Excessive IE pop-ups... specific malware uncertain

Posted 7/10/2007 6:50 PM
#50236
User avatar

Qbert Member

Date Joined Nov 2016
Total Posts: 6
Hi Touch, <br/> <br/> <br/>I've recently been experiencing excessive pop-ups on IE. I followed several of the instructions you suggested to another poster (Jony) minus the specific file deletions, and the pop-ups stopped, only to return the next day. I would really appreciate your help on this one. Thanks in advance. <br/> <br/> <br/> <br/>My logs: <br/> <br/> <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 11:57:44 AM, on 7/10/2007 <br/>Platform: Windows 2000 SP3 (WinNT 5.00.2195) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\System32\ibmpmsvc.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\LEXBCES.EXE <br/>C:\WINDOWS\system32\LEXPPS.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>C:\WINDOWS\system32\hidserv.exe <br/>C:\WINDOWS\system32\regsvc.exe <br/>C:\WINDOWS\system32\MSTask.exe <br/>C:\WINDOWS\system32\stisvc.exe <br/>C:\WINDOWS\System32\WBEM\WinMgmt.exe <br/>C:\WINDOWS\System32\MsPMSPSv.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\System32\tp4mon.exe <br/>C:\WINDOWS\LTSMMSG.exe <br/>C:\WINDOWS\AGRSMMSG.exe <br/>C:\WINDOWS\System32\AEIWLSTA.EXE <br/>C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe <br/>C:\Program Files\Lexmark X74-X75\lxbbbmon.exe <br/>C:\Program Files\Aladdin Systems\Internet Cleanup\NetBlockadeMonitor.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe <br/>C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe <br/>C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe <br/>C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe <br/>C:\PROGRA~1\SSTEM~1\alg.exe <br/>C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe <br/>C:\WINDOWS\System32\wuauclt.exe <br/>C:\Program Files\Internet Explorer\IEXPLORE.EXE <br/>C:\WINDOWS\NOTEPAD.EXE <br/>C:\Documents and Settings\a\Local Settings\Temporary Internet Files\Content.IE5\SD2FO1QZ\alternativ[1].exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com[/url] <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html[/url] <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm <br/>O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/>O2 - BHO: ICHlprObj Class - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\PROGRA~1\ALADDI~1\INTERN~1\ic3hlpr.dll <br/>O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRA~1\ALADDI~1\INTERN~1\PopFiltr.dll <br/>O2 - BHO: (no name) - {476E39F8-A760-84CC-1A67-838DBE2785C8} - C:\WINDOWS\System32\qge.dll <br/>O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll (file missing) <br/>O2 - BHO: (no name) - {F7A8F969-83E3-4503-8879-C01706D47990} - C:\WINDOWS\System32\xxwwt.dll (file missing) <br/>O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O4 - HKLM\..\Run: [trackPointSrv] tp4mon.exe <br/>O4 - HKLM\..\Run: [SystemTray] SysTray.Exe <br/>O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon <br/>O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe <br/>O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe <br/>O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe <br/>O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe <br/>O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START <br/>O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe <br/>O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" <br/>O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832213329D26033AAC <br/>O4 - HKLM\..\Run: [WinFSG] "C:\Program Files\Aladdin Systems\Internet Cleanup\MSFG.exe" <br/>O4 - HKLM\..\Run: [NBMonitor] "C:\Program Files\Aladdin Systems\Internet Cleanup\NetBlockadeMonitor.exe" <br/>O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized <br/>O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet <br/>O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe" -boot <br/>O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe <br/>O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc <br/>O4 - HKCU\..\Run: [Updn] "C:\PROGRA~1\SSTEM~1\alg.exe" -vt yazb <br/>O4 - HKCU\..\Run: [Yrti] "C:\Documents and Settings\a\Application Data\s?stem32\n?pdb.exe" <br/>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <br/>O8 - Extra context menu item: &Yahoo! Search - http://www.gmer.netRootkit scan 2007-07-09 12:30:54 <br/>Windows 5.0.2195 Service Pack 3 <br/>scanning hidden processes ... <br/> <br/>scanning hidden services ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>hidden processes: 0 <br/>hidden services: 0 <br/>hidden files: 0
Posted 7/10/2007 7:13 PM
#50238
User avatar

Qbert Member

Date Joined Nov 2016
Total Posts: 6
Almost forgot my Combofix log :-) : <br/> <br/> <br/>"a" - 07/10/2007 15:02:03 - ComboFix 07-07-10.1 - Service Pack 3 [color=red]FAT32 [/color] <br/> <br/> <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/> <br/> <br/>C:\DOCUME~1\a\APPLIC~1.\sstem3~1 <br/>C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe <br/>C:\Program Files\Common Files\ymante~1 <br/>C:\Program Files\outerinfo <br/>C:\Program Files\outerinfo\Terms.rtf <br/>C:\Program Files\poolsv <br/>C:\Program Files\poolsv\wr-1-0000077.exe <br/>C:\Program Files\poolsv\YazzleBundle-1549.exe <br/>C:\Program Files\sstem~1 <br/>C:\Program Files\sstem~1\alg.exe <br/>C:\Program Files\svhost <br/>C:\Program Files\svhost\wr-1-0000077.exe <br/>C:\setup.exe <br/>C:\temp\0b9 <br/>C:\temp\0b9\tmpTF.log <br/>C:\temp\iee <br/>C:\temp\iee\tmpZTF.log <br/>C:\temp\tn3 <br/>C:\WINDOWS\cs_cache.ini <br/>C:\WINDOWS\rau001978.exe <br/>C:\WINDOWS\start.exe <br/>C:\WINDOWS\system32\drivers\core.cache.dsk <br/>C:\WINDOWS\system32\drivers\core.sys <br/>C:\WINDOWS\system32\o09PrEz <br/>C:\WINDOWS\system32\qge.dll <br/>C:\WINDOWS\system32\win <br/>C:\WINDOWS\system32\wnscpsv32.exe <br/>C:\WINDOWS\wr.txt <br/> <br/> <br/>((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) <br/> <br/> <br/>-------\LEGACY_CORE <br/>-------\LEGACY_NET_AGENT <br/>-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS <br/>-------\core <br/>-------\Net Agent <br/>-------\nm <br/>-------\Windows Overlay Components <br/> <br/> <br/>((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 ))))))))))))))))))))))))))))))) <br/> <br/> <br/>2007-07-10 15:01 51,200 --a------ C:\WINDOWS\nircmd.exe <br/>2007-07-10 12:16 <DIR> d-------- C:\DOCUME~1\a\DoctorWeb <br/>2007-07-10 10:14 <DIR> d-------- C:\VundoFix Backups <br/>2007-07-09 12:42 218,112 --a------ C:\alternativ.exe <br/>2007-07-09 11:26 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys <br/>2007-07-09 11:12 <DIR> d-------- C:\Program Files\CCleaner <br/>2007-07-09 11:08 1,853,982 ---hs---- C:\WINDOWS\SYSTEM32\twwxx.bak2 <br/>2007-07-02 17:11 1,844,234 ---hs---- C:\WINDOWS\SYSTEM32\twwxx.bak1 <br/>2007-07-02 17:01 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Aladdin Systems <br/>2007-07-02 15:51 <DIR> d-------- C:\DOCUME~1\a\APPLIC~1\Aladdin Systems <br/>2007-07-02 14:17 8,190 --a------ C:\WINDOWS\b122.exe.bin <br/>2007-07-02 14:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\F9 <br/>2007-07-02 14:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\F5 <br/>2007-07-02 14:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\F4 <br/>2007-07-02 14:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\F3 <br/>2007-07-02 14:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\F2 <br/>2007-07-02 14:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\F1 <br/>2007-06-23 14:07 <DIR> d-------- C:\DOCUME~1\a\APPLIC~1\Steinberg <br/> <br/> <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/> <br/> <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/> <br/> <br/>*Note* empty entries & legit default entries are not shown <br/> <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] <br/>05-11-21 15:54 399424 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/> <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] <br/>01-03-02 12:02 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/> <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f0c8547-2639-4c91-b8aa-c7eca24c3163}] <br/>04-07-21 17:41 110592 --a------ C:\PROGRA~1\ALADDI~1\INTERN~1\ic3hlpr.dll <br/> <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F2E844B-8211-46ff-8262-772F03295CF4}] <br/>04-06-15 11:03 49152 --a------ C:\PROGRA~1\ALADDI~1\INTERN~1\PopFiltr.dll <br/> <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7A8F969-83E3-4503-8879-C01706D47990}] <br/> C:\WINDOWS\System32\xxwwt.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"TrackPointSrv"="tp4mon.exe" [99-11-30 23:40 C:\WINDOWS\SYSTEM32\tp4mon.exe] <br/>"SystemTray"="SysTray.Exe" [02-07-24 12:00 C:\WINDOWS\SYSTEM32\systray.exe] <br/>"Synchronization Manager"="mobsync.exe" [02-07-24 12:00 C:\WINDOWS\SYSTEM32\mobsync.exe] <br/>"LTSMMSG"="LTSMMSG.exe" [01-08-02 22:28 C:\WINDOWS\LTSMMSG.exe] <br/>"AGRSMMSG"="AGRSMMSG.exe" [06-03-14 12:58 C:\WINDOWS\AGRSMMSG.exe] <br/>"AEIWLSTA.EXE"="AEIWLSTA.exe" [06-03-14 12:58 C:\WINDOWS\SYSTEM32\AEIWLSTA.exe] <br/>"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [04-10-14 10:17 ] <br/>"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06-04-01 23:46 ] <br/>"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [04-10-27 16:07 ] <br/>"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-05-27 20:04 ] <br/>"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [02-10-14 12:09 ] <br/>"WinFSG"="C:\Program Files\Aladdin Systems\Internet Cleanup\MSFG.exe" [04-07-19 11:58 ] <br/>"NBMonitor"="C:\Program Files\Aladdin Systems\Internet Cleanup\NetBlockadeMonitor.exe" [04-10-29 11:06 ] <br/>"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-06-11 02:25 ] <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [05-12-08 13:55 ] <br/>"BullGuard 5.0"="C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe" [06-04-19 20:30 ] <br/>"InstantTray"="C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [04-09-02 10:37 ] <br/>"IW_Drop_Icon"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [04-07-30 15:10 ] <br/>"Updn"="C:\PROGRA~1\SSTEM~1\alg.exe" [] <br/>"Yrti"="C:\Documents and Settings\a\Application Data\s?stem32\n?pdb.exe" [] <br/> <br/>[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] <br/>"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <br/>"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [07-05-30 05:29 ] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxwwt] <br/>C:\WINDOWS\System32\xxwwt.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyaaa] <br/>xxyyaaa.dll <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] <br/> <br/>*Newly Created Service* - IPNAT <br/>*Newly Created Service* - RASAUTO <br/>*Newly Created Service* - SHAREDACCESS <br/> <br/>Contents of the 'Scheduled Tasks' folder <br/>2007-04-08 06:00:02 C:\WINDOWS\tasks\Tune-up Application Start.job <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2007-07-10 15:06:11 <br/>Windows 5.0.2195 Service Pack 3 FAT NTAPI <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/> <br/>Completion time: 2007-07-10 15:07:55 - machine was rebooted <br/>C:\ComboFix-quarantined-files.txt ... 07-07-10 15:07 <br/> <br/> --- E O F ---
Posted 7/11/2007 5:13 AM
#50251
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello :smile: <br/> <br/> <br/> <br/> <br/> <br/><H3 style="BACKGROUND: white; MARGIN: 1.5pt 0cm 1.5pt 39.7pt; TEXT-INDENT: -18pt; mso-list: l0 level1 lfo9; tab-stops: list 39.7pt"><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 10.0pt; mso-ansi-language: EN">1.<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 10.0pt; mso-ansi-language: EN">Download AVG Anti-Virus Free Edition<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></H3> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">2.<SPAN style="FONT: 7pt 'Times New Roman'"> AVG Free Anti-Virus can be downloaded from the <SPAN style="COLOR: red">AVG website<SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">.<SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN"><o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">3.<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">Scroll down the page and click Download Free Version. Under the Windows section, click to download the file under AVG Free for Windows installation files. Click OK to save the file to your PC.<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">4.<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">Double-click the file you downloaded, and click Next on the welcome screen. Click Accept to agree to the License Agreement. Choose Standard Installation then click Next.<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">5.<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">A window will now pop-up if there are any available updates. Click Update to download them. AVG will download and automatically install any updates. Click OK when finished.<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">6.<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">Back on the First Run window, click Next to proceed. Leave the Daily Scanning settings as they are and click Next.<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">7.<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">You now have the option to perform a scan to test your computer for viruses. <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">8.<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">Click Scan computer! <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN"> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 9.5pt; mso-ansi-language: EN">Reboot, post new hijackthis log<o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/12/2007 3:55 PM
#50325
User avatar

Qbert Member

Date Joined Nov 2016
Total Posts: 6
The pop-ups have stopped, but AVG still detected and removed 3 trojans. <br/> <br/>Here is my new hjt. log: <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 11:53:38 AM, on 7/12/2007 <br/>Platform: Windows 2000 SP3 (WinNT 5.00.2195) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\System32\ibmpmsvc.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\LEXBCES.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\system32\LEXPPS.EXE <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgemc.exe <br/>C:\WINDOWS\system32\hidserv.exe <br/>C:\WINDOWS\system32\regsvc.exe <br/>C:\WINDOWS\system32\MSTask.exe <br/>C:\WINDOWS\system32\stisvc.exe <br/>C:\WINDOWS\System32\WBEM\WinMgmt.exe <br/>C:\WINDOWS\System32\MsPMSPSv.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\System32\tp4mon.exe <br/>C:\WINDOWS\LTSMMSG.exe <br/>C:\WINDOWS\AGRSMMSG.exe <br/>C:\WINDOWS\System32\AEIWLSTA.EXE <br/>C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe <br/>C:\Program Files\Lexmark X74-X75\lxbbbmon.exe <br/>C:\Program Files\Aladdin Systems\Internet Cleanup\NetBlockadeMonitor.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgcc.exe <br/>C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe <br/>C:\WINDOWS\System32\wuauclt.exe <br/>C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe <br/>C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe <br/>C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe <br/>C:\Program Files\Internet Explorer\IEXPLORE.EXE <br/>C:\Documents and Settings\a\Local Settings\Temporary Internet Files\Content.IE5\W3IBS18N\alternativ[1].exe <br/> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html[/url] <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm <br/>O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/>O2 - BHO: ICHlprObj Class - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\PROGRA~1\ALADDI~1\INTERN~1\ic3hlpr.dll <br/>O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRA~1\ALADDI~1\INTERN~1\PopFiltr.dll <br/>O2 - BHO: (no name) - {F7A8F969-83E3-4503-8879-C01706D47990} - C:\WINDOWS\System32\xxwwt.dll (file missing) <br/>O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe <br/>O4 - HKLM\..\Run: [SystemTray] SysTray.Exe <br/>O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon <br/>O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe <br/>O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe <br/>O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START <br/>O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" <br/>O4 - HKLM\..\Run: [WinFSG] "C:\Program Files\Aladdin Systems\Internet Cleanup\MSFG.exe" <br/>O4 - HKLM\..\Run: [NBMonitor] "C:\Program Files\Aladdin Systems\Internet Cleanup\NetBlockadeMonitor.exe" <br/>O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized <br/>O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP <br/>O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet <br/>O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe" -boot <br/>O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe <br/>O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc <br/>O4 - HKCU\..\Run: [Updn] "C:\PROGRA~1\SSTEM~1\alg.exe" -vt yazb <br/>O4 - HKCU\..\Run: [Yrti] "C:\Documents and Settings\a\Application Data\s?stem32\n?pdb.exe" <br/>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <br/>O8 - Extra context menu item: &Yahoo! Search - <a target="_blank" href="file:///C:\Program">file:///C:\Program</A> Files\Yahoo!\Common/ycsrch.htm <br/>O8 - Extra context menu item: Yahoo! &Dictionary - <a target="_blank" href="file:///C:\Program">file:///C:\Program</A> Files\Yahoo!\Common/ycdict.htm <br/>O8 - Extra context menu item: Yahoo! &Maps - <a target="_blank" href="file:///C:\Program">file:///C:\Program</A> Files\Yahoo!\Common/ycmap.htm <br/>O8 - Extra context menu item: Yahoo! &SMS - <a target="_blank" href="file:///C:\Program">file:///C:\Program</A> Files\Yahoo!\Common/ycsms.htm <br/>O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll <br/>O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll <br/>O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesus.dll <br/>O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesus.dll <br/>O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) <br/>O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll <br/>O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll <br/>O20 - Winlogon Notify: xxwwt - C:\WINDOWS\System32\xxwwt.dll (file missing) <br/>O20 - Winlogon Notify: xxyyaaa - xxyyaaa.dll (file missing) <br/>O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe <br/>O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe <br/>O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe <br/>O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe <br/>O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe <br/>O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE <br/> <br/><br /><br />
Posted 7/12/2007 5:34 PM
#50332
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Right. I can see the infections - <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Please download free<SPAN style="mso-spacerun: yes"> Trial of Superantispyware<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">[color=#22229c>http://www.superantispyware.com/superantispywarefreevspro.html</FONT>[/b]<o:p></o:p> <br/> <br/> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">close the program<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: #0d2975; FONT-FAMILY: Verdana; mso-ansi-language: EN">Please download ATF Cleaner:<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: #0d2975; FONT-FAMILY: Verdana; mso-ansi-language: EN"><SPAN style="mso-spacerun: yes"> <SPAN style="FONT-SIZE: 9pt; COLOR: #0d2975; FONT-FAMILY: Verdana"><SPAN lang=EN style="COLOR: red; mso-ansi-language: EN">http://www.atribune.org/ccount/click.php?id=1<SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: #0d2975; FONT-FAMILY: Verdana; mso-ansi-language: EN"> by Atribune. <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN">This program is for XP and Windows 2000 only<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Download and install DrWebCureit:<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">[color=#22229c>http://spywareinfo.dk/download/drweb-cureit.exe[/url]<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p></B> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">to your desktop.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB><FONT color=#008000>Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.<o:p></o:p>[/color][/b] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"><SPAN style="COLOR: blue">Reboot to Safe mode<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN">Double click ATF-Cleaner.exe to run the program. <br/>Check the boxes to the left of: <br/>Windows Temp <br/>Current User Temp <br/>All Users Temp <br/>Temporary Internet Files <br/>Prefetch (<SPAN style="COLOR: red">Windows XP) only. <br/>Java Cache<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN">Recycle Bin<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN">NB<SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN">. <SPAN lang=EN style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN">It's normal after running ATF cleaner that the PC will be slower to boot the first time.<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">It will first make a quick scan of your system, let it clean what it find, and when it says "done" <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Click on the green screwdriver-<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select -Delete<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Click on the drive(s) you want to scan . A <SPAN style="COLOR: red">red dot will mark the selected drive(s) . Then hit the <SPAN style="COLOR: green">green<SPAN style="mso-spacerun: yes"> arrow in lower right corner It will now scan your<SPAN style="mso-spacerun: yes"> drive(s), say yes to all<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Save the report to your desktop. The report will be called DrWeb.csv<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Close Dr.Web Cureit.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Reboot your computer<SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">!! Because it could be possible that files in use will be moved/deleted during reboot.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Start Superantispyware.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Hit - Scan Your Computer - button<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">it will scan now. When scan have finished, put a checkmark with<SPAN style="mso-spacerun: yes"> all items it found. Next, after cleaning, allow it to Reboot<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Start Superantispyware again –<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Click Preferences and then click the statistics/logs tab. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Click the dated log and press view log and a text file will appear.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Post this log along with fresh hijackthis log, Dr.Web log and tell how things are running<SPAN style="mso-spacerun: yes"> <SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">?<SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/19/2007 2:46 PM
#50650
User avatar

Qbert Member

Date Joined Nov 2016
Total Posts: 6
Hi Touch, <br/> <br/><br /><br /> <br/>I've been away from my computer, so I didn't get the chance post again. But I'm back :smile: ! <br/> <br/><br /><br /> <br/>Ok, since my last post my computer has been very slow (especially at start-up). I think it may be because I have an old version of Bullguard that starts automatically at start-up. It even overrides superanti-spyware. I've tried to remove it several times, but it won't because it says that bullguard is "currently running". I disabled all of its features, but it just won't be removed. <br/> <br/>And here are my logs. There was no log or infections found by DrWeb: <br/> <br/><br /><br /> <br/>SUPERAntiSpyware Scan Log <br/>http://www.superantispyware.com <br/> <br/>Generated 07/15/2007 at 00:14 AM <br/> <br/>Application Version : 3.9.1008 <br/> <br/>Core Rules Database Version : 3269 <br/>Trace Rules Database Version: 1280 <br/> <br/>Scan type : Complete Scan <br/>Total Scan Time : 00:50:18 <br/> <br/>Memory items scanned : 394 <br/>Memory threats detected : 0 <br/>Registry items scanned : 4198 <br/>Registry threats detected : 3 <br/>File items scanned : 19424 <br/>File threats detected : 8 <br/> <br/>Trojan.Windows Overlay Components/SysMon <br/> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon <br/> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#DisplayName <br/> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#UninstallString <br/> <br/>Adware.ClickSpring/Outer Info Network <br/> C:\Documents and Settings\a\Start Menu\Programs\Outerinfo\Terms.lnk <br/> C:\Documents and Settings\a\Start Menu\Programs\Outerinfo\Uninstall.lnk <br/> C:\Documents and Settings\a\Start Menu\Programs\Outerinfo <br/> <br/>Adware.ClickSpring/Yazzle <br/> C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1549OINUNINSTALLER.EXE.VIR <br/> C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\POOLSV\YAZZLEBUNDLE-1549.EXE.VIR <br/> <br/>Adware.ClickSpring-Variant <br/> C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\SSTEM~1\ALG.EXE.VIR <br/> <br/>Trojan.Unknown Origin <br/> C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSCPSV32.EXE.VIR <br/> <br/>Adware.ClickSpring/Resident <br/> C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\QGE.DLL.VIR <br/> <br/><br /><br /> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 10:34:08 AM, on 7/19/2007 <br/>Platform: Windows 2000 SP3 (WinNT 5.00.2195) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\System32\ibmpmsvc.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\LEXBCES.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\system32\LEXPPS.EXE <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgemc.exe <br/>C:\WINDOWS\system32\hidserv.exe <br/>C:\WINDOWS\system32\regsvc.exe <br/>C:\WINDOWS\system32\MSTask.exe <br/>C:\WINDOWS\system32\stisvc.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\System32\WBEM\WinMgmt.exe <br/>C:\WINDOWS\System32\MsPMSPSv.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\tp4mon.exe <br/>C:\WINDOWS\LTSMMSG.exe <br/>C:\WINDOWS\AGRSMMSG.exe <br/>C:\WINDOWS\System32\AEIWLSTA.EXE <br/>C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe <br/>C:\Program Files\Lexmark X74-X75\lxbbbmon.exe <br/>C:\Program Files\Aladdin Systems\Internet Cleanup\NetBlockadeMonitor.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgcc.exe <br/>C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe <br/>C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe <br/>C:\WINDOWS\System32\wuauclt.exe <br/>C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe <br/>C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <br/>C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgw.exe <br/>C:\Program Files\Internet Explorer\IEXPLORE.EXE <br/>C:\WINDOWS\system32\NOTEPAD.EXE <br/>C:\Program Files\Real\RealPlayer\RealPlay.exe <br/>C:\Documents and Settings\a\Local Settings\Temporary Internet Files\Content.IE5\H7SRO4MD\alternativ[1].exe <br/> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html[/url] <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm <br/>O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/>O2 - BHO: ICHlprObj Class - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\PROGRA~1\ALADDI~1\INTERN~1\ic3hlpr.dll <br/>O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRA~1\ALADDI~1\INTERN~1\PopFiltr.dll <br/>O2 - BHO: (no name) - {F7A8F969-83E3-4503-8879-C01706D47990} - C:\WINDOWS\System32\xxwwt.dll (file missing) <br/>O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe <br/>O4 - HKLM\..\Run: [SystemTray] SysTray.Exe <br/>O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon <br/>O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe <br/>O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe <br/>O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START <br/>O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" <br/>O4 - HKLM\..\Run: [WinFSG] "C:\Program Files\Aladdin Systems\Internet Cleanup\MSFG.exe" <br/>O4 - HKLM\..\Run: [NBMonitor] "C:\Program Files\Aladdin Systems\Internet Cleanup\NetBlockadeMonitor.exe" <br/>O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized <br/>O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP <br/>O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet <br/>O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe" -boot <br/>O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe <br/>O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc <br/>O4 - HKCU\..\Run: [Updn] "C:\PROGRA~1\SSTEM~1\alg.exe" -vt yazb <br/>O4 - HKCU\..\Run: [Yrti] "C:\Documents and Settings\a\Application Data\s?stem32\n?pdb.exe" <br/>O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <br/>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <br/>O8 - Extra context menu item: &Yahoo! Search - <a target="_blank" href="file:///C:\Program">file:///C:\Program</A> Files\Yahoo!\Common/ycsrch.htm <br/>O8 - Extra context menu item: Yahoo! &Dictionary - <a target="_blank" href="file:///C:\Program">file:///C:\Program</A> Files\Yahoo!\Common/ycdict.htm <br/>O8 - Extra context menu item: Yahoo! &Maps - <a target="_blank" href="file:///C:\Program">file:///C:\Program</A> Files\Yahoo!\Common/ycmap.htm <br/>O8 - Extra context menu item: Yahoo! &SMS - <a target="_blank" href="file:///C:\Program">file:///C:\Program</A> Files\Yahoo!\Common/ycsms.htm <br/>O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll <br/>O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll <br/>O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesus.dll <br/>O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesus.dll <br/>O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) <br/>O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll <br/>O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <br/>O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll <br/>O20 - Winlogon Notify: xxwwt - C:\WINDOWS\System32\xxwwt.dll (file missing) <br/>O20 - Winlogon Notify: xxyyaaa - xxyyaaa.dll (file missing) <br/>O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe <br/>O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe <br/>O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe <br/>O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe <br/>O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe <br/>O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Posted 7/20/2007 7:28 AM
#50682
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. We´ll see if We can remove BG manually - <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN">Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT. <br/>Click fix checked:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black">O2 - BHO: (no name) - {F7A8F969-83E3-4503-8879-C01706D47990} - C:\WINDOWS\System32\xxwwt.dll (file missing)<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black">O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe" –boot<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black">O4 - HKCU\..\Run: [Updn] "C:\PROGRA~1\SSTEM~1\alg.exe" -vt yazb <br/>O4 - HKCU\..\Run: [Yrti] "C:\Documents and Settings\a\Application Data\s?stem32\n?pdb.exe"<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black">O20 - Winlogon Notify: xxwwt - C:\WINDOWS\System32\xxwwt.dll (file missing) <br/>O20 - Winlogon Notify: xxyyaaa - xxyyaaa.dll (file missing)<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB>[color=#008000>You]<BR style="mso-special-character: line-break">[/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: teal; FONT-FAMILY: Verdana; mso-bidi-font-size: 10.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Re-start your PC in<SPAN style="mso-spacerun: yes"> <SPAN style="COLOR: black">Safe Mode<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN-GB"> <br/>Delete the following files or folders (delete item in bold). Please do not be concerned if <br/>any of the items are not found as they may have been automatically removed by actions I had <br/>you take earlier in the cleaning process.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN">Delete-<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN"> <o:p></o:p> <br/> <br/><SPAN lang=DE style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: DE"> <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN">Folders: <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">C:\Program Files\BullGuard Software\BullGuard 5.0<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Reboot, post new hijackthis log<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/21/2007 4:09 PM
#50752
User avatar

Qbert Member

Date Joined Nov 2016
Total Posts: 6
Wow, everything seems to be working great. My computer speed has increased, and no more pop-ups; and no BG at startup :smile: . <br/> <br/><br /><br /> <br/>Ok, before i post my hjt I have a few questions. Will the freeware that I was prompted to download be sufficient enough to protect me in the future; or will I need to download or purchase more software when they expire? And also, do I delete the infected files from my "quarantines", or will that unleash them back into my system? <br/> <br/><br /><br /> <br/>I just want to avoid those annoying pop-ups. Although I have learned alot more about my computer during the process. <br/> <br/><br /><br /> <br/>Ok Touch, thanks again for the help. You all provide a great service here. And please never go to the "Dark Side". You would make for quite the adversary :smile: ! <br/> <br/><br /><br /> <br/>And I encourage EVERYONE who reads this to donate to the freeware sites! <br/> <br/><br /><br /> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 11:40:00 AM, on 7/21/2007 <br/>Platform: Windows 2000 SP3 (WinNT 5.00.2195) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\System32\ibmpmsvc.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\LEXBCES.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\system32\LEXPPS.EXE <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgemc.exe <br/>C:\WINDOWS\system32\hidserv.exe <br/>C:\WINDOWS\system32\regsvc.exe <br/>C:\WINDOWS\system32\MSTask.exe <br/>C:\WINDOWS\system32\stisvc.exe <br/>C:\WINDOWS\System32\WBEM\WinMgmt.exe <br/>C:\WINDOWS\System32\MsPMSPSv.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\System32\tp4mon.exe <br/>C:\WINDOWS\LTSMMSG.exe <br/>C:\WINDOWS\AGRSMMSG.exe <br/>C:\WINDOWS\System32\AEIWLSTA.EXE <br/>C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe <br/>C:\Program Files\Lexmark X74-X75\lxbbbmon.exe <br/>C:\Program Files\Aladdin Systems\Internet Cleanup\NetBlockadeMonitor.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe <br/>C:\PROGRA~1\Grisoft\AVG7\avgcc.exe <br/>C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe <br/>C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe <br/>C:\WINDOWS\System32\wuauclt.exe <br/>C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe <br/>C:\Documents and Settings\a\Desktop\Hijackthis program.exe <br/> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html[/url] <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[/url] <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm <br/>O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/>O2 - BHO: ICHlprObj Class - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\PROGRA~1\ALADDI~1\INTERN~1\ic3hlpr.dll <br/>O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRA~1\ALADDI~1\INTERN~1\PopFiltr.dll <br/>O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe <br/>O4 - HKLM\..\Run: [SystemTray] SysTray.Exe <br/>O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon <br/>O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe <br/>O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe <br/>O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START <br/>O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" <br/>O4 - HKLM\..\Run: [WinFSG] "C:\Program Files\Aladdin Systems\Internet Cleanup\MSFG.exe" <br/>O4 - HKLM\..\Run: [NBMonitor] "C:\Program Files\Aladdin Systems\Internet Cleanup\NetBlockadeMonitor.exe" <br/>O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized <br/>O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP <br/>O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet <br/>O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe <br/>O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc <br/>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <br/>O8 - Extra context menu item: &Yahoo! Search - <a target="_blank" href="file:///C:\Program">file:///C:\Program</A> Files\Yahoo!\Common/ycsrch.htm <br/>O8 - Extra context menu item: Yahoo! &Dictionary - <a target="_blank" href="file:///C:\Program">file:///C:\Program</A> Files\Yahoo!\Common/ycdict.htm <br/>O8 - Extra context menu item: Yahoo! &Maps - <a target="_blank" href="file:///C:\Program">file:///C:\Program</A> Files\Yahoo!\Common/ycmap.htm <br/>O8 - Extra context menu item: Yahoo! &SMS - <a target="_blank" href="file:///C:\Program">file:///C:\Program</A> Files\Yahoo!\Common/ycsms.htm <br/>O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll <br/>O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll <br/>O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesus.dll <br/>O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesus.dll <br/>O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) <br/>O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll <br/>O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <br/>O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll <br/>O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe <br/>O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe <br/>O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe <br/>O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe <br/>O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe <br/>O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE <br/> <br/><br /><br /> <br/><br /><br /> <br/><br /><br /> <br/><br /><br /> <br/><br /><br />
Posted 7/23/2007 5:24 AM
#50805
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
That´s good news :smilewinkgrin: <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB; mso-bidi-font-family: 'Times New Roman'">First thing to do is -<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB; mso-bidi-font-family: 'Times New Roman'"> <o:p></o:p> <br/> <br/>Check for Security Updates : <SPAN style="COLOR: blue">Windows Update<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Then download Zone Alarm basic protection Firewall –<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB; mso-bidi-font-family: 'Times New Roman'"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">[color=#22229c>http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=zaskulist_download</FONT>[/url]<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="mso-ansi-language: EN-GB">[3][color=#0000ff>http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html</FONT></A><SPAN] </o:p>[/color]</FONT>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/29/2007 8:48 PM
#51139
User avatar

Qbert Member

Date Joined Nov 2016
Total Posts: 6
Hi Touch, everything is going well as far as there being no more pop-ups on my computer. But my computer has slowed down during start up, after the Superanti-spyware ran an updated scan. Is this to be expected? There were only a few cookies found, but I just wanted to know if everything is still all right before I downloaded the firewall.
Posted 7/30/2007 1:56 AM
#51146
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Open superantispyware - Preferences - uncheck - load at startup. See if it help ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, December 9, 2016, 6:57 AM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.