Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

i keep getting pop ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

i keep getting pop ups

Unread postby whoelsebutme582 » February 12th, 2008, 11:51 am

hey i keep getting these rubbish pop ups and i have done various scans with anti-spyware programs and others so here is my HJT log please help


Logfile of HijackThis v1.99.1
Scan saved at 15:44:31, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Musik_Junky\Desktop\New Folder\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?

LinkId=69157
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"

/minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10

\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program

Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} -

C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %

windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -

http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -

http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/windows ... b_site.cab?

1197476923328
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -

http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1

\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1

\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32

\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile

Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7

\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7

\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program

Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH -

C:\WINDOWS\System32\TuneUpDefragService.exe
whoelsebutme582
Active Member
 
Posts: 6
Joined: February 12th, 2008, 10:14 am
Advertisement
Register to Remove

Re: i keep getting pop ups

Unread postby Simon V. » February 15th, 2008, 6:24 pm

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

You have Word Wrap turned on, this is making your logs difficult to read.

  • Open Notepad.
  • Go to Format and untick Word Wrap.

Please post a new HijackThis log in your next reply, with Word Wrap turned off.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: i keep getting pop ups

Unread postby whoelsebutme582 » February 15th, 2008, 8:27 pm

hey sorry about that i hope this is better oh and thanks for helping me out

Logfile of HijackThis v1.99.1
Scan saved at 00:26:21, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - Startup: PrevxCSI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7476923328
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
whoelsebutme582
Active Member
 
Posts: 6
Joined: February 12th, 2008, 10:14 am

Re: i keep getting pop ups

Unread postby Simon V. » February 16th, 2008, 4:21 am

Hi :)

Step 1

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.

  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • When the cleaner has completed, click Tools in the Left Pane.
  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save, then exit Ccleaner.

Step 2

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofi ... e-combofix

Post the log from ComboFix (C:\Combofix.txt) when you've accomplished that, along with a new HijackThis log and the CCleaner Uninstall List (install.txt).
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: i keep getting pop ups

Unread postby whoelsebutme582 » February 16th, 2008, 9:46 am

hey here they are:


COMBO FIX

ComboFix 08-02-16.2 - Musik_Junky 2008-02-16 13:34:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.483 [GMT 0:00]
Running from: C:\Documents and Settings\Musik_Junky\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\pxhelp200.sys
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\pxhelp200.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_PXHELP200
-------\nm
-------\pxhelp200


