I am new to this forum so bear with me...I have been receiving multiple popups from various different sites. Ex. if I visit a spyware website, I will generally see a spyware popup, if I visit a music website I will generally see a music popup. I have run a full computer scan with AVG and Adaware. I have pop up blocker in IE turned on and to the highest setting. I am running Win XP. What do I do next?
Here is a combofix log:
ComboFix 08-04-06.1 - Amy 2008-04-06 16:28:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT -6:00]
Running from: C:\Documents and Settings\Amy\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Amy\Application Data\YMBOLS~1
C:\Documents and Settings\Amy\Application Data\YMBOLS~1\?ymbols\
C:\Documents and Settings\Amy\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Amy\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Amy\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Amy\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Amy\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\Amy\Start Menu\Programs\Startup\DW_Start.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\CPV.stt
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\JavaCore
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\network monitor
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\gbRve12
C:\Temp\gbRve12\csLioes.log
C:\temp\tn3
C:\WINDOWS\Fonts\'
C:\WINDOWS\QW15IEJyb2Rlcmljaw\
C:\WINDOWS\QW15IEJyb2Rlcmljaw\\kqYcKHLVvZl5wA53uT.vbs
C:\WINDOWS\system32\aqVreo18
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\jllSAccf.ini
C:\WINDOWS\system32\jllSAccf.ini2
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\ystem3~1
H:\Autorun.inf
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.
2008-04-06 16:33 . 2008-04-06 16:33 <DIR> d-------- C:\temp\tn3
2008-04-06 12:34 . 2008-04-06 12:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-06 12:34 . 2008-04-06 12:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 12:24 . 2008-04-06 12:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-30 20:54 . 2008-03-30 20:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
2008-03-30 20:52 . 2008-03-30 21:24 <DIR> d-------- C:\Program Files\nvcoi
2008-03-30 20:52 . 2008-04-01 20:39 <DIR> d-------- C:\Program Files\CPV
2008-03-30 20:52 . 2008-03-30 20:52 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-03-30 20:49 . 2008-03-30 20:50 934 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-03-30 20:48 . 2008-03-31 01:23 <DIR> d-------- C:\WINDOWS\system32\xTmp
2008-03-30 20:48 . 2008-03-31 01:23 <DIR> d-------- C:\WINDOWS\system32\winz1
2008-03-30 20:48 . 2008-03-31 01:20 <DIR> d-------- C:\WINDOWS\system32\IDME
2008-03-30 20:48 . 2008-03-30 20:52 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-03-30 20:48 . 2008-03-30 20:48 86,016 --a------ C:\WINDOWS\system32\drivers\wdf010000.sys
2008-03-30 20:48 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-03-30 20:48 . 2008-04-06 16:32 932 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-03-30 20:29 . 2008-03-30 20:39 349,372 --a------ C:\amt1
2008-03-30 20:29 . 2008-03-30 20:39 467 --a------ C:\WINDOWS\MP3trtg.ini
2008-03-30 20:27 . 2004-08-04 20:46 520,192 --a------ C:\WINDOWS\system32\wscma2u.exe
2008-03-30 20:27 . 2005-10-21 20:20 278,528 --a------ C:\WINDOWS\system32\ammpp.dll
2008-03-30 20:27 . 2005-10-18 11:14 144,896 --a------ C:\WINDOWS\system32\lame_dshow.ax
2008-03-30 20:27 . 2005-10-26 13:12 70,144 --a------ C:\WINDOWS\system32\AudioFileConvert.ocx
2008-03-30 20:27 . 2005-07-13 15:13 65,536 --a------ C:\WINDOWS\system32\a1.dll
2008-03-30 20:27 . 2005-09-18 13:17 61,440 --a------ C:\WINDOWS\system32\anming.ocx
2008-03-30 20:27 . 2005-10-26 13:12 3,772 --a------ C:\WINDOWS\system32\AudioFileConvert.tlb
2008-03-30 20:08 . 2008-03-30 20:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-03-30 20:08 . 2008-04-06 13:43 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-03-30 20:08 . 2008-04-06 13:43 3 --a------ C:\WINDOWS\Twain001.Mtx
2008-03-30 20:08 . 2008-03-30 20:08 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-03-30 18:58 . 2008-03-30 18:58 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\gnutella1
2008-03-30 18:57 . 2008-03-30 18:57 5,403 --a------ C:\Documents and Settings\Amy\Application Data\gnutella1.zip
2008-03-30 03:01 . 2008-03-30 03:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-30 03:01 . 2008-03-30 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-29 22:55 . 2008-03-30 20:25 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\Roxio
2008-03-29 22:50 . 2008-04-06 13:46 256 --a------ C:\WINDOWS\system32\pool.bin
2008-03-29 22:48 . 2008-03-29 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-29 22:47 . 2008-03-29 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-29 22:42 . 2008-03-29 22:45 <DIR> d-------- C:\Program Files\Roxio
2008-03-29 22:42 . 2008-03-29 22:47 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-29 22:42 . 2008-03-29 22:44 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-29 22:42 . 2008-03-29 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-29 21:27 . 2008-03-30 19:07 <DIR> d-------- C:\Program Files\LimeWire
2008-03-29 12:59 . 2008-03-29 12:59 <DIR> d-------- C:\Documents and Settings\Amy\Incomplete
2008-03-29 12:59 . 2008-04-04 14:03 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\LimeWire
2008-03-29 11:37 . 2008-03-29 11:37 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\Research In Motion
2008-03-29 11:37 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-03-29 11:36 . 2008-03-29 22:27 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-03-29 11:36 . 2008-03-29 22:50 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\Blackberry Desktop
2008-03-25 08:45 . 2008-03-31 11:50 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\AVGTOOLBAR
2008-03-25 08:45 . 2008-04-06 14:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-25 08:45 . 2008-03-25 08:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-24 20:17 . 2008-04-06 09:00 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-03-24 20:17 . 2008-03-29 11:44 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\AVGTOOLBAR
2008-03-24 20:17 . 2008-03-24 20:17 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-03-24 20:17 . 2008-03-24 20:17 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-03-24 20:17 . 2008-03-24 20:17 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-03-24 20:17 . 2008-03-24 20:17 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-03-24 20:14 . 2008-03-24 20:14 <DIR> d-------- C:\Program Files\AVG
2008-03-24 20:14 . 2008-03-30 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-03-24 20:14 . 2008-03-24 20:14 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-03-24 20:14 . 2008-03-24 20:14 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-03-19 08:35 . 2008-03-19 08:35 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\vlc
2008-03-19 08:21 . 2008-03-19 08:21 <DIR> d-------- C:\Documents and Settings\Paul\LimeWire Store Purchased
2008-03-19 08:19 . 2008-03-19 08:19 <DIR> d-------- C:\Documents and Settings\Paul\Incomplete
2008-03-19 08:18 . 2008-04-04 13:07 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\LimeWire
2008-03-18 22:22 . 2008-03-18 22:22 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\vlc
2008-03-18 22:22 . 2008-03-18 22:23 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\MozillaControl
2008-03-18 14:07 . 2008-03-18 14:07 37 --a------ C:\WINDOWS\cdplayer.ini
2008-03-18 08:06 . 2008-03-18 08:06 <DIR> d-------- C:\Program Files\Safari
2008-03-08 17:57 . 2008-03-08 17:57 <DIR> d-------- C:\Program Files\WhiskeyMilitia
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 19:43 --------- d-----w C:\Program Files\SteepAndCheap
2008-04-02 20:48 --------- d-----w C:\Program Files\Java
2008-04-01 00:15 --------- d-----w C:\Program Files\Bonjour
2008-04-01 00:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 03:19 --------- d-----w C:\Documents and Settings\Amy\Application Data\BitTorrent
2008-03-31 01:46 --------- d-----w C:\Documents and Settings\Amy\Application Data\Apple Computer
2008-03-30 04:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-25 02:27 --------- d-----w C:\Program Files\Yahoo!
2008-03-25 02:26 --------- d-----w C:\Program Files\Microsoft Works
2008-03-19 14:13 --------- d-----w C:\Documents and Settings\Paul\Application Data\Apple Computer
2008-03-12 09:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-03 15:23 --------- d-----w C:\Documents and Settings\Paul\Application Data\Logitech
2008-02-28 02:27 --------- d-----w C:\Documents and Settings\Amy\Application Data\Costco Photo Viewer US
2008-02-28 01:42 --------- d-----w C:\Documents and Settings\Amy\Application Data\Logitech
2008-02-28 01:37 --------- d-----w C:\Program Files\iPod
2008-02-28 01:35 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-02-28 01:35 --------- d-----w C:\Program Files\Logitech
2008-02-28 01:34 --------- d-----w C:\Program Files\QuickTime
2008-02-28 01:34 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-19 23:30 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-19 23:30 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-02-15 23:50 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-02-15 23:38 --------- d-----w C:\Program Files\MagicISO
2008-02-13 00:40 --------- d-----w C:\Program Files\Hp
2008-02-13 00:37 --------- d-----w C:\Documents and Settings\Paul\Application Data\Yahoo!
2008-02-08 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-08 00:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-08 00:10 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-06 18:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-06 02:45 --------- d-----w C:\Documents and Settings\Amy\Application Data\OfficeUpdate12
2008-02-06 02:15 --------- d-----w C:\Program Files\MSBuild
2008-02-06 01:36 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-06 01:34 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-02-06 01:13 --------- d-----w C:\Documents and Settings\Amy\Application Data\Yahoo!
2008-02-06 00:57 --------- d-----w C:\Program Files\Common Files\Java
2008-02-06 00:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-03-29 08:52 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-03-29 08:52 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-03-29 08:52 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-02-27 19:35 20480]
"Tlkttmgq"="C:\WINDOWS\?ystem32\w?nword.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 22:00 315392]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 12:24 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 12:11 114688]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2003-03-17 12:52 1056768]
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [2002-07-14 13:50 11406]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 13:59 88107 C:\WINDOWS\AGRSMMSG.exe]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 01:01 155648]
"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 13:31 29696 C:\WINDOWS\KHALMNPR.Exe]
"iTunesHelper"="H:\Amy iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-03-29 08:53 1177368]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 08:56 236016]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-27 19:35:56 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-02-27 19:34:09 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqnoMF]
awtqnoMF.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"C:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"H:\\Amy iTunes\\iTunes.exe"=
"H:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-03-24 20:17]
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 14:27]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-03-24 20:17]
R1 wdf010000;wdf010000;C:\WINDOWS\system32\drivers\wdf010000.sys [2008-03-30 20:48]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-03-24 20:17]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-03-24 20:17]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-03-24 20:17]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-24 20:14]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-24 20:14]
S3 BioNT_BS;BioNT_BS;H:\Program Files\Paragon Software\Partition Manager 8.5 Professional\bluescrn\BioNT_bs.sys [2007-03-07 13:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56b55539-fa13-11dc-8c49-001060a5b440}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 13:01:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 16:34:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
.
**************************************************************************
.
Completion time: 2008-04-06 16:37:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 22:37:13
Pre-Run: 69,812,158,464 bytes free
Post-Run: 70,715,527,168 bytes free
.
2008-03-30 09:01:20 --- E O F ---
Full Version: Many Popups Of Various Different Sites
Hello amyb and welcome to BC 
Here at BC ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.
If needed, we will direct you to our HJT Preparation Guide.
Thank you for using BleepingComputer as your malware removal source.
This topic is now closed.
The BC Staff
Here at BC ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.
If needed, we will direct you to our HJT Preparation Guide.
Thank you for using BleepingComputer as your malware removal source.
This topic is now closed.
The BC Staff
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.