Although my computer is MUCH better since the Anti-Malware scans I still get these annoying popups.
Two different kinds: one says "Your computer is slow" etc, and wants to scan it. Even if I close the popup it wants to download a file named installer_70018.exe from //onlinescanweb.com]http. The other popup says Alert! You have a security problem etc. I´m a pacifist, really, with 2 kids and a wife, but if I happened 2 meet someone who´s behind this, I´d have a looong sentence to look forward to.
Very very very grateful for all and any help. Truly.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Administratâ€r at 21:12:59,74 on 2009-02-23
Internet Explorer: 6.0.2600.0000
Microsoft Windows XP Professional 5.1.2600.0.1252.46.1053.18.239.49 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\userinit.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program\Analog Devices\SoundMAX\PmProxy.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program\Opera\Opera.exe
C:\Documents and Settings\Administratör\Skrivbord\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.se/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 192.168.2.2:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre1.6.0_07\bin\ssv.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
mRun: [000StTHK] 000StTHK.exe
mRun: [WG511WLU] c:\program\netgear\wg511\utility\WG511WLU.exe -hide
mRun: [PmProxy] c:\program\analog devices\soundmax\PmProxy.exe
mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime
mRun: [LTSMMSG] LTSMMSG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [IETI] c:\program\skype\phone\ieplugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program\java\jre1.6.0_07\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: tv4anytime.se\.www
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38017.1101967593
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553535000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program\delade filer\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
LSA: Authentication Packages = msv1_0 nwprovau
============= SERVICES / DRIVERS ===============
R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2007-3-11 14848]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2007-3-11 40000]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2004-10-8 16194]
R3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:\windows\system32\drivers\WG511ICB.sys [2004-10-8 390016]
S2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler;c:\program\antivir personaledition classic\sched.exe [2007-3-11 57896]
S2 AntiVirService;AntiVir PersonalEdition Classic Guard;c:\program\antivir personaledition classic\avguard.exe [2007-3-11 204840]
S3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2006-10-21 45760]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2007-11-10 31872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program\spyware doctor\pctsAuxs.exe [2009-2-23 356920]
S3 sdCoreService;PC Tools Security Service;c:\program\spyware doctor\pctsSvc.exe [2009-2-23 1079176]
S3 USBVSP;USBVSP;c:\windows\system32\drivers\usbvsp.sys --> c:\windows\system32\drivers\Usbvsp.sys [?]
=============== Created Last 30 ================
2009-02-23 19:13 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-23 19:13 1,409 a------- c:\windows\QTFont.for
2009-02-23 17:51 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-02-23 17:50 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-23 17:50 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 17:50 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-02-23 17:50 <DIR> --d----- c:\program\Malwarebytes' Anti-Malware
2009-02-23 13:47 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-23 13:47 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-23 13:47 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-23 13:47 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-23 13:47 <DIR> --d----- c:\program\Spyware Doctor
2009-02-23 13:47 <DIR> --d----- c:\docume~1\admini~1\applic~1\PC Tools
==================== Find3M ====================
2009-02-23 18:04 4,456,448 a------- c:\documents and settings\administratör\ntuser.dat
2009-02-23 13:32 54,784 a------- c:\windows\system32\userinit.exe
2008-01-05 19:55 24,360 ac------ c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
2003-12-26 05:12 2,815 ac------ c:\program\INSTALL.LOG
============= FINISH: 21:13:22,60 ===============
Attached Files
Edited by KoanYorel, 23 February 2009 - 05:45 PM.
Dangerous URL edited.