Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Unknown Virus/pop-ups
   
BullGuard Antivirus Forum > Virus > Virus Questions > Unknown Virus/pop-ups  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Unknown Virus/pop-ups
[ << Previous Thread | Next Thread >> ]

sianbootay
New Member




Date Joined Aug 2006
Total Posts : 21
  		   Posted 6-30-2008 9:29 (GMT +2)    Quote: Unknown Virus/pop-upsAlert an admin about: Unknown Virus/pop-ups
Hi bullguard, lately ive been receiving some unknown virus i believe, there is a message that pops-up every 5-10 minutes
for some reason, it wont allow me to upload any images through photobucket nor attaching an image through this post
i also have another computer on my network and it doenst seem like i can view his files/access his computer
if who ever is viewing this post has a blackberry pin, just send it to me your PIN via email, and ill send all messages via Blackberry Messanger, thanks
ive ran a scan with ad-aware 2008, normally it should display what/where the virus is located, but at his point unfortunately it doenst display any sort of virus/threat, it just shows what cookies/mru files that will be removed.
here is my hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:11 PM, on 6/30/2008
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=3c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Support - {386E1A34-A4B6-46CD-BA5F-DEBC3B37AC40} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 3358 bytes

again, thanks bullguard

Post Edited (sianbootay) : 30-06-2008 19:29:39 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13178
  		   Posted 7-1-2008 4:53 (GMT +2)    Quote: Unknown Virus/pop-upsAlert an admin about: Unknown Virus/pop-ups
Hello sianbootay cool
 
 
Please download Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
 
And save to the desktop.

Close all other browser windows.
 
 
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply with a new hijackthis log.
 
Please copy and paste your log files. DO NOT add it as an attachment



NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Do NOT post your problem in someone elses thread.

Back to Top
 

sianbootay
New Member




Date Joined Aug 2006
Total Posts : 21
  		   Posted 7-1-2008 9:16 (GMT +2)    Quote: Unknown Virus/pop-upsAlert an admin about: Unknown Virus/pop-ups
Hows it goin Touch? heres a fresh combo.fix/hijack log file
 
Combofix
 
ComboFix 08-06-30.2 - Sianfou Saechao 2008-07-01 12:08:38.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.202 [GMT -7:00]
Running from: C:\Documents and Settings\Sianfou Saechao\Desktop\ComboFix.exe
 * Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\UpMedia\ContentTool.dll
C:\WINDOWS\system32\UpMedia\SearchTool.dll
C:\WINDOWS\system32\UpMedia\uninstallSE.exe
C:\WINDOWS\system32\WinNB55.dll
.
(((((((((((((((((((((((((   Files Created from 2008-06-01 to 2008-07-01  )))))))))))))))))))))))))))))))
.
2008-06-30 22:53 . 2008-06-30 23:02 316,640 --a--c--- C:\WINDOWS\WMSysPr9.prx
2008-06-30 22:52 . 2008-06-30 22:52 <DIR> d----c--- C:\WINDOWS\provisioning
2008-06-30 22:52 . 2008-06-30 22:52 <DIR> d----c--- C:\WINDOWS\peernet
2008-06-30 22:48 . 2008-06-30 22:48 <DIR> d----c--- C:\WINDOWS\ServicePackFiles
2008-06-30 22:43 . 2004-08-03 22:42 15,872 --a--c--- C:\WINDOWS\system32\spupdsvc.exe
2008-06-30 22:39 . 2008-06-30 22:39 <DIR> d----c--- C:\WINDOWS\EHome
2008-06-30 22:30 . 2004-08-04 00:56 11,776 -----c--- C:\WINDOWS\system32\spnpinst.exe
2008-06-30 22:30 . 2004-08-02 14:20 7,208 -----c--- C:\WINDOWS\system32\secupd.sig
2008-06-30 22:30 . 2004-08-02 14:20 4,569 -----c--- C:\WINDOWS\system32\secupd.dat
2008-06-30 22:18 . 2004-08-04 00:56 239,104 --a--c--- C:\WINDOWS\system32\srrstr.dll
2008-06-30 22:17 . 2008-06-30 22:21 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2008-06-30 22:17 . 2003-08-01 21:14 25,600 --a--c--- C:\WINDOWS\system32\xpsp1hfm.exe
2008-06-30 22:17 . 2008-06-30 22:57 1,374 --a--c--- C:\WINDOWS\imsins.BAK
2008-06-30 22:14 . 2008-06-30 22:14 363,980 --a--c--- C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
2008-06-30 22:14 . 2008-06-30 22:14 139,264 --a--c--- C:\WINDOWS\MirarDownloader_876260.exe
2008-06-30 22:14 . 2008-07-01 12:05 18,432 --a--c--- C:\Documents and Settings\Sianfou Saechao\Application Data\internaldb41.dat
2008-06-30 22:14 . 2008-07-01 12:04 555 --a--c--- C:\Documents and Settings\Sianfou Saechao\Application Data\internaldb8467.dat
2008-06-30 22:14 . 2008-07-01 12:07 374 --a--c--- C:\Documents and Settings\Sianfou Saechao\Application Data\internaldb6334.dat
2008-06-30 22:14 . 2008-06-30 22:14 190 --a--c--- C:\WINDOWS\wininit.ini
2008-06-30 21:44 . 2008-06-30 21:51 139,264 --a--c--- C:\WINDOWS\War3Unin.exe
2008-06-30 21:44 . 2008-06-30 22:00 77,378 --a--c--- C:\WINDOWS\War3Unin.dat
2008-06-30 21:44 . 2008-06-30 21:51 2,829 --a--c--- C:\WINDOWS\War3Unin.pif
2008-06-30 20:45 . 2008-06-30 20:45 <DIR> d----c--- C:\WINDOWS\system32\bits
2008-06-30 20:45 . 2008-06-30 20:45 <DIR> d----c--- C:\Program Files\CCleaner
2008-06-30 20:45 . 2008-06-30 20:45 <DIR> d----c--- C:\Documents and Settings\Sianfou Saechao\Application Data\Lavasoft
2008-06-30 20:43 . 2008-06-30 20:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-30 20:26 . 2008-06-30 20:38 <DIR> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2008-06-30 20:23 . 2004-08-04 00:56 438,784 -----c--- C:\WINDOWS\system32\xpob2res.dll
2008-06-30 20:23 . 2004-08-04 00:56 351,232 --a--c--- C:\WINDOWS\system32\winhttp.dll
2008-06-30 20:23 . 2004-08-04 00:56 18,944 --a--c--- C:\WINDOWS\system32\qmgrprxy.dll
2008-06-30 20:23 . 2004-08-04 00:56 8,192 -----c--- C:\WINDOWS\system32\bitsprx2.dll
2008-06-30 20:23 . 2004-08-04 00:56 7,168 -----c--- C:\WINDOWS\system32\bitsprx3.dll
2008-06-30 20:22 . 2007-07-30 19:19 549,720 --a--c--- C:\WINDOWS\system32\wuapi.dll
2008-06-30 20:22 . 2007-07-30 19:19 325,976 --a--c--- C:\WINDOWS\system32\wucltui.dll
2008-06-30 20:22 . 2007-07-30 19:19 216,408 --a--c--- C:\WINDOWS\system32\wuaucpl.cpl
2008-06-30 20:22 . 2007-07-30 19:19 43,352 --a--c--- C:\WINDOWS\system32\wups2.dll
2008-06-30 20:22 . 2007-07-30 19:18 34,136 --a--c--- C:\WINDOWS\system32\wucltui.dll.mui
2008-06-30 20:22 . 2007-07-30 19:18 33,624 --a--c--- C:\WINDOWS\system32\wups.dll
2008-06-30 20:22 . 2007-07-30 19:19 25,944 --a--c--- C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-30 20:22 . 2007-07-30 19:19 25,944 --a--c--- C:\WINDOWS\system32\wuapi.dll.mui
2008-06-30 20:22 . 2007-07-30 19:18 20,312 --a--c--- C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-30 12:07 . 2008-06-30 12:07 <DIR> d----c--- C:\Program Files\Trend Micro
2008-06-29 22:55 . 2005-01-22 12:12 679,936 --a--c--- C:\WINDOWS\system32\D3DX81ab.dll
2008-06-29 20:36 . 2008-06-30 20:45 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-29 20:32 . 2008-06-30 20:45 <DIR> d----c--- C:\Program Files\Lavasoft
2008-06-29 20:32 . 2008-06-30 20:45 <DIR> d---sc--- C:\Documents and Settings\Sianfou Saechao\UserData
2008-06-29 17:53 . 2008-06-29 17:53 <DIR> d----c--- C:\Program Files\Yahoo!
2008-06-29 17:08 . 2008-06-29 17:08 272 --a--c--- C:\WINDOWS\_delis32.ini
2008-06-29 17:05 . 2008-06-29 17:05 2,397 --a--c--- C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-06-29 17:04 . 2008-06-29 17:41 <DIR> d----c--- C:\Program Files\Common Files\Symantec Shared
2008-06-29 16:49 . 2008-06-29 16:49 <DIR> d----c--- C:\Program Files\WinPcap
2008-06-29 16:49 . 2008-06-30 20:39 <DIR> d----c--- C:\Program Files\WC3Banlist
2008-06-29 16:47 . 2008-06-29 16:55 <DIR> d----c--- C:\WINDOWS\nview
2008-06-29 16:47 . 2008-06-29 16:47 <DIR> d----c--- C:\NVIDIA
2008-06-29 16:47 . 2005-04-01 16:16 176,128 --a--c--- C:\WINDOWS\system32\nvudisp.exe
2008-06-29 16:47 . 2005-04-01 16:16 14,435 --a--c--- C:\WINDOWS\system32\nvdisp.nvu
2008-06-29 16:44 . 2008-06-29 17:04 <DIR> d----c--- C:\Documents and Settings\Sianfou Saechao\Application Data\Ventrilo
2008-06-29 16:43 . 2008-06-29 16:43 <DIR> d----c--- C:\Program Files\Ventrilo
2008-06-29 16:43 . 2008-06-30 20:40 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 16:40 . 2008-06-29 16:40 <DIR> d----c--- C:\Program Files\Viewpoint
2008-06-29 16:40 . 2008-06-29 16:40 <DIR> d----c--- C:\Program Files\AIM
2008-06-29 16:40 . 2008-06-29 16:40 <DIR> d----c--- C:\Documents and Settings\Sianfou Saechao\Application Data\Aim
2008-06-29 16:40 . 2008-06-29 16:40 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-29 16:40 . 2002-12-18 15:46 344,064 --a--c--- C:\WINDOWS\system32\msvcr70.dll
2008-06-29 16:28 . 2008-06-30 22:08 <DIR> d----c--- C:\Program Files\Warcraft III
2008-06-29 16:26 . 2008-06-29 16:26 <DIR> d----c--- C:\Program Files\Compaq IJ650 Inkjet Printer
2008-06-29 16:19 . 2001-08-07 23:28 577,536 --a------ C:\WINDOWS\system32\igfxres.dll
2008-06-29 16:16 . 2008-06-29 16:17 4 --a--c--- C:\WINDOWS\msoffice.ini
2008-06-29 16:13 . 2008-06-29 16:13 <DIR> d---sc--- C:\WINDOWS\system32\Microsoft
2008-06-29 16:13 . 2003-06-04 07:45 <DIR> d----c--- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-29 16:13 . 2003-06-04 07:45 <DIR> d----c--- C:\Documents and Settings\Sianfou Saechao\WINDOWS
2008-06-29 16:13 . 2008-06-30 21:35 <DIR> d----c--- C:\Documents and Settings\Sianfou Saechao
2008-06-29 16:13 . 2003-06-04 07:45 <DIR> d----c--- C:\Documents and Settings\Default User\WINDOWS
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 23:47 --------- dc----w C:\Program Files\Common Files\InstallShield
2008-06-29 23:26 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-06-29 23:18 --------- dc----w C:\Program Files\Common Files\Real
2008-06-29 23:17 --------- dc----w C:\Program Files\COMPAQ
2008-05-16 18:58 12,632 -c--a-w C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-08-07 19:25 143360]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-08-07 18:36 90112]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2001-08-15 14:50 131072]
"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-08-15 10:50 28672]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 14:34 36864]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 16:16 5562368]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 16:16 86016]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:56 158208]
"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMWDInstallFilename]
-----c--- 2004-01-12 13:29 102400 C:\PROGRA~1\AIM\AIMWDI~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMPDPSRV]
--a--c--- 2001-05-07 16:53 40960 C:\WINDOWS\system32\spool\drivers\w32x86\3\CMpdpsrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a--c--- 2000-07-13 12:00 311350 C:\Program Files\Microsoft Works\wkssb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a--c--- 2000-07-13 12:00 28739 C:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
-----c--- 2004-08-04 00:56 1667584 C:\Program Files\messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 15:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 06:28]
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 14:10]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 23:13:20 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-06-29 23:13:20 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-06-29 23:13:21 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-WorksFUD - (no file)

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 12:10:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-01 12:11:13
ComboFix-quarantined-files.txt  2008-07-01 19:11:09
Pre-Run: 25,195,540,480 bytes free
Post-Run: 25,320,595,456 bytes free
159 --- E O F --- 2008-07-01 05:57:21
 
Hijackthis log
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:16 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {386E1A34-A4B6-46CD-BA5F-DEBC3B37AC40} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214882502296
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 3431 bytes
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13178
  		   Posted 7-2-2008 9:30 (GMT +2)    Quote: Unknown Virus/pop-upsAlert an admin about: Unknown Virus/pop-ups
Fine - Thank´s smile   How about You ?
 
 
Please download Malwarebytes' Anti-Malware:
http://www.besttechie.net/tools/mbam-setup.exe
 
 
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
 
Copy and Paste that log into your next reply, along with new combofix log and tell how things are running ?

Do NOT post your problem in someone elses thread.

Back to Top
 

sianbootay
New Member




Date Joined Aug 2006
Total Posts : 21
  		   Posted 7-3-2008 8:53 (GMT +2)    Quote: Unknown Virus/pop-upsAlert an admin about: Unknown Virus/pop-ups
Malwarebytes' Anti-Malware 1.19
Database version: 918
Windows 5.1.2600 Service Pack 2
11:45:29 PM 7/2/2008
mbam-log-7-2-2008 (23-45-29).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 69920
Time elapsed: 23 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\UpMedia\uninstallSE.exe.vir (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1C3FF134-3E04-482A-A3EA-333344286720}\RP24\A0005275.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1C3FF134-3E04-482A-A3EA-333344286720}\RP24\A0005276.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1C3FF134-3E04-482A-A3EA-333344286720}\RP27\A0009368.exe (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe (Adware.SmartShopper) -> Quarantined and deleted successfully.
ComboFix 08-06-30.2 - Sianfou Saechao 2008-07-02 23:47:49.2 - NTFSx86
Running from: C:\Documents and Settings\Sianfou Saechao\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((   Files Created from 2008-06-03 to 2008-07-03  )))))))))))))))))))))))))))))))
.
2008-07-02 22:55 . 2008-07-02 22:55 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-02 22:55 . 2008-07-02 22:55 <DIR> d----c--- C:\Documents and Settings\Sianfou Saechao\Application Data\Malwarebytes
2008-07-02 22:55 . 2008-07-02 22:55 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-02 22:55 . 2008-06-28 14:16 34,296 --a--c--- C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-02 22:55 . 2008-06-28 14:16 17,144 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-07-02 22:49 . 2008-07-02 22:49 <DIR> d----c--- C:\Program Files\SystemRequirementsLab
2008-06-30 22:53 . 2008-06-30 23:02 316,640 --a--c--- C:\WINDOWS\WMSysPr9.prx
2008-06-30 22:52 . 2008-06-30 22:52 <DIR> d----c--- C:\WINDOWS\provisioning
2008-06-30 22:52 . 2008-06-30 22:52 <DIR> d----c--- C:\WINDOWS\peernet
2008-06-30 22:48 . 2008-06-30 22:48 <DIR> d----c--- C:\WINDOWS\ServicePackFiles
2008-06-30 22:43 . 2004-08-03 22:42 15,872 --a--c--- C:\WINDOWS\system32\spupdsvc.exe
2008-06-30 22:39 . 2008-06-30 22:39 <DIR> d----c--- C:\WINDOWS\EHome
2008-06-30 22:30 . 2004-08-04 00:56 11,776 -----c--- C:\WINDOWS\system32\spnpinst.exe
2008-06-30 22:30 . 2004-08-02 14:20 7,208 -----c--- C:\WINDOWS\system32\secupd.sig
2008-06-30 22:30 . 2004-08-02 14:20 4,569 -----c--- C:\WINDOWS\system32\secupd.dat
2008-06-30 22:18 . 2004-08-04 00:56 239,104 --a--c--- C:\WINDOWS\system32\srrstr.dll
2008-06-30 22:17 . 2008-06-30 22:21 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2008-06-30 22:17 . 2003-08-01 21:14 25,600 --a--c--- C:\WINDOWS\system32\xpsp1hfm.exe
