View Full Version : IE Popups
Hi
I use Firefox but keep getting pop-ups from Internet Explorer. I have run SpyBot a number of times as well as AdAware & AVG anti-virus but nothing seems to remove them and wondered if you could help? I'm not very computer-savvy but as long as everything I need to do is explained in simple terms I should be OK.
Thanking you in advance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:29 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Program Files\Canon\CAL\CALMAIN.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
E:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
E:\Program Files\OpenOffice.org 2.1\program\soffice.exe
E:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\PROGRA~1\AVG\AVG8\avgscanx.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Epson RX-630] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P12 "Epson RX-630" /O5 "LPT1:" /M "Stylus Photo RX630"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DataLayer] E:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Cornmove] E:\DOCUME~1\ELIZAB~1\APPLIC~1\INSIDE~1\Sect Poke.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = E:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = E:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://E:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?bfeea8ed12f6439a9658600dd8e2da9b
O8 - Extra context menu item: Open in new foreground tab - res://E:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?bfeea8ed12f6439a9658600dd8e2da9b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
--
End of file - 11622 bytes
pskelley
2008-10-12, 16:58
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.
You have at least this nasty infection. The second link can be how you got it?
http://research.sunbelt-software.com/threatdisplay.aspx?name=C2.lop&threatid=8144
http://inetexplorer.mvps.org/answers/43.html
Thanks to skate_punk_21 and anyone else who helped with this fix.
Please download NoLop to the Desktop from one of these links:
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/index.php?action=tpmod;dl=get16
Close any programs you have running since a reboot is required
Double click NoLop.exe to run it
Next, click the button labeled: Search and Destroy
<<your computer will now be scanned for infected files>>
When the scan finishes, if infected, you are prompted to reboot
Click OK
Now click: REBOOT
A Message should popup from NoLop. If not, double click the program again and it will finish.
Please Post the contents of C:\NoLop.log along with a new HijackThis log
Thanks
Thank you for your quick reply.
I ran NoLop and it came up with 2 infections which I didn't copy at that time as I believed the log would come up after the reboot, but it didn't. I double clicked the program and nothing happened except the same as the first time so I wasn't sure what to do, so I asked it to scan again and this time it didn't show any infection. Sorry if I should have copied the infection after the original scan.
I know I'm still infected as I just got another popup. I'll take your advice and not use this computer online.
Results of the HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:41 PM, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Program Files\Canon\CAL\CALMAIN.exe
E:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\OpenOffice.org 2.1\program\soffice.exe
E:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
E:\PROGRA~1\AVG\AVG8\avgscanx.exe
E:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Epson RX-630] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P12 "Epson RX-630" /O5 "LPT1:" /M "Stylus Photo RX630"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DataLayer] E:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Cornmove] E:\DOCUME~1\ELIZAB~1\APPLIC~1\INSIDE~1\Sect Poke.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = E:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = E:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://E:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?bfeea8ed12f6439a9658600dd8e2da9b
O8 - Extra context menu item: Open in new foreground tab - res://E:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?bfeea8ed12f6439a9658600dd8e2da9b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
--
End of file - 11423 bytes
pskelley
2008-10-13, 12:22
Thanks for the HJT log and the feedback. I would really like to see the log from NoLop and it should be here: C:\NoLop.log <<< post it if so, I will continue.
1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)
2) Download ResetTeaTimer.bat to the Desktop
http://downloads.subratam.org/ResetTeaTimer.bat
Double click ResetTeaTimer.bat
to remove all entries set by TeaTimer (and preventing TeaTimer to restore them upon reactivation).
3) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
4) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.
5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [Cornmove] E:\DOCUME~1\ELIZAB~1\APPLIC~1\INSIDE~1\Sect Poke.exe
Close all programs but HJT and all browser windows, then click on "Fix Checked"
6) Right click Start > Explore and navigate to these files/folders and delete them if there.
This is the LOP folder, I have to guess on this, but you should know.
