS: vista	Re: virus pop up help please. i'm getting no more pop ups or redirects :) hopefully that everything is sorted :) thank you. Malwarebytes' Anti-Malware 1.41 Database version: 2943 Windows 6.0.6001 Service Pack 1 11/10/2009 19:07:10 mbam-log-2009-10-11 (19-07-10).txt Scan type: Quick Scan Objects scanned: 89125 Time elapsed: 7 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ----------------------------------------------------------------------------------- "Nero SoundTrax Help 2007 Microsoft Office Suite Service Pack 1 (SP1) Acer Arcade Deluxe Acer Crystal Eye webcam Acer eAudio Management Acer eDataSecurity Management Acer eLock Management Acer Empowering Technology Acer eNet Management Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer GridVista Acer Mobility Center Plug-In Acer ScreenSaver Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Default Language CS4 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe Media Player Adobe PDF Library Files CS4 Adobe Photoshop CS3 Adobe Reader 8.1.0 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support CS4 Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AdobeColorCommonSetRGB Advertising Center Apple Mobile Device Support Apple Software Update Ashampoo Burning Studio 7.30 AVG Free 8.5 Backspin Billiards Bonjour Broadcom Gigabit Integrated Controller Camera RAW Plug-In for EPSON Creativity Suite DAEMON Tools Toolbar DolbyFiles EPSON Copy Utility 3 EPSON Easy Photo Print EPSON PRINT Image Framer Tool EPSON Printer Software EPSON Scan FlashGet 1.9.6.1073 FlashGet(JetCar) Google Toolbar for Internet Explorer HDAUDIO Soft Data Fax Modem with SmartCP Highlight Viewer (Windows Live Toolbar) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) ImagXpress ImgBurn Intel(R) Graphics Media Accelerator Driver Intel® Matrix Storage Manager iTunes Java(TM) 6 Update 11 Java(TM) 6 Update 7 Kick N Rush Launch Manager LightScribe 1.4.142.1 Malwarebytes' Anti-Malware Map Button (Windows Live Toolbar) Menu Templates - Starter Kit Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB929729) Microsoft .NET Framework 3.5 SP1 Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works MKVtoolnix 2.2.0 MobileMe Control Panel Movie Templates - Starter Kit Mozilla Firefox (3.0.14) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) Nero 9 Nero BurningROM Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DriveSpeed Nero Express Nero InfoTool Nero Installer Nero Live Nero Live Help Nero PhotoSnap Nero PhotoSnap Help Nero Recode Nero Recode Help Nero Rescue Agent Nero RescueAgent Help Nero ShowTime Nero StartSmart Nero StartSmart Help Nero Vision Nero WaveEditor Nero WaveEditor Help NeroBurningROM NeroExpress neroxml NTI Backup NOW! 4.7 NTI CD & DVD-Maker OGA Notifier 2.0.0048.0 PDF Settings CS4 Playlist tool PowerProducer Private folder Utility QuickTime RapidShare Manager Realtek High Definition Audio Driver RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 Rolex Milgauss Screen Saver Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB969679) Security Update for Microsoft Office Excel 2007 (KB969682) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office Word 2007 (KB969604) Skype™ 3.8 Smart Menus (Windows Live Toolbar) SoundTrax Synaptics Pointing Device Driver System Requirements Lab Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Vista Codec Package VLC media player 1.0.1 WinAVI MP4 Converter WinAVI Video Converter WinAVIVideoConverter Winbond CIR Drivers Windows Live Favorites for Windows Live Toolbar Windows Live installer Windows Live Mail Windows Live Messenger Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) winpwn-2.5 2.5.0.2 WinRAR archiver WinSCP 4.1.7 Yahoo! Toolbar

10-11-2009, 12:25 PM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,676 OS: 2000 Pro; XP Pro; XP Home	Re: virus pop up help please. Things are looking good, a few more tasks to perform Uninstall the following via the Add/Remove Panel (Start->Control Panel->Uninstall a Program) Java(TM) 6 Update 7 This is outdated, and a security risk by having it installed still. Unfortunately, Java does not uninstall these older versions when you update, nor tell you that you should. Java(TM) 6 Update 11 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. Otherwise, the latest version of Java can be downloaded here: http://java.sun.com/javase/downloads/index.jsp Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 16 -"Click the "Download" button to the right, and follow the prompts. Going forward, Java will overwrite existing installs, so removing older versions should not be required after this. --------------------------------------------------------------------------------------------- Please run this online scan to help look for remnants. Go here to run an online scannner from ESET. Note: You will need to use Internet explorer for this scan Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan Wait for the scan to finish Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt Copy and paste that log as a reply to this topic and also let me know how things are now. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-14-2009, 02:35 PM	#9 (permalink)
davzs Registered User Join Date: Oct 2009 Posts: 8 OS: vista	Re: virus pop up help please. thigs seem fine browsing all day nothing poped up at all the log file only contained this so i think i may have done somthing wrong. log -------------------------- ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK

10-14-2009, 02:38 PM	#10 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,676 OS: 2000 Pro; XP Pro; XP Home	Re: virus pop up help please. Hmm, that is odd. I wonder, did the scan run to completion? Did it find anything? One thing that did slip my mind is you're running Windows Vista, and it's best to run the online scan by right clicking the IE shortcut, then selecting Run As Administrator. Would you mind trying it again? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-15-2009, 03:57 PM	#12 (permalink)
davzs Registered User Join Date: Oct 2009 Posts: 8 OS: vista	Re: virus pop up help please. that worked, here is the log file :)...also getting no pop ups ------------------------------------------------------------------------------ ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=59b7fd8c7348f54ca541b3fd0fd3c5d2 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-10-15 09:55:34 # local_time=2009-10-15 10:55:34 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=1026 61 83 100 6534475951971 # compatibility_mode=5889 61 66 100 547615214555121 # scanned=156687 # found=3 # cleaned=0 # scan_time=3849 C:\Users\Scott Dac\Documents\LimeWire\Saved\ja rule loose change - bonus track.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\Scott Dac\Documents\Nero\Nero 9.0.9.4b\Nero 9.0.9.4b.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I C:\Users\Scott Dac\Documents\Nero\Nero Move It 1.0.10.0\Nero Move it 1.0.10.0.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I

10-15-2009, 05:39 PM	#13 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,676 OS: 2000 Pro; XP Pro; XP Home	Re: virus pop up help please. Great, thanks for letting me know that worked. This file should be deleted, many .mp3 files downloaded via torrent or p2p can be infected. C:\Users\Scott Dac\Documents\LimeWire\Saved\ja rule loose change - bonus track.mp3 I don't see Limewire installed any longer, which is a good thing. P2P applications can be a major vector for infecting machines. You may want to consider deleting this entire folder: C:\Users\Scott Dac\Documents\LimeWire The other two of those finds can be ignored if that's your choice. They are getting flagged because AskToolbar has a bad reputation for it's "opt-out" addition to many software installs these days. They seem like they might be installer files, based on the location, so if not needed, you may wish to consider deleting them also: C:\Users\Scott Dac\Documents\Nero\Nero 9.0.9.4b\Nero 9.0.9.4b.exe C:\Users\Scott Dac\Documents\Nero\Nero Move It 1.0.10.0\Nero Move it 1.0.10.0.exe Other than that....We should be done here. Some final housekeeping instructions, and protection information for you. Your logs appear clean.You should be good to go. We still have a few items to address. Disconnect from the internet and disable your AntiVirus temporarily. Press the Windows key + R -> in the Run box which opens -> copy/paste in the following single line command & click OK combofix /u This will uninstall ComboFix. It will also implement some cleanup procedures. Re-enable your AntiVirus now. Reconnect to the internet at your leisure. Delete any remaining tools we've used (DDS and GMER) and logs from them. Empty your Recycle Bin. After malware removal, it's a good idea to flush out existing, possibly infected System Restore points, and set a new clean point with which tt go forward. Clear & Reset System Restore's Cache Press the Windows key + R Type or copy/paste control sysdm.cpl,,4 & press Enter Click on Continue Under Automatic Restore points Uncheck (untick) all the boxes under Create restore points automatically on the selected disks section. Click Turn System Restore Off. Click Apply Turn System Restore back on now. Check (tick) all the boxes under Create restore points automatically on the selected disks section. Click OK. ============================================ Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs: Microsoft Windows Update - To update Windows, click on Start > Windows Update (or Start > All Programs > Windows Update if you are using the new Vista Start Menu). If the Windows Update is not found there, go to this link - http://update.microsoft.com/ . This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE. Winpatrol Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here. You can get a free copy of Winpatrol or use the Plus version for more features. You can read Winpatrol's FAQ if you run into problems. MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out. Do not install more than one AntiVirus program because they will conflict with each other. Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles How did I get infected in the first place? PC Safety and Security--What Do I Need? If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-17-2009, 10:56 AM	#14 (permalink)
davzs Registered User Join Date: Oct 2009 Posts: 8 OS: vista	Re: virus pop up help please. thankyou very very much for your help with my matter everything is running fine now much appriciated davzs. :)

10-17-2009, 11:31 AM	#15 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,676 OS: 2000 Pro; XP Pro; XP Home	Re: virus pop up help please. Hi, davzs. I'm glad to have helped, and happy to hear all is well. Surf Safely, and Think Prevention! Since this issue is resolved, this topic will be archived. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009