Tech Support Forum banner

Can't get rid of pop ups.

716 Views 2 Replies 2 Participants Last post by  Pancake
I've been having this problem for a while. I tried to do an entire system restore but it's being blocked. A notice comes up and says "Cannot restore to date, please pick another date" and then when I choose another date it doesn't work. I thought i fixed the problem all by myself, but i haven't :mad:

I have 3 programs running on my computer, AVG, Zerospyware, and Malwarebytes Anti-Malware but none of them must be locating this beast. I'll name some of the pop ups that have occured

Just today i had 43 continous "Cannot find server" pop ups. They all came non stop, just one after another after another. I've also had a random ebay pop up with some random word in the search box. This pop up called "Mysearch" comes up alot. I've had a pop up called "elle" have no idea what that one is about. Another random one called "ikariam". I'm sure someone on this website can help me with my problem. Please help guys, i'm feeling hopeless :sigh:

Here is my results from the Deckard deal.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-27 16:25:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
81: 2008-05-27 21:25:53 UTC - RP209 - Deckard's System Scanner Restore Point
80: 2008-05-27 01:39:09 UTC - RP208 - Restore Operation
79: 2008-05-27 01:37:58 UTC - RP207 - Restore Operation
78: 2008-05-26 18:48:45 UTC - RP206 - System Checkpoint
77: 2008-05-24 17:16:16 UTC - RP205 - System Checkpoint


-- First Restore Point --
1: 2008-05-04 05:41:14 UTC - RP129 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-27 16:29:37
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\NMSSvc.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\PROMon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Wireless LAN\Client Manager\Cmcom.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.101
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: {25a35b2e-e274-c71b-cf04-dd55b1206658} - {8566021b-55dd-40fc-b17c-472ee2b53a52} - C:\WINDOWS\system32\gmliloss.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Promon.exe] PROMon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [78da517f] rundll32.exe "C:\WINDOWS\system32\ndthrlha.dll",b
O4 - HKLM\..\Run: [ZSScheduler] rundll32.exe "C:\Program Files\FBM Software\ZeroSpyware\zsscheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
O4 - HKLM\..\RunOnceEx: [Flags] 128
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Compaq Client Manager.lnk = C:\Program Files\Compaq Wireless LAN\Client Manager\CMcom.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} () - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.Exe


--
End of file - 6444 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel(R) NMSCFG Driver>

S0 Partizan - c:\windows\system32\drivers\partizan.sys (file missing)
S3 RegGuard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NMSSvc (Intel(R) NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VM Network Connection
Device ID: PCI\VEN_8086&DEV_1038&SUBSYS_00980E11&REV_42\4&139E449D&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VM Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1038&SUBSYS_00980E11&REV_42\4&139E449D&0&40F0
Service: E100B


-- Scheduled Tasks -------------------------------------------------------------

2008-05-24 20:05:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-27 and 2008-05-27 -----------------------------

2008-05-26 20:40:08 0 d-------- C:\Program Files\iTunes
2008-05-26 20:22:50 0 d-------- C:\Program Files\StumbleUpon
2008-05-08 23:26:08 0 d-------- C:\Program Files\iTunes(2)
2008-05-08 23:22:01 0 d-------- C:\Program Files\Apple Software Update
2008-05-08 23:21:11 0 d-------- C:\Program Files\Common Files\Apple
2008-05-07 19:01:31 3129344 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-05-06 21:11:16 0 d-------- C:\Documents and Settings\Owner\Application Data\StumbleUpon
2008-05-06 12:14:32 0 d-------- C:\WINDOWS\system32\glvLog
2008-05-04 22:53:05 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-04 22:52:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-04 22:52:38 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 21:24:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-04 21:20:51 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-04 21:20:51 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-04 21:20:51 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-04 21:20:51 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-04 21:20:51 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-04 21:20:51 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-04 21:20:51 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-04 21:20:51 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-04 21:20:51 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-04 21:20:51 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-04 21:20:51 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-04 21:20:51 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-04 21:20:51 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-04 21:20:50 524288 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2008-05-04 15:19:11 0 d-------- C:\WINDOWS\system32\zsfiles
2008-05-04 15:18:50 131072 --a------ C:\WINDOWS\system32\datestamp.dll <Not Verified; FBMSoftware; FBMSoftware TimeStamp>
2008-05-04 15:18:12 0 d-------- C:\WINDOWS\system32\ZeroSpyware
2008-05-04 15:18:02 64336 --a------ C:\WINDOWS\system32\zsnotify.dll <Not Verified; FBM; FBM zsnotify>
2008-05-04 15:13:43 0 d-------- C:\Program Files\FBM Software
2008-05-04 13:14:13 95296 --a------ C:\WINDOWS\system32\ndthrlha.dll
2008-05-04 13:14:07 108096 --a------ C:\WINDOWS\system32\gmliloss.dll
2008-05-04 12:44:20 108096 --a------ C:\WINDOWS\system32\lortxswd.dll
2008-05-04 00:47:22 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-05-04 00:45:40 0 d-------- C:\Program Files\Greatis
2008-05-04 00:35:12 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-04 00:35:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-04 00:34:58 0 dr------- C:\Documents and Settings\LocalService\Favorites


-- Find3M Report ---------------------------------------------------------------

2008-05-26 20:45:31 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-05-26 20:40:40 0 d-------- C:\Program Files\QuickTime
2008-05-26 20:23:55 0 d-------- C:\Program Files\iPod
2008-05-08 23:21:11 0 d-------- C:\Program Files\Common Files
2008-05-04 22:52:18 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-04 15:18:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 13:28:48 0 d-------- C:\Program Files\DivX
2008-04-23 15:06:47 0 d-------- C:\Program Files\BitTorrent
2008-04-02 20:26:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8566021b-55dd-40fc-b17c-472ee2b53a52}]
05/04/2008 01:14 PM 108096 --a------ C:\WINDOWS\system32\gmliloss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 03:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/17/2007 11:31 PM]
"Promon.exe"="PROMon.exe" [04/18/2002 06:32 PM C:\WINDOWS\system32\PROMon.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/15/2004 09:00 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/16/2008 09:33 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"78da517f"="C:\WINDOWS\system32\ndthrlha.dll" [05/04/2008 11:41 PM]
"ZSScheduler"="C:\Program Files\FBM Software\ZeroSpyware\zsscheduler.dll" [05/26/2006 04:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"Aim6"="" []
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" []
"QdrPack15"="C:\Program Files\QdrPack\QdrPack15.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Client Manager.lnk - C:\Program Files\Compaq Wireless LAN\Client Manager\CMcom.EXE [8/25/2007 6:22:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B3102264-D09D-4322-B625-503FBF18DD7E}"= C:\WINDOWS\system32\tuvSmnlI.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zsnotify]
zsnotify.dll 05/26/2006 04:11 PM 64336 C:\WINDOWS\system32\zsnotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

*Newly Created Service* - NMSCFG



-- End of Deckard's System Scanner: finished at 2008-05-27 16:31:36 ------------

Attachments

Status
Not open for further replies.
1 - 3 of 3 Posts
Here also are my results from the Panda Scan

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-27 21:49:00
PROTECTIONS: 1
MALWARE: 44
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.524 7.5.524 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][1].txt
00284441 adware/xpasswordmanager Adware No 0 Yes No c:\windows\system32\ld3d9.tmp
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\[email protected][2].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
02913341 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{DCB2967A-4152-4D77-A698-1310E89B4AAF}\RP189\A0037282.exe
02936956 Adware/SideSearch Adware No 0 Yes No C:\System Volume Information\_restore{DCB2967A-4152-4D77-A698-1310E89B4AAF}\RP188\A0037252.dll
02938488 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{DCB2967A-4152-4D77-A698-1310E89B4AAF}\RP190\A0037558.dll
02938555 Adware/Spymaxx Adware No 0 Yes No C:\System Volume Information\_restore{DCB2967A-4152-4D77-A698-1310E89B4AAF}\RP190\A0037585.exe
02938555 Adware/Spymaxx Adware No 0 Yes No C:\System Volume Information\_restore{DCB2967A-4152-4D77-A698-1310E89B4AAF}\RP190\A0037584.exe
02938569 Trj/Agent.ISY Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{DCB2967A-4152-4D77-A698-1310E89B4AAF}\RP187\A0037249.exe
02940030 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{DCB2967A-4152-4D77-A698-1310E89B4AAF}\RP190\A0037562.dll
02940030 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\GMLILOSS.DLL
02940030 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{DCB2967A-4152-4D77-A698-1310E89B4AAF}\RP190\A0037559.dll
02940030 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\lortxswd.dll
02947659 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{DCB2967A-4152-4D77-A698-1310E89B4AAF}\RP188\A0037253.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location q
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description q
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 q
184379 MEDIUM MS08-001 q
182048 HIGH MS07-069 q
182046 HIGH MS07-067 q
182043 HIGH MS07-064 q
179553 HIGH MS07-061 q
176382 HIGH MS07-057 q
176383 HIGH MS07-058 q
;===================================================================================================================================================================================

Sorry i tried to edit my post but apparently i can't. That was the PandaScan, i think i've posted all the logs you need. I tried to Download the Windows Service pack but it said that I was skipping a service pack inbetween or something like that. If I need anything else please tell me
See less See more
Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

=======================================

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.
See less See more
1 - 3 of 3 Posts
Status
Not open for further replies.
Top