((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-16 13:17 . 2008-02-16 13:17 <DIR> d-------- C:\Program Files\CCleaner
2008-02-15 18:34 . 2008-02-15 18:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-15 18:34 . 2008-02-15 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-15 18:25 . 2008-02-15 18:25 <DIR> d-------- C:\Program Files\PrevxCSI
2008-02-15 18:23 . 2004-08-03 22:59 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys
2008-02-15 18:23 . 2004-08-03 22:59 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2008-02-15 18:23 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\i2omgmt.sys
2008-02-15 18:23 . 2004-08-03 23:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-02-15 18:23 . 2004-08-03 22:59 5,376 --a------ C:\WINDOWS\system32\drivers\viaide.sys
2008-02-15 18:23 . 2004-08-03 22:59 5,376 --a--c--- C:\WINDOWS\system32\dllcache\viaide.sys
2008-02-15 18:22 . 2008-02-15 19:47 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\PrevxCSI
2008-02-13 18:15 . 2008-02-13 18:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-13 18:15 . 2008-02-13 18:15 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-13 18:15 . 2008-02-13 18:15 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\Malwarebytes
2008-02-13 18:15 . 2008-02-13 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-13 10:40 . 2008-02-13 16:55 <DIR> d-------- C:\Program Files\Google
2008-02-12 14:16 . 2008-02-12 14:17 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\MiniDm
2008-02-12 03:06 . 2008-02-12 03:06 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\IEPro
2008-02-12 02:13 . 2008-02-12 02:13 <DIR> d-------- C:\Program Files\iPod
2008-02-12 02:11 . 2008-02-12 02:11 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-12 02:11 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-02-11 18:01 . 2008-02-11 18:01 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\Lavasoft
2008-02-11 15:53 . 2008-02-11 15:53 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\Grisoft
2008-02-11 15:52 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-11 15:46 . 2008-02-12 15:07 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\AVG7
2008-02-11 15:46 . 2008-02-11 15:46 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-11 15:46 . 2008-02-11 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-11 15:46 . 2008-02-11 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-07 23:50 . 2008-02-07 23:50 0 --a------ C:\WINDOWS\mngui.INI
2008-02-04 12:19 . 2008-02-04 12:20 9,662 --a------ C:\WINDOWS\EPISME00.SWB
2008-02-04 12:06 . 2008-02-04 12:06 37,072 --a------ C:\Documents and Settings\Musik_Junky\Application Data\GDIPFONTCACHEV1.DAT
2008-02-04 11:15 . 2008-02-04 11:15 <DIR> d-------- C:\Program Files\HighCriteria
2008-02-04 11:14 . 2004-11-14 14:38 122,880 --a------ C:\WINDOWS\system32\DrvTRNT1.dll
2008-02-03 16:53 . 2008-02-11 15:19 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-03 16:52 . 2008-02-11 16:25 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-03 16:52 . 2008-02-03 16:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 16:52 . 2008-02-03 16:52 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\TuneUp Software
2008-02-03 16:52 . 2008-02-03 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-03 16:52 . 2008-02-03 16:52 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-03 16:52 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-03 16:41 . 2008-02-11 18:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-01 22:45 . 2008-02-02 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-02-01 22:44 . 2008-02-01 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2008-02-01 17:25 . 2008-02-13 17:05 <DIR> d-------- C:\Program Files\DivX
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-28 13:12 . 2008-02-01 12:44 <DIR> d-------- C:\Program Files\CSI Crime Scene Investigation Hard Evidence
2008-01-25 14:26 . 2008-01-25 15:06 <DIR> d-------- C:\EPSON
2008-01-22 21:22 . 2008-01-22 21:22 86,528 --a------ C:\WINDOWS\bnetunin.exe
2008-01-22 21:22 . 2008-01-22 21:22 61,440 --a------ C:\WINDOWS\diabunin.exe
2008-01-22 21:18 . 2008-01-22 21:29 <DIR> d-------- C:\Program Files\Diablo
2008-01-21 11:25 . 2008-01-21 11:25 <DIR> d-------- C:\CURRENT
2008-01-21 11:24 . 2008-01-21 11:24 <DIR> d-------- C:\DEFUALT
2008-01-21 11:22 . 2008-01-21 11:22 <DIR> d-------- C:\DEFAULT
2008-01-20 15:06 . 2008-01-20 15:06 <DIR> d-------- C:\Program Files\DAMN NFO Viewer
2008-01-16 19:49 . 2006-03-13 18:52 96,224 -ra------ C:\WINDOWS\system32\drivers\w800mdm.sys
2008-01-16 19:49 . 2006-03-13 18:52 87,792 -ra------ C:\WINDOWS\system32\drivers\w800mgmt.sys
2008-01-16 19:49 . 2006-03-13 18:52 85,664 -ra------ C:\WINDOWS\system32\drivers\w800obex.sys
2008-01-16 19:49 . 2006-03-13 18:52 60,768 -ra------ C:\WINDOWS\system32\drivers\w800bus.sys
2008-01-16 19:49 . 2006-03-13 18:52 9,264 -ra------ C:\WINDOWS\system32\drivers\w800mdfl.sys
2008-01-16 19:49 . 2006-03-13 18:52 6,144 -ra------ C:\WINDOWS\system32\drivers\w800cmnt.sys
2008-01-16 19:49 . 2006-03-13 18:52 6,144 -ra------ C:\WINDOWS\system32\drivers\w800cm.sys
2008-01-16 19:49 . 2006-03-13 18:52 5,744 -ra------ C:\WINDOWS\system32\drivers\w800whnt.sys
2008-01-16 19:49 . 2006-03-13 18:52 5,744 -ra------ C:\WINDOWS\system32\drivers\w800wh.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 03:26 --------- d-----w C:\Documents and Settings\Musik_Junky\Application Data\uTorrent
2008-02-15 19:47 10,752 ----a-w C:\WINDOWS\system32\drivers\pxark.sys
2008-02-13 16:50 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-13 16:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-12 02:13 --------- d-----w C:\Program Files\iTunes
2008-02-12 02:12 --------- d-----w C:\Program Files\QuickTime
2008-02-11 17:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-11 15:34 --------- d-----w C:\Program Files\Windows Live
2008-02-11 15:33 --------- d-----w C:\Program Files\EphPod
2008-02-08 16:01 --------- d-----w C:\Program Files\Instant CD & DVD Burner
2008-01-25 15:08 --------- d-----w C:\Program Files\EPSON
2008-01-15 13:41 --------- d-----w C:\Program Files\Red Kawa
2008-01-13 16:31 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-13 16:11 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-02 22:47 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-02 18:05 --------- d-----w C:\Documents and Settings\Musik_Junky\Application Data\Apple Computer
2008-01-01 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\iZotope
2008-01-01 18:42 --------- d-----w C:\Program Files\Common Files\iZotope
2008-01-01 18:04 --------- d-----w C:\Program Files\uTorrent
2007-12-30 20:50 --------- d-----w C:\Documents and Settings\Musik_Junky\Application Data\Leadertech
2007-12-30 20:00 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-30 20:00 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-30 20:00 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-30 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-12-30 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-12-30 19:56 --------- d-----w C:\Program Files\Disc2Phone
2007-12-30 19:52 --------- d-----w C:\Documents and Settings\Musik_Junky\Application Data\Teleca
2007-12-30 18:44 --------- d-----w C:\Documents and Settings\Musik_Junky\Application Data\Sony Ericsson
2007-12-26 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-26 16:34 --------- d-----w C:\Program Files\Apple Software Update
2007-12-26 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-22 16:06 --------- d-----w C:\Program Files\Huawei technologies
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 18:14 15473664 C:\WINDOWS\RTHDCPL.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-11 17:09 579072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-11 17:09 219136]

C:\Documents and Settings\Musik_Junky\Start Menu\Programs\Startup\
PrevxCSI.lnk - C:\Program Files\PrevxCSI\prevxcsi.exe [2008-02-15 18:25:29 94208]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-10-15 13:29 88203 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-10-14 22:26 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-10-14 22:28 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
--a------ 2005-12-08 12:53 352256 C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-02-15 19:47]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 18:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 18:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 18:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 18:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 18:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 18:06]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-03 16:52]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eb23782-b65f-11dc-9a9b-00a0d13a7e25}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eb23783-b65f-11dc-9a9b-00a0d13a7e25}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26b35c95-a6bb-11dc-9a75-0003c9eb479d}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae68d96a-b0a7-11dc-9a95-00a0d13a7e25}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae68d96e-b0a7-11dc-9a95-00a0d13a7e25}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd7cfa98-b4af-11dc-9a99-00a0d13a7e25}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd7cfa99-b4af-11dc-9a99-00a0d13a7e25}]
\Shell\AutoRun\command - G:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-03 16:52:51 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2007-12-26 16:34:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-09 17:26:50 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-12-09 17:26:50 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-12-09 17:26:51 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 13:38:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
.
**************************************************************************
.
Completion time: 2008-02-16 13:40:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 13:39:38
.
2008-01-16 13:24:49 --- E O F ---


HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 13:42:02, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: PrevxCSI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7476923328
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe


CCLEANER

µTorrent
4oD
Ad-Aware SE Professional
Adobe Flash Player ActiveX
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 7.5
AVG Anti-Spyware 7.5
Battle.net
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Diablo
Disc2Phone
EPSON Printer Software
Fable - The Lost Chapters
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
iTunes
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Web Components
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB936181)
Prevx CSI
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
Runtime 8.0 Libraries
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Sony Ericsson PC Suite
Synaptics Pointing Device Driver
TOSHIBA Hotkey Utility
TOSHIBA Software Modem
TOSHIBA Utilities
TuneUp Utilities 2008
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB946627)
VideoLAN VLC media player 0.8.6d
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
WinRAR archiver


i hope i done that right haha
whoelsebutme582
Active Member
 
Posts: 6
Joined: February 12th, 2008, 10:14 am

Re: i keep getting pop ups

Unread postby Simon V. » February 16th, 2008, 10:59 am

Hi,

I understand that downloading music and other files may be important to you; however, the Peer-to-Peer programs that you are using to do that, even if they are not infected with malware, will bring malware into your system. Therefore, the chances of you becoming infected again are very high. This obviously can result in disabling your computer and could even lead to someone stealing sensitive personal data from your computer. Beyond the inconvenience this causes you, these programs also tend to use your computer as a server to spread more infection all over the internet, so your computer becomes a part of the malware problem.

Remember that no matter how clean the program you're using for Peer-to-Peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via Peer-to-Peer filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Any program or file that offers you the ability to access non-freeware programs at no cost, e.g., pirated software and/or cracks/key generators for gaining access to legitimate software, is 100% guaranteed to contain malware.

Here is some information that looks at the rates of infection:

http://www.benedelman.org/spyware/p2p/

With that being said, I recommend that you remove the following Peer-to-Peer program(s):

(Click on Start, then Control Panel. Double click on Add or Remove Programs)

µTorrent

Step 1

Open Notepad (Go to Start > Run, type Notepad and hit Enter), and copy/paste the text in the quotebox below into it:

Code: Select all
File::

C:\WINDOWS\bnetunin.exe
C:\WINDOWS\diabunin.exe

Registry::

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Click on File > Save as....

In the File Name box, copy/paste CFScript.txt (Note: Do not change the filename!)

Click Save (Save the CFScript in the same location as Combofix.exe)

Close any open windows.

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Image

Referring to the picture above, drag CFScript into ComboFix.exe.
It will create a log. Be sure to save it to a convenient location.

Step 2

Close all programs before continuing, and try not to run anything during the scan.

Please do an online scan with Kaspersky WebScanner. (You will need to use Internet Explorer to run this scan)

On the welcome screen, click Accept.

You will be promted to install an ActiveX component from Kaspersky, click Install.

  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on Next.
  • Now click on Scan Settings.
  • In the scan settings make sure that the following are selected:

  • Scan using the following Anti-Virus database:

    Extended (if available, otherwise Standard)

  • Scan Options:

    Scan Archives
    Scan Mail Bases

  • Click OK.
  • Now under Select a Target to Scan:

    Select My Computer.

  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button and save the file to your desktop.

Step 3

In your next reply, please post:

  • the Combofix log (C:\Combofix.txt)
  • the Kaspersky Online Scan report
  • a new HijackThis log
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: i keep getting pop ups

Unread postby whoelsebutme582 » February 16th, 2008, 12:15 pm

hey i took ur advice nd got rid of utorrent thanks. oh and i have attached the kaspersky log.

COMBOFIX

ComboFix 08-02-16.2 - Musik_Junky 2008-02-16 15:12:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.534 [GMT 0:00]
Running from: C:\Documents and Settings\Musik_Junky\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Musik_Junky\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\bnetunin.exe
C:\WINDOWS\diabunin.exe


.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\bnetunin.exe
C:\WINDOWS\diabunin.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-16 15:12 . 2008-02-16 15:13 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-02-16 13:17 . 2008-02-16 13:17 <DIR> d-------- C:\Program Files\CCleaner
2008-02-15 18:34 . 2008-02-15 18:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-15 18:34 . 2008-02-15 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-15 18:25 . 2008-02-15 18:25 <DIR> d-------- C:\Program Files\PrevxCSI
2008-02-15 18:23 . 2004-08-03 22:59 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys
2008-02-15 18:23 . 2004-08-03 22:59 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2008-02-15 18:23 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\i2omgmt.sys
2008-02-15 18:23 . 2004-08-03 23:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-02-15 18:23 . 2004-08-03 22:59 5,376 --a------ C:\WINDOWS\system32\drivers\viaide.sys
2008-02-15 18:23 . 2004-08-03 22:59 5,376 --a--c--- C:\WINDOWS\system32\dllcache\viaide.sys
2008-02-15 18:22 . 2008-02-15 19:47 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\PrevxCSI
2008-02-13 18:15 . 2008-02-13 18:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-13 18:15 . 2008-02-13 18:15 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-13 18:15 . 2008-02-13 18:15 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\Malwarebytes
2008-02-13 18:15 . 2008-02-13 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-13 10:40 . 2008-02-13 16:55 <DIR> d-------- C:\Program Files\Google
2008-02-12 14:16 . 2008-02-12 14:17 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\MiniDm
2008-02-12 03:06 . 2008-02-12 03:06 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\IEPro
2008-02-12 02:13 . 2008-02-12 02:13 <DIR> d-------- C:\Program Files\iPod
2008-02-12 02:11 . 2008-02-12 02:11 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-12 02:11 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-02-11 18:01 . 2008-02-11 18:01 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\Lavasoft
2008-02-11 15:53 . 2008-02-11 15:53 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\Grisoft
2008-02-11 15:52 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-11 15:46 . 2008-02-12 15:07 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\AVG7
2008-02-11 15:46 . 2008-02-11 15:46 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-11 15:46 . 2008-02-11 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-11 15:46 . 2008-02-11 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-07 23:50 . 2008-02-07 23:50 0 --a------ C:\WINDOWS\mngui.INI
2008-02-04 12:19 . 2008-02-04 12:20 9,662 --a------ C:\WINDOWS\EPISME00.SWB
2008-02-04 12:06 . 2008-02-04 12:06 37,072 --a------ C:\Documents and Settings\Musik_Junky\Application Data\GDIPFONTCACHEV1.DAT
2008-02-04 11:15 . 2008-02-04 11:15 <DIR> d-------- C:\Program Files\HighCriteria
2008-02-04 11:14 . 2004-11-14 14:38 122,880 --a------ C:\WINDOWS\system32\DrvTRNT1.dll
2008-02-03 16:53 . 2008-02-11 15:19 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-03 16:52 . 2008-02-11 16:25 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-03 16:52 . 2008-02-03 16:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 16:52 . 2008-02-03 16:52 <DIR> d-------- C:\Documents and Settings\Musik_Junky\Application Data\TuneUp Software
2008-02-03 16:52 . 2008-02-03 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-03 16:52 . 2008-02-03 16:52 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-03 16:52 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-03 16:41 . 2008-02-11 18:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-01 22:45 . 2008-02-02 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-02-01 22:44 . 2008-02-01 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2008-02-01 17:25 . 2008-02-13 17:05 <DIR> d-------- C:\Program Files\DivX
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-28 13:12 . 2008-02-01 12:44 <DIR> d-------- C:\Program Files\CSI Crime Scene Investigation Hard Evidence
2008-01-25 14:26 . 2008-01-25 15:06 <DIR> d-------- C:\EPSON
2008-01-22 21:18 . 2008-01-22 21:29 <DIR> d-------- C:\Program Files\Diablo
2008-01-21 11:25 . 2008-01-21 11:25 <DIR> d-------- C:\CURRENT
2008-01-21 11:24 . 2008-01-21 11:24 <DIR> d-------- C:\DEFUALT
2008-01-21 11:22 . 2008-01-21 11:22 <DIR> d-------- C:\DEFAULT
2008-01-20 15:06 . 2008-01-20 15:06 <DIR> d-------- C:\Program Files\DAMN NFO Viewer
2008-01-16 19:49 . 2006-03-13 18:52 96,224 -ra------ C:\WINDOWS\system32\drivers\w800mdm.sys
2008-01-16 19:49 . 2006-03-13 18:52 87,792 -ra------ C:\WINDOWS\system32\drivers\w800mgmt.sys
2008-01-16 19:49 . 2006-03-13 18:52 85,664 -ra------ C:\WINDOWS\system32\drivers\w800obex.sys
2008-01-16 19:49 . 2006-03-13 18:52 60,768 -ra------ C:\WINDOWS\system32\drivers\w800bus.sys
2008-01-16 19:49 . 2006-03-13 18:52 9,264 -ra------ C:\WINDOWS\system32\drivers\w800mdfl.sys
2008-01-16 19:49 . 2006-03-13 18:52 6,144 -ra------ C:\WINDOWS\system32\drivers\w800cmnt.sys
2008-01-16 19:49 . 2006-03-13 18:52 6,144 -ra------ C:\WINDOWS\system32\drivers\w800cm.sys
2008-01-16 19:49 . 2006-03-13 18:52 5,744 -ra------ C:\WINDOWS\system32\drivers\w800whnt.sys
2008-01-16 19:49 . 2006-03-13 18:52 5,744 -ra------ C:\WINDOWS\system32\drivers\w800wh.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 19:47 10,752 ----a-w C:\WINDOWS\system32\drivers\pxark.sys
2008-02-13 16:50 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-13 16:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-12 02:13 --------- d-----w C:\Program Files\iTunes
2008-02-12 02:12 --------- d-----w C:\Program Files\QuickTime
2008-02-11 17:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-11 15:34 --------- d-----w C:\Program Files\Windows Live
2008-02-11 15:33 --------- d-----w C:\Program Files\EphPod
2008-02-08 16:01 --------- d-----w C:\Program Files\Instant CD & DVD Burner
2008-01-25 15:08 --------- d-----w C:\Program Files\EPSON
2008-01-15 13:41 --------- d-----w C:\Program Files\Red Kawa
2008-01-13 16:31 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-13 16:11 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-02 22:47 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-02 18:05 --------- d-----w C:\Documents and Settings\Musik_Junky\Application Data\Apple Computer
2008-01-01 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\iZotope
2008-01-01 18:42 --------- d-----w C:\Program Files\Common Files\iZotope
2007-12-30 20:50 --------- d-----w C:\Documents and Settings\Musik_Junky\Application Data\Leadertech
2007-12-30 20:00 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-30 20:00 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-30 20:00 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-30 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-12-30 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-12-30 19:56 --------- d-----w C:\Program Files\Disc2Phone
2007-12-30 19:52 --------- d-----w C:\Documents and Settings\Musik_Junky\Application Data\Teleca
2007-12-30 18:44 --------- d-----w C:\Documents and Settings\Musik_Junky\Application Data\Sony Ericsson
2007-12-26 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-26 16:34 --------- d-----w C:\Program Files\Apple Software Update
2007-12-26 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-22 16:06 --------- d-----w C:\Program Files\Huawei technologies
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 18:14 15473664 C:\WINDOWS\RTHDCPL.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-11 17:09 579072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-11 17:09 219136]

C:\Documents and Settings\Musik_Junky\Start Menu\Programs\Startup\
PrevxCSI.lnk - C:\Program Files\PrevxCSI\prevxcsi.exe [2008-02-15 18:25:29 94208]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-10-15 13:29 88203 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-10-14 22:26 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-10-14 22:28 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
--a------ 2005-12-08 12:53 352256 C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-02-15 19:47]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 18:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 18:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 18:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 18:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 18:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 18:06]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-03 16:52]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eb23782-b65f-11dc-9a9b-00a0d13a7e25}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eb23783-b65f-11dc-9a9b-00a0d13a7e25}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26b35c95-a6bb-11dc-9a75-0003c9eb479d}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae68d96a-b0a7-11dc-9a95-00a0d13a7e25}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae68d96e-b0a7-11dc-9a95-00a0d13a7e25}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd7cfa98-b4af-11dc-9a99-00a0d13a7e25}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd7cfa99-b4af-11dc-9a99-00a0d13a7e25}]
\Shell\AutoRun\command - G:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-03 16:52:51 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2007-12-26 16:34:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-09 17:26:50 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-12-09 17:26:50 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-12-09 17:26:51 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 15:13:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-16 15:14:13
ComboFix-quarantined-files.txt 2008-02-16 15:14:05
.
2008-01-16 13:24:49 --- E O F ---


HIJACKTHIS LOG


Logfile of HijackThis v1.99.1
Scan saved at 16:10:44, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: PrevxCSI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7476923328
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe


KASPERSKY LOG


Saturday, February 16, 2008 4:06:50 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/02/2008
Kaspersky Anti-Virus database records: 569028


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 31632
Number of viruses found 2
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 00:34:52

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Musik_Junky\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Musik_Junky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Musik_Junky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Musik_Junky\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Musik_Junky\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Musik_Junky\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Musik_Junky\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Musik_Junky\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\QooBox\Quarantine\catchme2008-02-16_133804.14.zip/pxhelp200.sys Infected: Rootkit.Win32.Agent.zl skipped

C:\QooBox\Quarantine\catchme2008-02-16_133804.14.zip ZIP: infected - 1 skipped

C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP3\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{971EFF48-46F6-4115-A126-B7F27E1DF3E8}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\rk.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP3\change.log Object is locked skipped

Scan process completed.
whoelsebutme582
Active Member
 
Posts: 6
Joined: February 12th, 2008, 10:14 am

Re: i keep getting pop ups

Unread postby whoelsebutme582 » February 16th, 2008, 12:19 pm

sorry i posted the kaspersky log from a html fil heres the txt version


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 16, 2008 4:17:24 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/02/2008
Kaspersky Anti-Virus database records: 569028
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 31632
Number of viruses found: 2
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 00:34:52

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Musik_Junky\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Musik_Junky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Musik_Junky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Musik_Junky\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Musik_Junky\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Musik_Junky\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Musik_Junky\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Musik_Junky\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\catchme2008-02-16_133804.14.zip/pxhelp200.sys Infected: Rootkit.Win32.Agent.zl skipped
C:\QooBox\Quarantine\catchme2008-02-16_133804.14.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP3\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{971EFF48-46F6-4115-A126-B7F27E1DF3E8}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\rk.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{9CD80158-4028-4D5D-9E72-BF51B5A015D3}\RP3\change.log Object is locked skipped

Scan process completed.
whoelsebutme582
Active Member
 
Posts: 6
Joined: February 12th, 2008, 10:14 am

Re: i keep getting pop ups

Unread postby Simon V. » February 16th, 2008, 12:30 pm

Hi :)

Be sure that you are set to see hidden files and folders:

  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.

    • Put a checkmark in the checkbox labeled Display the contents of system folders.
    • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    • Remove the checkmark from the checkbox labeled Hide protected operating system files. Answer Yes to the prompt.

  • Press the Apply button and then the OK button and close My Computer.

Then navigate to the following file using Windows Explorer and delete it when found:

C:\WINDOWS\system32\rk.exe

In your next reply, please let me know how your computer is currently running.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: i keep getting pop ups

Unread postby whoelsebutme582 » February 16th, 2008, 1:01 pm

hey

i have been on the internet for a while now nd not a single pop up!!! thank u so much for u help
whoelsebutme582
Active Member
 
Posts: 6
Joined: February 12th, 2008, 10:14 am

Re: i keep getting pop ups

Unread postby Simon V. » February 16th, 2008, 2:54 pm

whoelsebutme582 wrote:hey

i have been on the internet for a while now nd not a single pop up!!! thank u so much for u help

That's great to hear :)

As your logs look clean, I'll give you some tips to keep your computer clean in the future:

Click Start then Run....

  • Type Combofix /u in the runbox and click OK. (Note: The space between the x and the /u needs to be there)

    Image

  • This will uninstall Combofix.

Make your Internet Explorer More Secure

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.

    • Change the Download signed ActiveX controls to Prompt.
    • Change the Download unsigned ActiveX controls to Disable.
    • Change the Initialise and script ActiveX controls not marked as safe to Disable.
    • Change the Installation of desktop items to Prompt.
    • Change the Launching programs and files in an IFRAME to Prompt.
    • Change the Navigate sub-frames across different domains to Prompt.
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.

  • Next press the Apply button and then the OK to exit the Internet Properties page.

Use a Firewall - Without a firewall your computer is susceptible to being hacked and taken over. The Windows firewall isn't sufficient as it only monitors incoming connections.

Here are a few (free) firewalls, please download and install one of them:


Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install WinPatrol - An excellent startup manager, notifies you if programs are added to startup, allows delayed startup, ... A must have! An installation guide can be found here: http://www.winpatrol.com/download.html

Install Spybot - Search and Destroy - You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here (do not install TeaTimer): http://www.bleepingcomputer.com/tutoria ... ial43.html

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial can be found here: http://www.bleepingcomputer.com/tutoria ... ial49.html

Install IE-Spyad - IE-Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here: http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD

Update All Your Security Programs Regularly - Make sure you update all your security programs (Anti-Virus, Firewall, Anti-Spyware) regularly (once a weak, at least). Without regular updates you WILL NOT be protected when new malicious programs are released.

You can also read this excellent article by TonyKlein: So how did I get infected in the first place?

Follow this list and your potential for being infected again will reduce dramatically.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: i keep getting pop ups

Unread postby silver » February 22nd, 2008, 9:01 pm

Since this issue appears to be resolved, this topic has been closed. Glad we could be of assistance.

If you wish it reopened, please send an email to admin at malwareremoval.com with a link to your thread.

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

You can help support this site from this link :
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware