Endless popups by Spybot.

administrator · Feb 28, 2007

Endless popups by Spybot.

It displays "Value deleted" (or in german "Wert gelöscht") all the time.
Category: Browser Helper Object.
The deny-Button (in german language "Verweigern") is grey and not klick-able.
If i just close the little Tea-Timer poup it comes up again. Even if i mark the Point "Remember this decision" (in german "Merke diese Entscheidung")
I have done a full system scan with my antivirus Programm named NOD32. No viruses found.

Running Spybot 1.4 with 2007-02-21 update on Windows XP (Build: 2600) Service Pack 2.
Is it necessary to poste the whole "Search result list"? It is really big.
congratulation!: No Spyware was found. (german message: "Gratulation!: Es wurden keine Spione gefunden.")

Sould i download RunAlyzer or RegAlyzer to check someting specific?

It is no problem to wait some days till i get an answer here. I really like your free helpfully work.
I alread read "BEFORE you POST" ... I hope, it is nothing wrong with my post!
I did not found any matchable Problem-Post of someone else in this forum. Is there still a post?

Finally i hope you excuse my "german-english"

Yours, Admin.

administrator · Feb 28, 2007

I checked a little bit.
The entry is the same on every Spybot-popup.

Entry (in german "Eintrag"): {53707962-6F74-2D53-2644-206D7942484F}

I found the value in my registry. (german os)

Arbeitsplatz
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Ext
Stats
{53707962-6F74-2D53-2644-206D7942484F}

There also is an sub-folder in the "{53707962-6F74-2D53-2644-206D7942484F}" folder.
The subfolder is named "iexplore". This subfolder contains the follwing:

(Standard) -- REG_SZ -- (Wert nicht gesetzt)
Count -- REG_DWORD -- 0x00000586 (1414)
Time -- REG_BINARY -- d7 07 02 00 02 00 1b 00 14 00 01 00 18 00 77 01
Type -- REG_DWORD -- 0x00000003 (3)

... may this inforation will help somebody to help me.
I just want to know my system clean and help to improve SpyBot S&D.

Yours, Admin.

administrator · Mar 1, 2007

Tonight i turned my computer off. This morning the popups have stopped.
No more Spybot-Popups. But i do not think that the problem now is solved.
I remember a few weeks ago - there was the same Problem on my PC.
... nearby: my Taskmanager looks strange since a longer time.

Now i done a HiJackThis Check:

Logfile of HijackThis v1.99.1
Scan saved at 11:23:44, on 01.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
D:\Programme 2\nod\nod32krn.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcIp.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcLog.exe
C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nTrayFw.exe
D:\programme 2\powerstrip\pstrip.exe
D:\Programme 2\PowerDVD\PDVDServ.exe
D:\Programme 2\nod\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme 2\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
E:\Temp0\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://metager2.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://localhost:3476/cgi-bin/ncgir.exe?ONAMX=menu/index.html&DNAMX=ncgir.exe?html/fire_profile.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme 2\pdf\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nTrayFw.exe
O4 - HKLM\..\Run: [PowerStrip] d:\programme 2\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Programme 2\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Programme 2\nod\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme 2\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerStrip.lnk = D:\Programme 2\PowerStrip\pstrip.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - element5 - C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programme 2\nod\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcLog.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe

The reg-Key is in the HiJackThis - Log. Should i delete it?

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

Mr_JAk3 · Mar 10, 2007

Hello administrator and sorry for the long wait...

I noticed your post in the waiting room.

Please post a fresh HijackThis log to here :bigthumb:

administrator · Mar 17, 2007

:bigthumb:

Logfile of HijackThis v1.99.1
Scan saved at 15:17:39, on 17.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
D:\Programme 2\nod\nod32krn.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcIp.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcLog.exe
C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nTrayFw.exe
D:\programme 2\powerstrip\pstrip.exe
D:\Programme 2\PowerDVD\PDVDServ.exe
D:\Programme 2\nod\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme 2\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
E:\Temp0\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://metager2.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://localhost:3476/cgi-bin/ncgir.exe?ONAMX=menu/index.html&DNAMX=ncgir.exe?html/fire_profile.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme 2\pdf\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nTrayFw.exe
O4 - HKLM\..\Run: [PowerStrip] d:\programme 2\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Programme 2\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Programme 2\nod\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme 2\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerStrip.lnk = D:\Programme 2\PowerStrip\pstrip.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - element5 - C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programme 2\nod\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcLog.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe

Mr_JAk3 · Mar 17, 2007

Ok nothing fishy in the HijackThis log...

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
  Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

administrator · Mar 19, 2007

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 19, 2007 12:43:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/03/2007
Kaspersky Anti-Virus database records: 283007
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 61919
Number of viruses found: 3
Number of infected objects: 22 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:56:57

Infected Object Name / Virus Name / Last Action
C:\Dokumente und Einstellungen\l3b3w3s3n\Cookies\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\Lokale Einstellungen\Temp\~ROMFN_000009C4 Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NLOGCGU7\headlines[1].swf Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\Lokale Einstellungen\Verlauf\History.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\Lokale Einstellungen\Verlauf\History.IE5\MSHist012007031920070320\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\NTUSER.DAT Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\ntuser.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Verlauf\History.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programme\Microsoft SQL Server\80\Tools\Binn\OSQL.EXE Infected: not-a-virus:NetTool.Win32.SQLServ.a skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\app_filter_ui.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Programme 2\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
D:\Programme 2\nod\cache\CACHE.NDB Object is locked skipped
D:\Programme 2\nod\logs\virlog.dat Object is locked skipped
D:\Programme 2\nod\logs\warnlog.dat Object is locked skipped
D:\Programme 2\NVIDIA\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
D:\Programme 2\NVIDIA\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
D:\Programme 2\NVIDIA\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
D:\Programme 2\NVIDIA\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe Inno: infected - 7 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\Temp0\Vegas 6.0\mediamgr\msde\Setup\SqlRun.cab/OSQL.EXE.0C7570D6_6225_4960_B951_4D16DD906838 Infected: not-a-virus:NetTool.Win32.SQLServ.a skipped
E:\Temp0\Vegas 6.0\mediamgr\msde\Setup\SqlRun.cab CAB: infected - 1 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe Inno: infected - 7 skipped
F:\Stuff\Multimedia\Tools, Addons\Messenger, Chat\mirc\mirc617.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
F:\Stuff\Multimedia\Tools, Addons\Messenger, Chat\mirc\mirc617.exe mIRC: infected - 1 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

:spider:

Mr_JAk3 · Mar 19, 2007

Code:

E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe Inno: infected - 7 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe Inno: infected - 7 skipped

Grrrh, you should read this post about P2P -> Link

Otherwise nothing bad there...

Still getting popups ?

tashi · Mar 28, 2007

Glad we could help, as the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.

Thank you Mr_JAk3.

Endless popups by Spybot.

administrator

Banned

administrator

Banned

administrator

Banned

Mr_JAk3

Security Expert-Emeritus

administrator

Banned

Mr_JAk3

Security Expert-Emeritus

administrator

Banned

Mr_JAk3

Security Expert-Emeritus

tashi

Member of Team Spybot