Pop Ups/ antivurs 360.

View previous topic View next topic Go down

Pop Ups/ antivurs 360.

Post by irideabike on Sun Mar 01, 2009 6:59 am

Hi this is my first time here and have never really tried to get my computer fixed. A while ago i had the win32.zafi.b malware and had it fixed. Now i have alot of random pop-ups, some times it opens win groups of 5. On msconfig i have the following on my startup: fijiveni, niwaluyu, nvcpl, mohasobi. These are the ones i believe to be causing them. I have not too much of a computer person but can follow directions just fine. Here is my hi-jack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:00 PM, on 2/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\lvhidsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Max Power!\Desktop\hijackgpthis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {215c392b-2072-46ed-9e69-a251b7b93074} - C:\WINDOWS\system32\kukolare.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: {4a59bba6-e13e-7b89-7c44-db810905803c} - {c3085090-18bd-44c7-98b7-e31e6abb95a4} - C:\WINDOWS\system32\bnyjmb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [netozarigo] Rundll32.exe "C:\WINDOWS\system32\fijiveni.dll",s
O4 - HKLM\..\Run: [CPMa72f152a] Rundll32.exe "c:\windows\system32\niwaluyu.dll",a
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [netozarigo] Rundll32.exe "C:\WINDOWS\system32\fijiveni.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AIM Search - [You must be registered and logged in to see this link.] Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\veketaha.dll bnyjmb.dll c:\windows\system32\niwaluyu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\niwaluyu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\niwaluyu.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\System32\lvhidsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

irideabike
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-01-10
OS OS : windows xp
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by Belahzur on Sun Mar 01, 2009 2:13 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
    O2 - BHO: (no name) - {215c392b-2072-46ed-9e69-a251b7b93074} - C:\WINDOWS\system32\kukolare.dll
    O2 - BHO: {4a59bba6-e13e-7b89-7c44-db810905803c} - {c3085090-18bd-44c7-98b7-e31e6abb95a4} - C:\WINDOWS\system32\bnyjmb.dll
    O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no file)
    O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
    O4 - HKLM\..\Run: [netozarigo] Rundll32.exe "C:\WINDOWS\system32\fijiveni.dll",s
    O4 - HKLM\..\Run: [CPMa72f152a] Rundll32.exe "c:\windows\system32\niwaluyu.dll",a
    O20 - AppInit_DLLs: C:\WINDOWS\system32\veketaha.dll bnyjmb.dll c:\windows\system32\niwaluyu.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\niwaluyu.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\niwaluyu.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by irideabike on Tue Mar 03, 2009 2:31 am

I couldnt find some of the files...but i saw that it still had the same type of name..so i deleted those. an example would be

"O20 - AppInit_DLLs: C:\WINDOWS\system32\veketaha.dll bnyjmb.dll c:\windows\system32\niwaluyu.dll" instead of niwaluyu.dll it had lipemeye.dll

and heres the malwarebytes log.

Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 3

3/2/2009 1:18:05 PM
mbam-log-2009-03-02 (13-18-05).txt

Scan type: Quick Scan
Objects scanned: 73055
Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 17
Registry Values Infected: 5
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\seretisa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\veketaha.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kukolare.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fijiveni.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\lipemeye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zkbzmn.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a10e2d3-3e41-4a50-b7cb-77c2ddfed555} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3a10e2d3-3e41-4a50-b7cb-77c2ddfed555} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{215c392b-2072-46ed-9e69-a251b7b93074} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{215c392b-2072-46ed-9e69-a251b7b93074} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{215c392b-2072-46ed-9e69-a251b7b93074} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3a10e2d3-3e41-4a50-b7cb-77c2ddfed555} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a41c26b6 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netozarigo (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpma72f152a (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\veketaha.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\veketaha.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\veketaha.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\lipemeye.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\lipemeye.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\zkbzmn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mohasobi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ibosahom.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seretisa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\asiteres.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fijiveni.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\lipemeye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kukolare.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\veketaha.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fefiyiri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max Power!\Local Settings\Temporary Internet Files\Content.IE5\NNM8GUVJ\yftelc[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\niwaluyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\madubiha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\diwunawo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\USB Installer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

irideabike
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-01-10
OS OS : windows xp
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by Belahzur on Tue Mar 03, 2009 5:57 pm

Lets see what's left.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by irideabike on Thu Mar 05, 2009 3:37 am

THanks for your help! ITs much appreciated!


DDS (Ver_09-02-01.01) - NTFSx86
Run by Max Power! at 19:31:51.69 on Wed 03/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.44 [GMT -8:00]

AV: AVG 7.5.552 *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\lvhidsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Max Power!\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearchURL = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {33363249-0000-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {33564D57-0000-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\maxpow~1\applic~1\mozilla\firefox\profiles\323pgt09.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmeadax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2008-4-10 821856]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2009-1-10 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2008-4-10 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2008-4-10 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2008-4-10 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2008-4-10 4960]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [1998-11-27 6144]
R3 USBFVNETR;NETGEAR MA101 USB Adapter;c:\windows\system32\drivers\ma101rnd.sys [2004-6-17 80000]
S3 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-8-27 574808]

=============== Created Last 30 ================

2009-03-02 13:03 --d----- c:\docume~1\maxpow~1\applic~1\Malwarebytes
2009-03-02 13:03 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-02 13:03 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-02 13:03 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-02 13:03 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-28 18:51 143,360 a--sh--- c:\windows\system32\bnyjmb.dll
2009-02-28 03:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-28 03:41 1,409 a------- c:\windows\QTFont.for
2009-02-28 03:29 1,665,505 ---sh--- c:\windows\system32\ilafijaz.ini
2009-02-28 03:29 144,384 a--sh--- c:\windows\system32\qoxujf.dll
2009-02-21 15:14 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-02-28 18:51 143,360 a--sh--- c:\windows\system32\delidubu.dll
2008-12-20 15:15 826,368 a------- c:\windows\system32\wininet.dll
2006-11-13 00:04 79,328 ac------ c:\documents and settings\max power!\mqdmserd.sys
2006-11-13 00:04 5,936 ac------ c:\documents and settings\max power!\mqdmwhnt.sys
2006-11-13 00:04 92,064 ac------ c:\documents and settings\max power!\mqdmmdm.sys
2006-11-13 00:04 66,656 ac------ c:\documents and settings\max power!\mqdmbus.sys
2006-11-13 00:04 25,600 ac------ c:\documents and settings\max power!\usbsermptxp.sys
2006-11-13 00:04 22,768 ac------ c:\documents and settings\max power!\usbsermpt.sys
2006-11-13 00:04 9,232 ac------ c:\documents and settings\max power!\mqdmmdfl.sys
2006-11-13 00:04 6,208 ac------ c:\documents and settings\max power!\mqdmcmnt.sys
2006-11-13 00:04 4,048 ac------ c:\documents and settings\max power!\mqdmcr.sys
2004-08-07 07:12 2,014 ac------ c:\documents and settings\max power!\memtest32.sys
2002-10-07 14:16 39,552 -c------ c:\windows\inf\ser2pl.sys
2000-06-08 03:00 41,520 -c------ c:\windows\inf\CCPORT.SYS
2000-06-08 03:00 22,208 -c------ c:\windows\inf\usbser.sys

============= FINISH: 19:32:41.78 ===============
Thank You!

irideabike
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-01-10
OS OS : windows xp
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by Belahzur on Thu Mar 05, 2009 9:26 am

Hello.
DDS says your AVG is disabled and outdated. You can't stay safe if your AV protection isn't switched on and updated.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\system32\bnyjmb.dll
    c:\windows\system32\ilafijaz.ini
    c:\windows\system32\qoxujf.dll
    c:\windows\system32\delidubu.dll


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by irideabike on Fri Mar 06, 2009 7:27 pm

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03062009_112458

IT didn't ask if i wanted to restart the computer either. The AVG AV that I have has a resident shield and was not installed. Are there any safe sites i can download them from? Thank You!


Last edited by irideabike on Fri Mar 06, 2009 7:36 pm; edited 1 time in total

irideabike
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-01-10
OS OS : windows xp
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by Belahzur on Fri Mar 06, 2009 7:36 pm

We'll install Avira soon.
OTMoveIt couldn't move the files because you left this out from the script:
:files

This tells OTMoveIt what to do, so have :files as the top line on top of the listed files.
Post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by irideabike on Fri Mar 06, 2009 7:39 pm

LOl...thanks. Just thought that you meant :files as in these files. Thanks for the quick replay as well.

========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\bnyjmb.dll
c:\windows\system32\bnyjmb.dll NOT unregistered.
c:\windows\system32\bnyjmb.dll moved successfully.
c:\windows\system32\ilafijaz.ini moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\qoxujf.dll
c:\windows\system32\qoxujf.dll NOT unregistered.
c:\windows\system32\qoxujf.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\delidubu.dll
c:\windows\system32\delidubu.dll NOT unregistered.
c:\windows\system32\delidubu.dll moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03062009_113814

irideabike
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-01-10
OS OS : windows xp
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by Belahzur on Fri Mar 06, 2009 7:41 pm

That's better.
Okay, lets get an installed items list.

  • Open HijackThis
  • Click "Open the Misc Tools section"
  • Click "Open Uninstall Manager"
  • Click "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by irideabike on Fri Mar 06, 2009 7:52 pm

ABC (remove only)
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Acrobat 7.1.0 Professional
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 6.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.5
AIM 6
AOL Instant Messenger
Apex Video Converter Free 5.7
Apple Mobile Device Support
Apple Software Update
AudioCommander
AVG 7.5
BitPim 0.62-unofficial
Canon i860
Canon S300
CD-Text Reader
CloneDVD2
dBpowerAMP Mp4 Codec
dBpowerAMP Music Converter
dBpowerAMP WMA V9 Codec
DeadAIM
Direct Show Ogg Vorbis Filter (remove only)
Disc2Phone
DivX Player
DivX Pro Codec Adware
DVArchive V3.1
DVD Shrink 3.2
DVD to VCD Ripper 1.03
DVDFab Decrypter 3.0.3.5
DVDFab Platinum 2.9.6.0
EPSON Printer Software
EPSON Scan
FLV Player 2.0 (build 25)
Google Video Player
Graphing Calculator Viewer
GTK+ Runtime 2.10.13 rev a (remove only)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
InterActual Player
iTunes
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_14
Java 2 SDK, SE v1.4.2_14
Java(TM) 6 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Lavasoft VX2 Cleaner
Learn2 Player (Uninstall Only)
LifeView Suite
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
Moyea FLV Downloader version 1.16.0.17
Moyea FLV Player version 1.0.0.0
Mozilla Firefox (3.0.4)
MPEGTool
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 6 Ultra Edition
NVIDIA Drivers
Play Rabbab SV
PowerDVD
PowerISO
Quartz AudioMaster Freeware
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Senselang
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Ericsson PC Suite
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
Spyware-Cop v 10.0
Sun Download Manager 2.0 (web)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIA Rhine-Family Fast Ethernet Adapter
VLC media player 0.9.8a
WAVmaker III
WD Diagnostics
Winamp
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver

irideabike
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-01-10
OS OS : windows xp
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by Belahzur on Fri Mar 06, 2009 7:59 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

    Adobe Reader 7.0.5 <== see my note below
    AVG 7.5
    Java 2 Runtime Environment, SE v1.4.2_04
    Java 2 Runtime Environment, SE v1.4.2_14
    Java(TM) SE Runtime Environment 6 Update 1


Note: Adobe Reader 7.0.5 is old, please update to version 9.
Download and install version 9 from here:
[You must be registered and logged in to see this link.]

Now install Avira

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

And last, you have Firefox 3.0.4 installed, please update to 3.0.7.
Downloadalbe here:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by irideabike on Fri Mar 06, 2009 8:56 pm

I've updated firefox and adobe reader, deleted Adobe Reader 7.0.5,
AVG 7.5 and Java(TM) SE Runtime Environment 6 Update 1

but these two had trouble with and i've tried deleting it through safe mode. I think i might have deleted them manually a while ago.

Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_14

irideabike
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-01-10
OS OS : windows xp
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by Belahzur on Fri Mar 06, 2009 9:00 pm

Okay, download JavaRa and it will remove the files that are from the old versions.

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa. (If you are running Vista, you will need to right click JavaRa > select "Run as administrator")
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed, but I don't need that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by irideabike on Sat Mar 07, 2009 1:21 am

I am going through the detection processes with Avira. I should quarantine or delete the items that are popping up? Also I've been having these problems where my computer would freeze intermittently. Would the viruses or malaware cause that?

irideabike
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-01-10
OS OS : windows xp
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop Ups/ antivurs 360.

Post by Belahzur on Sat Mar 07, 2009 2:27 am

It could do.
There are many reasons for a machine to freeze. Hard to tell until we kick the malware out.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum