Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Popups Wont Go Away


  • Please log in to reply
4 replies to this topic

#1 TheShawn

TheShawn

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 30 November 2007 - 08:20 PM

I have Avast. Scanned and deleted any virus that was detected in both normal and safe mode. Scanned and deleted any spyware with adaware in normal and safe mode and compared hijack this logs with other similar logs to get rid of the plscd virus that I was plagued with but I'm still getting popups. I cant figure this out.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:14 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HiJackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: iReboot 1.0.0.lnk = C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194460864421
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4611 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:19 AM

Posted 30 November 2007 - 11:33 PM

Hello TheShawn,

Welcome to Bleeping Computer :thumbsup:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 TheShawn

TheShawn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 01 December 2007 - 06:12 PM

ComboFix 07-12-02.4 - Shawn 2007-12-01 17:55:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.669 [GMT -5:00]
Running from: C:\Documents and Settings\Shawn\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Temporary
C:\WINDOWS\system32\dmyriken.dll
C:\WINDOWS\system32\dohgvpfj.dll
C:\WINDOWS\system32\ejqfbxbg.dll
C:\WINDOWS\system32\gebxuvs.dll
C:\WINDOWS\system32\kxvjysws.dll
C:\WINDOWS\system32\ldfekice.dll
C:\WINDOWS\system32\noaguruy.dll
C:\WINDOWS\system32\obcqnrby.dll
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\onnmp.ini2
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\swrysogj.dll
C:\WINDOWS\system32\vhffqicd.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-11-28 22:31 . 2007-11-28 22:33 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\fretsonfire
2007-11-28 17:18 . 2007-11-28 17:18 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-28 17:18 . 2007-11-28 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-28 17:17 . 2007-11-28 17:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 20:34 . 2007-11-27 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-27 17:01 . 2007-11-27 17:01 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-21 15:48 . 2007-11-21 15:48 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-20 22:05 . 2007-11-20 22:05 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-11-20 22:03 . 2007-11-20 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-11-20 21:43 . 2007-11-20 21:43 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\Nero
2007-11-20 21:39 . 2007-11-20 21:39 <DIR> d-------- C:\Program Files\Nero
2007-11-20 21:39 . 2007-11-20 21:40 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-20 21:39 . 2007-11-20 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-20 21:24 . 2007-11-20 21:24 <DIR> d-------- C:\Program Files\MagicISO
2007-11-20 20:19 . 2007-11-29 18:17 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-20 19:07 . 2007-11-20 19:07 <DIR> d-------- C:\Program Files\PowerISO
2007-11-19 23:31 . 2004-08-04 07:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-11-19 23:30 . 2001-08-17 14:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-11-19 23:30 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2007-11-18 13:46 . 2007-11-18 13:46 <DIR> d-------- C:\Program Files\7-Zip
2007-11-11 01:30 . 2007-11-11 01:45 <DIR> d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2007-11-10 20:33 . 2007-11-10 20:33 <DIR> d-------- C:\Program Files\NeoSmart Technologies
2007-11-08 23:44 . 2007-11-08 23:31 355 -rahs---- C:\Boot.ini.saved
2007-11-08 23:31 . 2006-11-02 04:53 438,840 -rahs---- C:\bootmgr
2007-11-08 23:31 . 2007-11-08 23:31 355 ---h----- C:\Boot.BAK
2007-11-08 21:21 . 2007-03-17 06:41 171,136 -rahs---- C:\grldr
2007-11-08 19:52 . 2007-11-08 19:52 <DIR> d-------- C:\Program Files\Symantec
2007-11-08 19:14 . 2007-11-08 19:14 <DIR> d-------- C:\WINDOWS\Sun
2007-11-08 19:14 . 2007-11-08 19:14 <DIR> d-------- C:\Program Files\Java
2007-11-08 19:14 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-08 19:13 . 2007-11-08 19:13 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-08 19:04 . 2007-11-05 07:54 3,564,584 --a------ C:\WINDOWS\procexp.exe
2007-11-08 18:42 . 2007-11-08 18:42 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-08 17:46 . 2007-11-08 17:46 <DIR> d-------- C:\Program Files\uTorrent
2007-11-08 17:46 . 2007-11-28 17:38 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\uTorrent
2007-11-08 17:42 . 2007-11-08 17:42 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-08 17:40 . 2007-11-15 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-08 17:39 . 2007-11-08 17:39 <DIR> dr-h----- C:\MSOCache
2007-11-08 17:32 . 2007-11-08 17:32 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-08 17:31 . 2007-11-08 17:31 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-08 17:22 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-08 17:22 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-07 15:25 . 2007-11-07 15:25 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2007-11-07 15:24 . 2007-11-07 15:24 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-07 15:24 . 2007-11-07 15:24 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2007-11-07 15:24 . 2007-08-21 01:13 21,760 --a------ C:\WINDOWS\system32\drivers\point32.sys
2007-11-07 14:38 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-07 14:24 . 2007-12-02 17:59 16,820 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-00000009-00001102-00000002-80271102}.rfx
2007-11-07 14:24 . 2007-12-02 17:59 16,820 --a------ C:\WINDOWS\system32\BMXState-{00000000-00000000-00000009-00001102-00000002-80271102}.rfx
2007-11-07 14:24 . 2007-12-02 17:59 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2007-11-07 14:24 . 2007-12-02 17:59 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2007-11-07 14:24 . 2007-12-02 17:59 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80271102}.dat
2007-11-07 14:24 . 2007-12-02 17:59 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-00000009-00001102-00000002-80271102}.dat
2007-11-07 14:24 . 2007-11-07 14:24 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-07 14:24 . 2007-11-07 14:24 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2007-11-07 14:23 . 2007-11-07 14:23 <DIR> d-------- C:\Program Files\MSBuild
2007-11-07 14:20 . 2007-11-07 14:20 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-07 14:20 . 2007-11-07 14:20 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-11-07 14:19 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-11-07 14:15 . 2007-11-07 14:15 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-07 14:14 . 2007-11-07 14:14 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-07 14:14 . 2007-11-07 14:14 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-07 14:06 . 2007-11-07 14:07 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-11-07 14:02 . 2006-11-13 01:02 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-11-07 14:02 . 2006-11-13 01:02 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-11-07 14:02 . 2006-11-13 01:02 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-09 00:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-07 18:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 18:48 --------- d-----w C:\Program Files\Creative
2007-11-07 18:21 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-07 18:10 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-04 22:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
iReboot 1.0.0.lnk - C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe [2007-07-26 05:51:12]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 15:35 202024 --a------ C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DRam prosessor]
plscd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 18:02:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 18:03:49 - machine was rebooted
.
--- E O F ---









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:13 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: iReboot 1.0.0.lnk = C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194460864421
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4807 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:19 AM

Posted 01 December 2007 - 06:34 PM

Hello,

Can you tell me how it's running please? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 TheShawn

TheShawn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 01 December 2007 - 06:52 PM

After running the scan and posting the logs everything seemed to be ironed out. It looks like that got rid of the popups. Thank you very much.

Edited by TheShawn, 01 December 2007 - 06:53 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users