Navigate to the folder in red and delete it and it's contents.
E:\DOCUMENTS AND SETTING~1\ELIZABETH~1\APPLICATION DATA~1\INSIDE~1\Sect Poke.exe <<< that file is bad and in the folder
7) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
*Cleaning Prefetch may results in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html
8) Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.
How is the computer running now?
Thanks...Phil
I've found the NoLop Log and am posting it first, then I'll follow the instructions you've given me and come back to post another reply after I've done everything. I've posted the old log and the new log. I guess the old log is the one you wanted.
Note: my computer uses the letter E instead of C.
Thanks
Electra
NoLop! Log by Skate_Punk_21
Fix running from: E:\Documents and Settings\Elizabeth\Desktop
[13/10/2008]
[4:53:48 PM]
---Infection Files Found/Removed---
E:\WINDOWS\tasks\A379D131912A79D9.job
E:\WINDOWS\tasks\A9185B7B907BD4AF.job
Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**
---Listing AppData sub directories---
E:\Documents and Settings\Administrator\Application Data\Microsoft
E:\Documents and Settings\All Users\Application Data\Adobe
E:\Documents and Settings\All Users\Application Data\Apple
E:\Documents and Settings\All Users\Application Data\Apple Computer
E:\Documents and Settings\All Users\Application Data\Avg7
E:\Documents and Settings\All Users\Application Data\Avg8
E:\Documents and Settings\All Users\Application Data\Book Slow Axis Web
E:\Documents and Settings\All Users\Application Data\Grisoft
E:\Documents and Settings\All Users\Application Data\Kodak
E:\Documents and Settings\All Users\Application Data\Lavasoft
E:\Documents and Settings\All Users\Application Data\Messenger Plus!
E:\Documents and Settings\All Users\Application Data\Microsoft
E:\Documents and Settings\All Users\Application Data\Msn6
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
E:\Documents and Settings\All Users\Application Data\Udl
E:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
E:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
E:\Documents and Settings\All Users\Application Data\Winzip
E:\Documents and Settings\All Users\Application Data\Wlinstaller
E:\Documents and Settings\All Users\Application Data\Yahoo!
E:\Documents and Settings\All Users\Application Data\Yahoo! Companion
E:\Documents and Settings\All Users\Application Data\Zoombrowser -- EMPTY Directory
E:\Documents and Settings\Default User\Application Data\Microsoft
E:\Documents and Settings\Elizabeth\Application Data\Adobe
E:\Documents and Settings\Elizabeth\Application Data\Adobeaum
E:\Documents and Settings\Elizabeth\Application Data\Adobeum
E:\Documents and Settings\Elizabeth\Application Data\Apple Computer
E:\Documents and Settings\Elizabeth\Application Data\Arcsoft
E:\Documents and Settings\Elizabeth\Application Data\Avgtoolbar
E:\Documents and Settings\Elizabeth\Application Data\Dvdcss
E:\Documents and Settings\Elizabeth\Application Data\Epson
E:\Documents and Settings\Elizabeth\Application Data\Help -- EMPTY Directory
E:\Documents and Settings\Elizabeth\Application Data\Identities
E:\Documents and Settings\Elizabeth\Application Data\Inside Play
E:\Documents and Settings\Elizabeth\Application Data\Installshield
E:\Documents and Settings\Elizabeth\Application Data\Lavasoft
E:\Documents and Settings\Elizabeth\Application Data\Leadertech
E:\Documents and Settings\Elizabeth\Application Data\Macromedia
E:\Documents and Settings\Elizabeth\Application Data\Microsoft
E:\Documents and Settings\Elizabeth\Application Data\Mozilla
E:\Documents and Settings\Elizabeth\Application Data\Msn6
E:\Documents and Settings\Elizabeth\Application Data\Openoffice.org2
E:\Documents and Settings\Elizabeth\Application Data\Pc Suite
E:\Documents and Settings\Elizabeth\Application Data\Skinux -- EMPTY Directory
E:\Documents and Settings\Elizabeth\Application Data\Smart Panel
E:\Documents and Settings\Elizabeth\Application Data\Sony Corporation
E:\Documents and Settings\Elizabeth\Application Data\Sun
E:\Documents and Settings\Elizabeth\Application Data\Vlc
E:\Documents and Settings\Elizabeth\Application Data\Winrar -- EMPTY Directory
E:\Documents and Settings\Elizabeth\Application Data\Yahoo!
E:\Documents and Settings\Elizabeth\Application Data\Zoombrowser Ex
E:\Documents and Settings\Jonathan\Application Data\Adobe
E:\Documents and Settings\Jonathan\Application Data\Adobeaum
E:\Documents and Settings\Jonathan\Application Data\Adobeum
E:\Documents and Settings\Jonathan\Application Data\Avgtoolbar
E:\Documents and Settings\Jonathan\Application Data\Dvdcss
E:\Documents and Settings\Jonathan\Application Data\Help -- EMPTY Directory
E:\Documents and Settings\Jonathan\Application Data\Identities
E:\Documents and Settings\Jonathan\Application Data\Inside Play
E:\Documents and Settings\Jonathan\Application Data\Leadertech
E:\Documents and Settings\Jonathan\Application Data\Macromedia
E:\Documents and Settings\Jonathan\Application Data\Microsoft
E:\Documents and Settings\Jonathan\Application Data\Mozilla
E:\Documents and Settings\Jonathan\Application Data\Pc Suite
E:\Documents and Settings\Jonathan\Application Data\Skinux -- EMPTY Directory
E:\Documents and Settings\Jonathan\Application Data\Sun
E:\Documents and Settings\Jonathan\Application Data\Vlc
E:\Documents and Settings\Jonathan\Application Data\Yahoo!
E:\Documents and Settings\Localservice\Application Data\Microsoft
E:\Documents and Settings\Networkservice\Application Data\Microsoft
E:\Documents and Settings\Thomas\Application Data\Adobe
E:\Documents and Settings\Thomas\Application Data\Apple Computer
E:\Documents and Settings\Thomas\Application Data\Arcsoft
E:\Documents and Settings\Thomas\Application Data\Avg7
E:\Documents and Settings\Thomas\Application Data\Avgtoolbar
E:\Documents and Settings\Thomas\Application Data\Dvdcss
E:\Documents and Settings\Thomas\Application Data\Epson
E:\Documents and Settings\Thomas\Application Data\Help -- EMPTY Directory
E:\Documents and Settings\Thomas\Application Data\Identities
E:\Documents and Settings\Thomas\Application Data\Inside Play
E:\Documents and Settings\Thomas\Application Data\Leadertech
E:\Documents and Settings\Thomas\Application Data\Macromedia
E:\Documents and Settings\Thomas\Application Data\Microsoft
E:\Documents and Settings\Thomas\Application Data\Mozilla
E:\Documents and Settings\Thomas\Application Data\Nokia
E:\Documents and Settings\Thomas\Application Data\Pc Suite
E:\Documents and Settings\Thomas\Application Data\Skinux -- EMPTY Directory
E:\Documents and Settings\Thomas\Application Data\Smart Panel
E:\Documents and Settings\Thomas\Application Data\Sun
E:\Documents and Settings\Thomas\Application Data\Vlc
E:\Documents and Settings\Thomas\Application Data\Winrar -- EMPTY Directory
E:\Documents and Settings\Thomas\Application Data\Yahoo!
NoLop! Log by Skate_Punk_21
Please Note: any existing old logs will have now been renamed to NoLop!OLD.log
Fix running from: E:\Documents and Settings\Elizabeth\Desktop
[13/10/2008]
[5:10:52 PM]
---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.
---Listing AppData sub directories---
E:\Documents and Settings\Administrator\Application Data\Microsoft
E:\Documents and Settings\All Users\Application Data\Adobe
E:\Documents and Settings\All Users\Application Data\Apple
E:\Documents and Settings\All Users\Application Data\Apple Computer
E:\Documents and Settings\All Users\Application Data\Avg7
E:\Documents and Settings\All Users\Application Data\Avg8
E:\Documents and Settings\All Users\Application Data\Book Slow Axis Web
E:\Documents and Settings\All Users\Application Data\Grisoft
E:\Documents and Settings\All Users\Application Data\Kodak
E:\Documents and Settings\All Users\Application Data\Lavasoft
E:\Documents and Settings\All Users\Application Data\Messenger Plus!
E:\Documents and Settings\All Users\Application Data\Microsoft
E:\Documents and Settings\All Users\Application Data\Msn6
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
E:\Documents and Settings\All Users\Application Data\Udl
E:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
E:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
E:\Documents and Settings\All Users\Application Data\Winzip
E:\Documents and Settings\All Users\Application Data\Wlinstaller
E:\Documents and Settings\All Users\Application Data\Yahoo!
E:\Documents and Settings\All Users\Application Data\Yahoo! Companion
E:\Documents and Settings\All Users\Application Data\Zoombrowser -- EMPTY Directory
E:\Documents and Settings\Default User\Application Data\Microsoft
E:\Documents and Settings\Elizabeth\Application Data\Adobe
E:\Documents and Settings\Elizabeth\Application Data\Adobeaum
E:\Documents and Settings\Elizabeth\Application Data\Adobeum
E:\Documents and Settings\Elizabeth\Application Data\Apple Computer
E:\Documents and Settings\Elizabeth\Application Data\Arcsoft
E:\Documents and Settings\Elizabeth\Application Data\Avgtoolbar
E:\Documents and Settings\Elizabeth\Application Data\Dvdcss
E:\Documents and Settings\Elizabeth\Application Data\Epson
E:\Documents and Settings\Elizabeth\Application Data\Help -- EMPTY Directory
E:\Documents and Settings\Elizabeth\Application Data\Identities
E:\Documents and Settings\Elizabeth\Application Data\Inside Play
E:\Documents and Settings\Elizabeth\Application Data\Installshield
E:\Documents and Settings\Elizabeth\Application Data\Lavasoft
E:\Documents and Settings\Elizabeth\Application Data\Leadertech
E:\Documents and Settings\Elizabeth\Application Data\Macromedia
E:\Documents and Settings\Elizabeth\Application Data\Microsoft
E:\Documents and Settings\Elizabeth\Application Data\Mozilla
E:\Documents and Settings\Elizabeth\Application Data\Msn6
E:\Documents and Settings\Elizabeth\Application Data\Openoffice.org2
E:\Documents and Settings\Elizabeth\Application Data\Pc Suite
E:\Documents and Settings\Elizabeth\Application Data\Skinux -- EMPTY Directory
E:\Documents and Settings\Elizabeth\Application Data\Smart Panel
E:\Documents and Settings\Elizabeth\Application Data\Sony Corporation
E:\Documents and Settings\Elizabeth\Application Data\Sun
E:\Documents and Settings\Elizabeth\Application Data\Vlc
E:\Documents and Settings\Elizabeth\Application Data\Winrar -- EMPTY Directory
E:\Documents and Settings\Elizabeth\Application Data\Yahoo!
E:\Documents and Settings\Elizabeth\Application Data\Zoombrowser Ex
E:\Documents and Settings\Jonathan\Application Data\Adobe
E:\Documents and Settings\Jonathan\Application Data\Adobeaum
E:\Documents and Settings\Jonathan\Application Data\Adobeum
E:\Documents and Settings\Jonathan\Application Data\Avgtoolbar
E:\Documents and Settings\Jonathan\Application Data\Dvdcss
E:\Documents and Settings\Jonathan\Application Data\Help -- EMPTY Directory
E:\Documents and Settings\Jonathan\Application Data\Identities
E:\Documents and Settings\Jonathan\Application Data\Inside Play
E:\Documents and Settings\Jonathan\Application Data\Leadertech
E:\Documents and Settings\Jonathan\Application Data\Macromedia
E:\Documents and Settings\Jonathan\Application Data\Microsoft
E:\Documents and Settings\Jonathan\Application Data\Mozilla
E:\Documents and Settings\Jonathan\Application Data\Pc Suite
E:\Documents and Settings\Jonathan\Application Data\Skinux -- EMPTY Directory
E:\Documents and Settings\Jonathan\Application Data\Sun
E:\Documents and Settings\Jonathan\Application Data\Vlc
E:\Documents and Settings\Jonathan\Application Data\Yahoo!
E:\Documents and Settings\Localservice\Application Data\Microsoft
E:\Documents and Settings\Networkservice\Application Data\Microsoft
E:\Documents and Settings\Thomas\Application Data\Adobe
E:\Documents and Settings\Thomas\Application Data\Apple Computer
E:\Documents and Settings\Thomas\Application Data\Arcsoft
E:\Documents and Settings\Thomas\Application Data\Avg7
E:\Documents and Settings\Thomas\Application Data\Avgtoolbar
E:\Documents and Settings\Thomas\Application Data\Dvdcss
E:\Documents and Settings\Thomas\Application Data\Epson
E:\Documents and Settings\Thomas\Application Data\Help -- EMPTY Directory
E:\Documents and Settings\Thomas\Application Data\Identities
E:\Documents and Settings\Thomas\Application Data\Inside Play
E:\Documents and Settings\Thomas\Application Data\Leadertech
E:\Documents and Settings\Thomas\Application Data\Macromedia
E:\Documents and Settings\Thomas\Application Data\Microsoft
E:\Documents and Settings\Thomas\Application Data\Mozilla
E:\Documents and Settings\Thomas\Application Data\Nokia
E:\Documents and Settings\Thomas\Application Data\Pc Suite
E:\Documents and Settings\Thomas\Application Data\Skinux -- EMPTY Directory
E:\Documents and Settings\Thomas\Application Data\Smart Panel
E:\Documents and Settings\Thomas\Application Data\Sun
E:\Documents and Settings\Thomas\Application Data\Vlc
E:\Documents and Settings\Thomas\Application Data\Winrar -- EMPTY Directory
E:\Documents and Settings\Thomas\Application Data\Yahoo!
I think I did everything right and here are the results. I've had Firefox open for a few minutes and no popups! Whoops, spoke too soon. I just got one, but only after several minutes & another after a few more minutes. So things are getting better. And no more after about 10 minutes!
In step 6) was it just the Poke.exe I was supposed to delete? I found it and deleted it.
Should I go through the process again? You were right, it does take a long time to fix but luckily I had a day off today.
Would you advise me to get a better anti-virus system than the free AVG?
Thanks
Electra
Malwarebytes' Anti-Malware 1.28
Database version: 1267
Windows 5.1.2600 Service Pack 3
14/10/2008 5:02:55 PM
mbam-log-2008-10-14 (17-02-55).txt
Scan type: Full Scan (E:\|)
Objects scanned: 157646
Time elapsed: 2 hour(s), 37 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:05 PM, on 14/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
E:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Canon\CAL\CALMAIN.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
E:\Program Files\OpenOffice.org 2.1\program\soffice.exe
E:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Epson RX-630] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P12 "Epson RX-630" /O5 "LPT1:" /M "Stylus Photo RX630"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DataLayer] E:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Cornmove] E:\DOCUME~1\ELIZAB~1\APPLIC~1\INSIDE~1\Sect Poke.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-220523388-796845957-839522115-1004\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'Jonathan')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = E:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = E:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://E:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?bfeea8ed12f6439a9658600dd8e2da9b
O8 - Extra context menu item: Open in new foreground tab - res://E:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?bfeea8ed12f6439a9658600dd8e2da9b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
--
End of file - 11409 bytes
pskelley
2008-10-14, 11:22
Thanks for the NoLop log, you asked:
In step 6) was it just the Poke.exe I was supposed to delete? I found it and deleted it.
I said: Navigate to the folder in red and delete it and it's contents.
E:\DOCUMENTS AND SETTING~1\ELIZABETH~1\APPLICATION DATA~1\INSIDE~1\Sect Poke.exe <<< that file is bad and was in the folder. The file will be delete with the folder: INSIDE~1 <<< there may be more to the name but that is alll I can see from here. Be sure that complete folder is deleted.
In the NoLop log I can now see this:
E:\Documents and Settings\All Users\Application Data\Book Slow Axis Web <<< delete that folder and anything in it.
E:\Documents and Settings\All Users\Application Data\Messenger Plus! <<< this is the junk that brought this infection, while it is not the infection, there is no way I would allow that junk on any computer I own...your call.
The HJT log looks fine, follow the directions to delete the Book Slow Axis Web folder then let me know how the computer is running.
AVG 8 Free: I use it myself, it is good freeware program. I personally do not allow a daily scan and run it when needed, but do allow it to update daily. Once in while during intense update periods, the download will fail, just wait until everyone else is done and make sure nothing else is downloading at the same time. Here is a good tutorial a friend sent, if you can use it.
How to Install Free version AVG 8.0 without LinkScanner feature
http://russelltexas.com/tutorials/avg8install.htm
Thanks
Hi
I just logged on here before going to bed to let you know I was working on the computer for a couple of hours this evening with no popups. (we've created a new website for my scout group & I have to upload photos and stuff to get it running asap, so your help is appreciated not only by me but Ryde Scout Group, Sydney).
I'll try and fix the other stuff tomorrow when I get home from work.
Thanks
Elizabeth
Hi
I've deleted Inside, Book Slow Axis Web and Messenger Plus and all seems to be working fine - no popups.
Thanks
Electra
pskelley
2008-10-15, 11:40
Sounds good, update AVG and scan the computer. Let me know if it finds anything.
I would also like a look at your uninstall list, like this:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
I'll post this information for you now so you can benefit from it.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
http://users.telenet.be/bluepatchy/miekiemoes/Links.html
AVG had just finished a scan when I came back to the computer and before I'd updated and it did find some stuff. 13 warnings. It won't let me copy but here's a rundown (hope you can make sense of it, I had to type it) I haven't deleted anything in case you have questions:
Documents and Settings\Elizabeth\Cookies\elizabeth@ad.yieldmanager[2].txt
" " " \ " txt:\ad.yieldmanager.com539b0606
8a47878
b68f2b7b
e762f029
ff92306
Documents and Settings\Elizabeth\Cookies\elizabeth@msnportal.112.2o7[1].txt
" " " " " txt:\msnportal.112.2o7.net.7225be6f
D& S\E...\Cookies\msnportal.112.2o7[2].txt
" txt:\msnportal.112.2o7.net.7225be6f
D&S\E...\Cookies\eliz...@revsci[2]txt
txt:\revsci.net.2df99d79
txt:\revsci.net.444927ec
All listed as potentially dangerous object
I have to go to bed soon so can't wait for it to scan again as it took a couple of hours but can do as soon as I get home tomorrow.
Uninstall List: (I'm sure there's stuff I can remove but am hesitant to do so withoug advice and am confident that you'll advise me)
Thanks again, and thanks for all the useful links
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Apex MOV Converter 5.85
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite 2.1
AVG Free 8.0
Canon Camera Access Library
Canon Camera Support Core Library
Canon Digital Camera Solution Disk 34 Software Starter Guide
Canon Direct Print User Guide
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon PowerShot A470 Camera User Guide
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCScore
Compatibility Pack for the 2007 Office system
EPSON CardMonitor
EPSON Copy Utility 3
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON Web-To-Page
ESPRX630 Series Reference Guide
ESPRX630 Software Guide
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LeechFTP
Malwarebytes' Anti-Malware
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero Suite
netbrdg
Nokia Connectivity Cable Driver
Nokia Multimedia Factory
Nokia PC Suite
Norton Security Scan
Norton Security Scan (Symantec Corporation)
novaPDF Printer Lite 3.3
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
OfotoXMI
OpenOffice.org 2.1
PhotoImpression 5
Picasa 2
PIF DESIGNER2.1
QuickTime
ScanToWeb
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
SFR
SHASTA
skin0001
SKINXSDK
Smart Menus (Windows Live Toolbar)
Sony Picture Utility
SoundMAX
Spybot - Search & Destroy
staticcr
Tabbed Browsing (Windows Live Toolbar)
tooltips
Total Annihilation
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VideoLAN VLC media player 0.8.6a
VPRINTOL
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.1
WIRELESS
Yahoo! ¤u¨ã¦C
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
pskelley
2008-10-15, 13:55
You need to update the program and scan, then delete or quarantine anything AVG finds. It looks like what you posted are cookies. If you want to control cookies, look at this information:
http://www.mvps.org/winhelp2002/cookies.htm
http://www.microsoft.com/windows/ie/using/howto/privacy/config.mspx
Cookies are part of doing business on the internet and some are necessary for security, passwords, etc. but many are not needed and can be controlled with that information.
Here is some information about AVG that will help:
FAQ: http://www.avg.com/faq
AVG Free Forum: http://freeforum.avg.com/
Uninstall list: I am looking for malware and security issues only.
Adobe Reader 8.1.2 <<< out of date and being exploited by hackers
http://www.filehippo.com/download_adobe_reader/
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
See this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Uninstall all of those older versions.
You understand that since kids stopped playing online pranks and organized crime moved in, if you are going to own a computer and you are going to take it online, you must make sure it is secure.
From what I can see, it is likely programs I do not know are out of date also.
Here is a small free tool that lets you know when something needs an update if you are interested: https://psi.secunia.com/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.
This will give you a bit of an idea of what is happening online now.
http://news.cnet.com/8301-1009_3-9992897-83.html
http://www.youtube.com/watch?v=zBUZHiKhsog
http://en.wikipedia.org/wiki/Russian_Business_Network
http://rbnexploit.blogspot.com/
http://en.wikipedia.org/wiki/Vundo_trojan
Infected websites are the next internet security threats
http://www.google.com/search?hl=en&q=infected+websites&btnG=Google+Search
http://news.cnet.com/8301-1009_3-10004970-83.html?tag=nl.e703
Safe surfing:ninja:
Hi again
I've updated AVG and it's currently scanning & when complete I'll remove what it finds. I've looked at the cookie options on Firefox and IE and changed some of the settings. I've unistalled the things you told me to; I've installed and run Secunia and it's found some programs that need updating, so I'm downloading the updates now. I'll leave it in the tray to run automatically because if I don't, I'll forget about it and not run it.
I've been reading about what's happening online recently in our newspapers; I'll also have a look at the websites you've listed.
I think my computer must be completely patched up by now?
Do I have to re-enable TeaTimer and change the settings back that we changed earlier? I'll need your help with that again.
I'm so grateful to you and your team at SpyBot - are you all volunteers too? I think I read that somewhere on your site.
Thanks
Electra (Elizabeth)
pskelley
2008-10-16, 12:06
Hi Elizabeth, sounds good, make sure you read the information from experts, they will have additional suggestions to help harden your security. I can only speak for the helpers in the Malware Forum, they are all volunteers. You may enable TeaTimer if you run it and reverse the instructions for hidden files and folders if you wish. I leave mine unhidden all of the time, but I am the only one with access to the computer.
Cheers...Phil:)
Many thanks for all your help Phil. Without volunteers (I'm a volunteer in scouts) the world wouldn't be so much fun.
I'm reading the articles from the experts and have more insight and information now.
Did you know there's a group on Facebook "I Love SpyBot"?
Kind regards
Elizabeth