2008-06-30 22:17 . 2008-06-30 22:57 1,374 --a--c--- C:\WINDOWS\imsins.BAK
2008-06-30 22:14 . 2008-06-30 22:14 139,264 --a--c--- C:\WINDOWS\MirarDownloader_876260.exe
2008-06-30 22:14 . 2008-07-01 12:05 18,432 --a--c--- C:\Documents and Settings\Sianfou Saechao\Application Data\internaldb41.dat
2008-06-30 22:14 . 2008-07-01 12:04 555 --a--c--- C:\Documents and Settings\Sianfou Saechao\Application Data\internaldb8467.dat
2008-06-30 22:14 . 2008-07-01 12:07 374 --a--c--- C:\Documents and Settings\Sianfou Saechao\Application Data\internaldb6334.dat
2008-06-30 22:14 . 2008-06-30 22:14 190 --a--c--- C:\WINDOWS\wininit.ini
2008-06-30 21:44 . 2008-06-30 21:51 139,264 --a--c--- C:\WINDOWS\War3Unin.exe
2008-06-30 21:44 . 2008-06-30 22:00 77,378 --a--c--- C:\WINDOWS\War3Unin.dat
2008-06-30 21:44 . 2008-06-30 21:51 2,829 --a--c--- C:\WINDOWS\War3Unin.pif
2008-06-30 20:45 . 2008-06-30 20:45 <DIR> d----c--- C:\WINDOWS\system32\bits
2008-06-30 20:45 . 2008-06-30 20:45 <DIR> d----c--- C:\Program Files\CCleaner
2008-06-30 20:45 . 2008-06-30 20:45 <DIR> d----c--- C:\Documents and Settings\Sianfou Saechao\Application Data\Lavasoft
2008-06-30 20:43 . 2008-06-30 20:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-30 20:26 . 2008-06-30 20:38 <DIR> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2008-06-30 20:23 . 2004-08-04 00:56 438,784 -----c--- C:\WINDOWS\system32\xpob2res.dll
2008-06-30 20:23 . 2004-08-04 00:56 351,232 --a--c--- C:\WINDOWS\system32\winhttp.dll
2008-06-30 20:23 . 2004-08-04 00:56 18,944 --a--c--- C:\WINDOWS\system32\qmgrprxy.dll
2008-06-30 20:23 . 2004-08-04 00:56 8,192 -----c--- C:\WINDOWS\system32\bitsprx2.dll
2008-06-30 20:23 . 2004-08-04 00:56 7,168 -----c--- C:\WINDOWS\system32\bitsprx3.dll
2008-06-30 20:22 . 2007-07-30 19:19 549,720 --a--c--- C:\WINDOWS\system32\wuapi.dll
2008-06-30 20:22 . 2007-07-30 19:19 325,976 --a--c--- C:\WINDOWS\system32\wucltui.dll
2008-06-30 20:22 . 2007-07-30 19:19 216,408 --a--c--- C:\WINDOWS\system32\wuaucpl.cpl
2008-06-30 20:22 . 2007-07-30 19:19 43,352 --a--c--- C:\WINDOWS\system32\wups2.dll
2008-06-30 20:22 . 2007-07-30 19:18 34,136 --a--c--- C:\WINDOWS\system32\wucltui.dll.mui
2008-06-30 20:22 . 2007-07-30 19:18 33,624 --a--c--- C:\WINDOWS\system32\wups.dll
2008-06-30 20:22 . 2007-07-30 19:19 25,944 --a--c--- C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-30 20:22 . 2007-07-30 19:19 25,944 --a--c--- C:\WINDOWS\system32\wuapi.dll.mui
2008-06-30 20:22 . 2007-07-30 19:18 20,312 --a--c--- C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-30 12:07 . 2008-06-30 12:07 <DIR> d----c--- C:\Program Files\Trend Micro
2008-06-29 22:55 . 2005-01-22 12:12 679,936 --a--c--- C:\WINDOWS\system32\D3DX81ab.dll
2008-06-29 20:36 . 2008-06-30 20:45 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-29 20:32 . 2008-06-30 20:45 <DIR> d----c--- C:\Program Files\Lavasoft
2008-06-29 20:32 . 2008-06-30 20:45 <DIR> d---sc--- C:\Documents and Settings\Sianfou Saechao\UserData
2008-06-29 17:53 . 2008-06-29 17:53 <DIR> d----c--- C:\Program Files\Yahoo!
2008-06-29 17:08 . 2008-06-29 17:08 272 --a--c--- C:\WINDOWS\_delis32.ini
2008-06-29 17:05 . 2008-06-29 17:05 2,397 --a--c--- C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-06-29 17:04 . 2008-06-29 17:41 <DIR> d----c--- C:\Program Files\Common Files\Symantec Shared
2008-06-29 16:49 . 2008-06-29 16:49 <DIR> d----c--- C:\Program Files\WinPcap
2008-06-29 16:49 . 2008-06-30 20:39 <DIR> d----c--- C:\Program Files\WC3Banlist
2008-06-29 16:47 . 2008-06-29 16:55 <DIR> d----c--- C:\WINDOWS\nview
2008-06-29 16:47 . 2008-06-29 16:47 <DIR> d----c--- C:\NVIDIA
2008-06-29 16:47 . 2005-04-01 16:16 176,128 --a--c--- C:\WINDOWS\system32\nvudisp.exe
2008-06-29 16:47 . 2005-04-01 16:16 14,435 --a--c--- C:\WINDOWS\system32\nvdisp.nvu
2008-06-29 16:44 . 2008-06-29 17:04 <DIR> d----c--- C:\Documents and Settings\Sianfou Saechao\Application Data\Ventrilo
2008-06-29 16:43 . 2008-06-29 16:43 <DIR> d----c--- C:\Program Files\Ventrilo
2008-06-29 16:43 . 2008-06-30 20:40 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 16:40 . 2008-07-01 12:33 <DIR> d----c--- C:\Program Files\Viewpoint
2008-06-29 16:40 . 2008-06-29 16:40 <DIR> d----c--- C:\Program Files\AIM
2008-06-29 16:40 . 2008-06-29 16:40 <DIR> d----c--- C:\Documents and Settings\Sianfou Saechao\Application Data\Aim
2008-06-29 16:40 . 2008-06-29 16:40 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-29 16:40 . 2002-12-18 15:46 344,064 --a--c--- C:\WINDOWS\system32\msvcr70.dll
2008-06-29 16:28 . 2008-06-30 22:08 <DIR> d----c--- C:\Program Files\Warcraft III
2008-06-29 16:26 . 2008-06-29 16:26 <DIR> d----c--- C:\Program Files\Compaq IJ650 Inkjet Printer
2008-06-29 16:19 . 2001-08-07 23:28 577,536 --a------ C:\WINDOWS\system32\igfxres.dll
2008-06-29 16:16 . 2008-06-29 16:17 4 --a--c--- C:\WINDOWS\msoffice.ini
2008-06-29 16:13 . 2008-06-29 16:13 <DIR> d---sc--- C:\WINDOWS\system32\Microsoft
2008-06-29 16:13 . 2003-06-04 07:45 <DIR> d----c--- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-29 16:13 . 2003-06-04 07:45 <DIR> d----c--- C:\Documents and Settings\Sianfou Saechao\WINDOWS
2008-06-29 16:13 . 2008-06-30 21:35 <DIR> d----c--- C:\Documents and Settings\Sianfou Saechao
2008-06-29 16:13 . 2003-06-04 07:45 <DIR> d----c--- C:\Documents and Settings\Default User\WINDOWS
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 23:47 --------- dc----w C:\Program Files\Common Files\InstallShield
2008-06-29 23:26 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-06-29 23:18 --------- dc----w C:\Program Files\Common Files\Real
2008-06-29 23:17 --------- dc----w C:\Program Files\COMPAQ
2008-05-16 18:58 12,632 -c--a-w C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((   snapshot@2008-07-01_12.10.55.60   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 19:02:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-03 05:47:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-03-29 18:07:12 206,384 -c--a-w C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-08-07 19:25 143360]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-08-07 18:36 90112]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2001-08-15 14:50 131072]
"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-08-15 10:50 28672]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 14:34 36864]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 16:16 5562368]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 16:16 86016]
"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMWDInstallFilename]
-----c--- 2004-01-12 13:29 102400 C:\PROGRA~1\AIM\AIMWDI~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMPDPSRV]
--a--c--- 2001-05-07 16:53 40960 C:\WINDOWS\system32\spool\drivers\w32x86\3\CMpdpsrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a--c--- 2000-07-13 12:00 311350 C:\Program Files\Microsoft Works\wkssb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a--c--- 2000-07-13 12:00 28739 C:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
-----c--- 2004-08-04 00:56 1667584 C:\Program Files\messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 15:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 06:28]
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 14:10]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 23:13:20 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-06-29 23:13:20 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-06-29 23:13:21 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 23:49:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-02 23:51:28
ComboFix-quarantined-files.txt  2008-07-03 06:50:32
ComboFix2.txt  2008-07-01 19:11:14
Pre-Run: 25,332,576,256 bytes free
Post-Run: 25,320,914,944 bytes free
157 --- E O F --- 2008-07-01 05:57:21
Back to Top
 

sianbootay
New Member




Date Joined Aug 2006
Total Posts : 21
  		   Posted 7-3-2008 8:53 (GMT +2)    Quote: Unknown Virus/pop-upsAlert an admin about: Unknown Virus/pop-ups
things are running great by the way, and again, thanks touch for all your help..youve been keeping me up and running for a very long time

again, thanks
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13178
  		   Posted 7-3-2008 5:39 (GMT +2)    Quote: Unknown Virus/pop-upsAlert an admin about: Unknown Virus/pop-ups
Sounds good, as always am I glad to help smile
 
 
I´ll suggest You install a antivirus program -
 
AVG, Avira OR Avast are good FREE antivirus. These are less taxing on resources
 
 
To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore. To do so, follow these steps:
System Restore
 
Important  -->>>   Now that You are clean:
 
Here are some additional software you may wish to consider using, to prevent malicious software installing in your PC  - >

http://www.javacoolsoftware.com/spywareblaster.html  This is not a scanner, it blocks malicious objects and code from being downloaded, in addition to blocking access to sites known to download malware. Spyware Blaster runs silently in the background and does not need to be open to protect your PC.  
Freeware
 
 Spywareterminator  with realtime protection.
Freeware
 
 
Make sure to keep these programs up-to-date
 
Please  read Tony Klein's excellent article  about how to prevent against  spyware/hijackers in the future
http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html   
 
Now that your problem appears to be resolved, this thread will be closed
 to prevent others with similar issues posting in it.
 
 

Do NOT post your problem in someone elses thread.

Back to Top
 
New Topic Locked Topic Printable version of : Unknown Virus/pop-ups
 
Forum Information
Currently it is Wednesday, October 15, 2008 11:18 PM (GMT +2)
There are a total of 62.809 posts in 15.626 threads.
In the last 3 days there were 15 new threads and 80 reply posts. View Active Threads
Who's Online
This forum has 26757 registered members. Please welcome our newest member, fstop1.
33 Guest(s), 1 Registered Member(s) are currently online.  Details
paul3james
5 Latest Threads
Help - got some cid pop up virus (7)15-10-2008 21:15:55 (paul3james)
Up dates strange behaviour (2)15-10-2008 20:52:23 (frogonline)
Virus disabled safe mode, keeps closing tsk manager, msconfig and anything related to anti virus (26)15-10-2008 18:50:01 (rcabrera96)
My computer programmes and internet connection slow (10)15-10-2008 18:04:34 (Tinszel)
Slow computer and internet explorer not working very well (10)15-10-2008 15:52:19 (seamanben)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard