BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Pop ups and IE7
   
BullGuard Antivirus Forum > BullGuard zone > BullGuard Customers > Pop ups and IE7  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Pop ups and IE7
[ << Previous Thread | Next Thread >> ]

katz
New Member




Date Joined Jun 2007
Total Posts : 27
 
   Posted 3/1/2008 5:00 PM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
I am getting very aggitated, I have pop ups and yet pop up blocker is enabled, so there is an infection somewhere, yet I have tried looking for it even downloading tools to scan with, but the little thing is eveading me, grrr
Then I find I can not get IE7 to work anywhere at anytime, there seems no way to uninstall it so as I can re-install it! Then I try to go to support in bullguard and find not only is my emails failing to get sent and error occured but I can't ask for chat as there is a problem there too.........................(scream)
Any kind soul around who can shed some light for me???
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 3/1/2008 6:54 PM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
Hello katz smile
 
 
Click here - ->>  Before posting a log 
 
 
 After You have run the scan tools -
 
Reboot normally
 
Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT  in this topic
 
 
I´ll look to it


Do NOT post your problem in someone elses thread.

Back to Top
 

katz
New Member




Date Joined Jun 2007
Total Posts : 27
 
   Posted 3/1/2008 8:11 PM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
Ok I am running vista ultimate.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 3/1/2008 8:44 PM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
Ok. If it 32 bit, can You run all the tools. I just haven´t edited - Before posting a log - recently


Do NOT post your problem in someone elses thread.

Back to Top
 

katz
New Member




Date Joined Jun 2007
Total Posts : 27
 
   Posted 3/1/2008 9:08 PM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
OK had ccleaner anyway and run that, spybot will not load on my pc says unknown error occurred and was not saved, done this three times. have downloaded combofix but unsure as to what to do next as I have not done the spybot, can see where the pop ups were coming from mywebsearch, when I went to do the quaruntine bit it was not there??? scanned twice and same thing happened. I am not a novice when it comes to unstalling and using software so I don't think it is my mistake, nor am I an expert to know what is going wrong, getting frustrated now how do you fellas cope with it all? Will wait till I am told what to do next thank you
Back to Top
 

katz
New Member




Date Joined Jun 2007
Total Posts : 27
 
   Posted 3/2/2008 10:54 AM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
Got as far as combo fix for some reason it says the script is wrong so going to download it again, sorry to take so long, I am trying to do as you asked, but could you just bear with me, I have a disease in my hands that only lets me work on the pc so long. I do appreciate your help, thanks
Back to Top
 

katz
New Member




Date Joined Jun 2007
Total Posts : 27
 
   Posted 3/2/2008 11:06 AM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
Ok I have downloaded combo fix from three of the locations given the 1st one said the page was not available anymore the url or something was not found. The other three come up the same each time saying the script CFS is not correctly spelt, the blue box comes up ready to work but does not go any further.
As you may be aware it is mothers day today and I am being whisked off for the day by my children so won't be able to work on this untill i return this evening, so sorry to be a nuisance, hope you are understanding, have a nice day yourself and I will be in touch.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 3/2/2008 11:51 AM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
You are not supposed to use script CFS - yet ;-)
 
 
Let´s try this methos (after mothers day. Congratulation BTW  smile  )
 
 
Please download Combofix:
 
and save to the desktop.

Close all other browser windows.
 
 
 
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
 
Go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe" /killall

 
 When finished, it will produce a logfile located at C:\ComboFix.txt.

Post the contents of that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
 
 


Do NOT post your problem in someone elses thread.

Back to Top
 

katz
New Member




Date Joined Jun 2007
Total Posts : 27
 
   Posted 3/2/2008 8:40 PM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
Redone ccleaner and spybot as well as superantispyware, one tracking cookie in superantispyware this time round, deleted. Downloaded combofix again and tried to run it, got the same meeage again. You said I should not be using CFS yet, but I have not done anything to use it or allow it at all. When I downloaded HJT it said for some reason my system has denied access to the hosts file, and to sort this out for vista to go to administrator and run then, this I am unsure of how to do it.
Thank you I had a great day with far too many chocolates shame I cannot share them with you!
I await your advise and thank you for your patience.
Back to Top
 

katz
New Member




Date Joined Jun 2007
Total Posts : 27
 
   Posted 3/2/2008 8:53 PM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
Ps I am still getting popups.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 3/2/2008 9:07 PM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
Ok, we´ll try another scanner then -
 
Download Deckard's System Scanner: http://www.techsupportforum.com/sectools/Deckard/dss.exe
Close all applications and windows.
 
Double-click on dss.exe to run it, and follow the prompts.
(If you get an error, rightclick on - dss exe - run as admin)

When the scan is complete, a text file will open - Main.txt.
 
Click on Format and Uncheck Word wrap, if checked.
Please save this file and close Notepad.
 
A folder, C:\Deckard, will also open. In it will be another text file, Extra.txt. Please save this file too, and exit Notepad.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
 
Post back to the Forum the contents of Main.txt and the contents of C:\Deckard\Extra.txt
 
I´ll look to it tomorrow, as it´s getting late here in Denmark ;-)


Do NOT post your problem in someone elses thread.

Back to Top
 

katz
New Member




Date Joined Jun 2007
Total Posts : 27
 
   Posted 3/4/2008 10:54 PM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
kard's System Scanner v20071014.68
Run by Katzyin on 2008-03-04 20:41:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
37: 2008-03-04 09:56:30 UTC - RP251 - Installed Windows Live
36: 2008-03-04 08:48:58 UTC - RP250 - Installed Windows Live
35: 2008-03-03 09:27:44 UTC - RP249 - Removed User Agent String Utility
34: 2008-03-03 09:25:40 UTC - RP248 - Removed Ad-Aware 2007
33: 2008-03-02 18:17:41 UTC - RP247 - Removed VersionTracker Pro Windows


-- First Restore Point --
1: 2008-02-11 19:14:47 UTC - RP215 - Removed Google Earth.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Katzyin.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43, on 2008-03-04
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Katzyin\AppData\Local\lqglq.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Katzyin\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Katzyin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [lqglq] c:\users\katzyin\appdata\local\lqglq.exe lqglq
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUplden-gb.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://katzyin.spaces.live.com/PhotoUpload/VistaMsnPUplden-gb.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9169 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ElRawDisk - \??\c:\windows\system32\drivers\elrawdsk.sys
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys

S3 TVICHW32 - \??\c:\windows\system32\drivers\tvichw32.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-04 20:37:28 422 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{9A8AE781-0577-4DE1-A6C7-D791AF3C9CCA}.job
2008-03-04 20:18:01 256 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2008-03-04 18:14:16 386 --a------ C:\Windows\Tasks\AutoSmartDefrag.job
2007-12-23 22:00:00 480 --a------ C:\Windows\Tasks\SmartDefrag.job


-- Files created between 2008-02-04 and 2008-03-04 -----------------------------

2008-03-04 20:43:05 0 d-------- C:\Program Files\Trend Micro
2008-03-02 17:23:06 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 20:20:41 68096 --a------ C:\Windows\system32\zip.exe
2008-03-01 20:20:40 80412 --a------ C:\Windows\system32\grep.exe
2008-03-01 20:20:40 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-01 20:20:39 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-01 19:19:27 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-01 18:11:28 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-03-01 18:09:57 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-29 06:23:45 0 d-------- C:\Users\All Users\Lavasoft
2008-02-29 06:22:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 15:41:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-23 12:56:59 0 -rahs---- C:\MSDOS.SYS
2008-02-23 12:56:59 0 -rahs---- C:\IO.SYS
2008-02-23 12:39:03 9341 --a------ C:\Windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2008-02-23 12:10:26 12800 --a------ C:\Windows\system32\drivers\elrawdsk.sys <Not Verified; EldoS Corporation; RawDisk>
2008-02-23 12:10:02 12800 --a------ C:\Windows\system32\elrawdsk.sys <Not Verified; EldoS Corporation; RawDisk>
2008-02-23 12:09:55 24064 --a------ C:\Windows\system32\smrgdf.exe
2008-02-23 12:09:55 32768 --a------ C:\Windows\system32\iolobtdfg.exe
2008-02-23 12:09:52 0 d-------- C:\Program Files\iolo
2008-02-23 12:08:33 74703 --a------ C:\Windows\system32\mfc45.dll
2008-02-23 12:06:48 0 d-------- C:\Users\All Users\iolo
2008-02-07 10:39:14 0 d-------- C:\Program Files\Common Files\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-03-04 10:02:08 0 d-------- C:\Program Files\Windows Live
2008-03-03 00:21:35 0 d-------- C:\Program Files\SpywareBlaster
2008-03-02 17:23:06 0 d-------- C:\Program Files\Common Files
2008-03-01 18:09:57 0 d-------- C:\Users\Katzyin\AppData\Roaming\SUPERAntiSpyware.com
2008-03-01 17:54:02 230432 --a------ C:\PA207.DAT
2008-03-01 13:24:08 0 d-------- C:\Program Files\Zards software
2008-02-23 12:18:59 0 d-------- C:\Users\Katzyin\AppData\Roaming\iolo
2008-02-18 10:21:10 1740 --a------ C:\Users\Katzyin\AppData\Roaming\wklnhst.dat
2008-02-12 07:26:03 0 d-------- C:\Program Files\Google
2008-02-11 19:15:52 0 d-------- C:\Users\Katzyin\AppData\Roaming\BullGuard
2008-02-08 10:30:11 0 d-------- C:\Users\Katzyin\AppData\Roaming\Smart PC Solutions
2008-01-29 07:26:20 28672 --a------ C:\Windows\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-01-19 18:11:41 0 d-------- C:\Program Files\Pogo UK
2008-01-19 15:16:15 0 d-------- C:\Program Files\BullGuard Ltd
2008-01-09 11:37:53 0 d-------- C:\Program Files\Windows Mail
2008-01-09 11:37:52 0 d-------- C:\Program Files\Windows Sidebar
2007-12-11 20:25:15 67768 --a------ C:\Users\Katzyin\AppData\Roaming\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-25 20:42]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-02-19 17:52]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 16:28 C:\Windows\SOUNDMAN.EXE]
"iolo Startup"="C:\Program Files\iolo\Common\Lib\ioloLManager.exe" [2007-11-21 20:16]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-02-19 17:52]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:34]
"lqglq"="c:\users\katzyin\appdata\local\lqglq.exe" [2008-02-24 11:07]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:33]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-03-01 13:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
"C:\Program Files\CCleaner\ccleaner.exe" /AUTO

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08 hpqddsvc
BullGuard BgMainSvc BsFileScan BsMailProxy BsFire


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8002 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-04 20:46:36 ------------
Back to Top
 

katz
New Member




Date Joined Jun 2007
Total Posts : 27
 
   Posted 3/4/2008 10:58 PM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
Hope this helps and that I have done it correctly, thank you
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 3/5/2008 10:37 AM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
It looks right smile
 
 
 

Update Superantispyware

 
 
 
Download  DrWebCureit:
 
 
to your desktop.
 
 
 
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [lqglq] c:\users\katzyin\appdata\local\lqglq.exe lqglq
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
 
 
Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.
 
 
 
Reboot to Safe mode     << Same procedure in Vista
 
 
 
 
Doubleclick the "drweb-cureit.exe" and click "Start" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
Click on the Options->Change settings.
 
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select –Rename
Click – Apply - OK
Click on Scan Tab.  Move  dot from Express scan to Complete Scan.  Click on The Green arrow to the right.  It will now scan your  drive(s), say yes to all
 
After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
 
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
 
 
 
 
 
Start Superantispyware.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,
it will scan now. When scan have finished, put a checkmark with  all items it found. Next, after cleaning, allow it to Reboot
 
 
 
Start Superantispyware again –
Click Preferences and then click the statistics/logs tab.
Click the dated log and press view log and a text file will appear.
 
 
 
Post this log along with fresh hijackthis log, Dr.Web log and tell how things are running  ?
 
 
 
 
 
 
 
 
 
 
 


Do NOT post your problem in someone elses thread.

Back to Top
 

katz
New Member




Date Joined Jun 2007
Total Posts : 27
 
   Posted 3/6/2008 11:01 AM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
Aw Touch I am getting into a bit of a muddle here so sorry, you are patient too. let me explain a little.
I have a hand disability in both hands and sometimes find using the pc a trial hitting the right keys and manipulating the mouse, and other times I am on such strong pain killers I get a bit muddled.
Well I have been trying to follow the instructions as they have been given and telling you any problems I got along the way. IN the middle of doing this messenger sent me an update message and I updated, then found I could not open messenger, so did a restore. There I found my problem as it took away my good copy of HJT! tried to download again but have the same problem, I seem to have a small problem downloading at times not sure if this is significant at all.
I did do dr web, said I have a trojan in the combofix files saved the log but windows cant open the files.grrr, so what I will do is set a day aside when my grand daughter is here to start at the beginning and go through it all again as I don't want to annoy you with bits and pieces you cant work with. I still have pop ups, I telephoned one of these advertisers and they said they could not do anything about it and that I must of accepted some freeware and got the ads as well, did I? I am not so sure but I am enjoying telephoning them and keeping them on the line getting frustrated with me as I won't go away that easily, gives me a giigle to have some kind of payback to their annoying sales tactics!
Well Touch i do hope you are understanding and will have some more patience with this old codger who is so grateful to you for bothering with her and her problems that will probably turn out to be my own silly fault! You live and learn eh? Best wishes to you and yours, hear from you soon xx
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 3/8/2008 11:45 AM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
Ok, let´s try another scanner then smile
 
 
Download Deckard's System Scanner: http://www.techsupportforum.com/sectools/Deckard/dss.exe
Close all applications and windows.
 
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - Main.txt.
 
Click on Format and Uncheck Word wrap, if checked.
Please save this file and close Notepad.
 
A folder, C:\Deckard, will also open. In it will be another text file, Extra.txt. Please save this file too, and exit Notepad.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
 
Post back to the Forum the contents of Main.txt and the contents of C:\Deckard\Extra.txt


Do NOT post your problem in someone elses thread.

Back to Top
 

katz
New Member




Date Joined Jun 2007
Total Posts : 27
 
   Posted 3/9/2008 3:57 PM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
This is the only text that came up with this scan, did it three times just to make sure. I do remember last time there was two text reports.



Deckard's System Scanner v20071014.68
Run by Katzyin on 2008-03-09 12:43:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-09 12:43:34
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Katzyin\AppData\Local\hweset.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\SearchFilterHost.exe
C:\Users\Katzyin\Desktop\dss(3).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [hweset] c:\users\katzyin\appdata\local\hweset.exe hweset
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUplden-gb.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://katzyin.spaces.live.com/PhotoUpload/VistaMsnPUplden-gb.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


--
End of file - 9357 bytes

-- Files created between 2008-02-09 and 2008-03-09 -----------------------------

2008-03-05 20:47:36 0 d-------- C:\Users\Katzyin\DoctorWeb
2008-03-04 20:43:05 0 d-------- C:\Program Files\Trend Micro
2008-03-02 17:23:06 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 20:20:41 68096 --a------ C:\Windows\system32\zip.exe
2008-03-01 20:20:40 80412 --a------ C:\Windows\system32\grep.exe
2008-03-01 20:20:40 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-01 20:20:39 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-01 19:19:27 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-01 18:11:28 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-03-01 18:09:57 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-01 13:49:33 0 d-------- C:\Program Files\Microsoft User Agent String Utility
2008-02-29 06:23:45 0 d-------- C:\Users\All Users\Lavasoft
2008-02-29 06:22:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 15:41:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-23 12:56:59 0 -rahs---- C:\MSDOS.SYS
2008-02-23 12:56:59 0 -rahs---- C:\IO.SYS
2008-02-23 12:39:03 9341 --a------ C:\Windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2008-02-23 12:10:26 12800 --a------ C:\Windows\system32\drivers\elrawdsk.sys <Not Verified; EldoS Corporation; RawDisk>
2008-02-23 12:10:02 12800 --a------ C:\Windows\system32\elrawdsk.sys <Not Verified; EldoS Corporation; RawDisk>
2008-02-23 12:09:55 24064 --a------ C:\Windows\system32\smrgdf.exe
2008-02-23 12:09:55 32768 --a------ C:\Windows\system32\iolobtdfg.exe
2008-02-23 12:09:52 0 d-------- C:\Program Files\iolo
2008-02-23 12:08:33 74703 --a------ C:\Windows\system32\mfc45.dll
2008-02-23 12:06:48 0 d-------- C:\Users\All Users\iolo


-- Find3M Report ---------------------------------------------------------------

2008-03-05 17:44:54 0 d-------- C:\Users\Katzyin\AppData\Roaming\iolo
2008-03-05 17:44:54 0 d-------- C:\Program Files\MSN Messenger
2008-03-04 10:02:08 0 d-------- C:\Program Files\Windows Live
2008-03-03 00:21:35 0 d-------- C:\Program Files\SpywareBlaster
2008-03-02 17:23:06 0 d-------- C:\Program Files\Common Files
2008-03-01 18:09:57 0 d-------- C:\Users\Katzyin\AppData\Roaming\SUPERAntiSpyware.com
2008-03-01 17:54:02 230432 --a------ C:\PA207.DAT
2008-03-01 13:24:08 0 d-------- C:\Program Files\Zards software
2008-02-18 10:21:10 1740 --a------ C:\Users\Katzyin\AppData\Roaming\wklnhst.dat
2008-02-12 07:26:03 0 d-------- C:\Program Files\Google
2008-02-11 19:15:52 0 d-------- C:\Users\Katzyin\AppData\Roaming\BullGuard
2008-02-08 10:30:11 0 d-------- C:\Users\Katzyin\AppData\Roaming\Smart PC Solutions
2008-02-07 10:39:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-29 07:26:20 28672 --a------ C:\Windows\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-01-19 18:11:41 0 d-------- C:\Program Files\Pogo UK
2008-01-19 15:16:15 0 d-------- C:\Program Files\BullGuard Ltd
2008-01-09 11:37:53 0 d-------- C:\Program Files\Windows Mail
2008-01-09 11:37:52 0 d-------- C:\Program Files\Windows Sidebar
2007-12-11 20:25:15 67768 --a------ C:\Users\Katzyin\AppData\Roaming\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-25 20:42]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-02-19 17:52]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 16:28 C:\Windows\SOUNDMAN.EXE]
"iolo Startup"="C:\Program Files\iolo\Common\Lib\ioloLManager.exe" [2008-03-04 15:17]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-02-19 17:52]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:33]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-03-01 13:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
"hweset"="c:\users\katzyin\appdata\local\hweset.exe" [2008-03-07 20:43]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
"C:\Program Files\CCleaner\ccleaner.exe" /AUTO

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08 hpqddsvc
BullGuard BgMainSvc BsFileScan BsMailProxy BsFire


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-03-09 12:43:55 ------------
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 3/9/2008 4:50 PM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
They will do smile
 
 
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked:
O4 - HKCU\..\Run: [hweset] c:\users\katzyin\appdata\local\hweset.exe hweset
 

 
 
 
Re-start your PC in   Safe Mode
 
 
 

Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
 
Delete-
 
Files:
c:\users\katzyin\appdata\local\hweset.exe
 
 
Reboot normally, and tell i how things are running now  ?
 


Do NOT post your problem in someone elses thread.

Back to Top
 

katz
New Member




Date Joined Jun 2007
Total Posts : 27
 
   Posted 3/12/2008 9:44 AM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
Touch all is gone left it till the next day just to see, and the pop ups are definately gone, thank you very much!
IE has still refused to work through out the whole proceedings.
Thanks for helping get rid of the pop ups they are so annoying, It only showed up in safe mode, clever little things aint they grrrrrr!
Once again thanks for your help xxx
Back to Top
 

katz
New Member




Date Joined Jun 2007
Total Posts : 27
 
   Posted 3/12/2008 9:50 AM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
Touch all is gone left it till the next day just to see, and the pop ups are definately gone, thank you very much!
IE has still refused to work through out the whole proceedings.
Thanks for helping get rid of the pop ups they are so annoying, It only showed up in safe mode, clever little things aint they grrrrrr!
Once again thanks for your help xxx
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 3/12/2008 9:52 AM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
That´s good news smile
 
 
Ever considered using Firefox ?
 
 
 
 
Please  read Tony Klein's excellent article  about how to prevent against  spyware/hijackers in the future


Do NOT post your problem in someone elses thread.

Back to Top
 

katz
New Member




Date Joined Jun 2007
Total Posts : 27
 
   Posted 3/12/2008 9:58 AM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
Touch all is gone left it till the next day just to see, and the pop ups are definately gone, thank you very much!
IE has still refused to work through out the whole proceedings.
Thanks for helping get rid of the pop ups they are so annoying, It only showed up in safe mode, clever little things aint they grrrrrr!
Once again thanks for your help xxx
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 3/12/2008 10:02 AM (GMT +2)    Quote: Pop ups and IE7Alert an admin about: Pop ups and IE7
I was glad to help smile
 
 
 
Since your problem appears to be resolved, this thread will now be closed.
If you need this topic reopened, please PM a Moderator and we will reopen it for you


Do NOT post your problem in someone elses thread.

Back to Top
 
New Topic Locked Topic Printable version of : Pop ups and IE7
 
Forum Information
Currently it is Sunday, December 21, 2014 12:57 AM (GMT +2)
There are a total of 60,822 posts in 13,360 threads.
In the last 3 days there were 0 new threads and 0 reply posts. View Active Threads
Who's Online
This forum has 36997 registered members. Please welcome our newest member, MosQuiTos007.
7 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads