# Solved: Windows Security Alert pop ups



## pantera_team_a (Aug 30, 2007)

hey guys I'm new to using hijackthis but after some searching i found out it would be good to use for this situation. I keep having recurring popups titled "Windows Security Alert" and "Spyware Alert" they seem to pop up almost every minute. When i try to close them or hit "No" when they ask me to download their software, they automatically redirect me to a web site (luckily i have the network unplugged so it cant download anything silently...)

I'm hoping you guys could help me out with discovering where the problem is... ive used msconfig to turn off anything i could find and ive run 2 antivirus programs (avast and trendmicro) and Spybot S&D and Ad-Aware... Ive also tried to turn off almost all processes in Task Manager while the system was running just to see if it would stop but i havent found out which process does it.

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:43 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {208D7BCC-9857-4C9E-823B-D04E72490A67} - C:\WINDOWS\mxduo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} (lgbplay Class) - https://video.manheim.com/lib/LiveSound.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O21 - SSODL: wmphost - {4A6E8D0E-488A-4477-B5B1-FA23F12F317E} - C:\WINDOWS\wmphost.dll
O21 - SSODL: wmpdev - {B5A2261E-48ED-4145-8FCE-46A012EC8989} - C:\WINDOWS\wmpdev.dll
O22 - SharedTaskScheduler: coronally - {1b17f1db-790e-4d42-8e0c-d4d19123ee5b} - C:\WINDOWS\system32\xnvaogd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5102 bytes

Hope you can help and thanks a million in advance

Paul


----------



## MFDnNC (Sep 7, 2004)

Do all of this

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download *SmitfraudFix* (by *S!Ri*)
Extract the content (a *folder* named *SmitfraudFix*) to your Desktop.

Next, please reboot your computer in *Safe Mode* by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the *SmitfraudFix* folder again and double-click *smitfraudfix.cmd*
Select option #2 - *Clean* by typing *2* and press "*Enter*" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing *Y* and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if *wininet.dll* is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing *Y* and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at *C:\rapport.txt*

Warning: running option #2 on a non infected computer will remove your Desktop background.

==============================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
·	It will ask if you want to update the program definitions, click Yes.
·	Under Configuration and Preferences, click the Preferences button.
·	Click the Scanning Control tab.
·	Under Scanner Options make sure the following are checked:
o	Close browsers before scanning
o	Scan for tracking cookies
o	Terminate memory threats before quarantining.
o	Please leave the others unchecked.
o	Click the Close button to leave the control center screen.
·	On the main screen, under Scan for Harmful Software click Scan your computer.
·	On the left check C:\Fixed Drive.
·	On the right, under Complete Scan, choose Perform Complete Scan.
·	Click Next to start the scan. Please be patient while it scans your computer.
·	After the scan is complete a summary box will appear. Click OK.
·	Make sure everything in the white box has a check next to it, then click Next.
·	It will quarantine what it found and if it asks if you want to reboot, click Yes.
·	To retrieve the removal information for me please do the following:
o	After reboot, double-click the SUPERAntispyware icon on your desktop.
o	Click Preferences. Click the Statistics/Logs tab.
o	Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o	It will open in your default text editor (such as Notepad/Wordpad).
o	Please highlight everything in the notepad, then right-click and choose copy.
·	Click close and close again to exit the program.
·	Please paste that information here for me regardless of what it finds *with a new HijackThis log*.

This will take some time!!!!!!!!


----------



## pantera_team_a (Aug 30, 2007)

Heres the smitfraud Log...

Hope it helps... (im on another computer BTW so i can keep reding here... but so far it hasnt poped up with those messages since i ran this tool... THANKS!!!!

SmitFraudFix v2.218

Scan done at 12:23:38.21, Sat 09/01/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="coronally"

[HKEY_CLASSES_ROOT\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
@="C:\WINDOWS\system32\xnvaogd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
@="C:\WINDOWS\system32\xnvaogd.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\main_uninstaller.exe Deleted
C:\WINDOWS\mxduo.dll Deleted
C:\WINDOWS\wmpdev.dll Deleted
C:\WINDOWS\wmphost.dll Deleted
C:\Program Files\VideoAccessCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2CD35D98-DC52-4F57-8312-AA5DF50F7683}: DhcpNameServer=24.226.10.193 24.226.1.93 24.226.10.194
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2CD35D98-DC52-4F57-8312-AA5DF50F7683}: DhcpNameServer=24.226.10.193 24.226.1.93 24.226.10.194
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2CD35D98-DC52-4F57-8312-AA5DF50F7683}: DhcpNameServer=24.226.10.193 24.226.1.93 24.226.10.194
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.226.10.193 24.226.1.93 24.226.10.194
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.226.10.193 24.226.1.93 24.226.10.194
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.226.10.193 24.226.1.93 24.226.10.194

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End


----------



## MFDnNC (Sep 7, 2004)

Do the Superantispyware part of my post


----------



## pantera_team_a (Aug 30, 2007)

sorry i didnt do the second part... ill have to do it tuesday... im gone for the weekend... but thx ahead of time... i will post all 3 logs together when im done...

paul


----------



## pantera_team_a (Aug 30, 2007)

here are all 3 logs together now after doing hijack this again....

1. Smitfraud

---------------------------------------------------------------------------------------------

SmitFraudFix v2.218

Scan done at 12:23:38.21, Sat 09/01/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="coronally"

[HKEY_CLASSES_ROOT\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
@="C:\WINDOWS\system32\xnvaogd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
@="C:\WINDOWS\system32\xnvaogd.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\main_uninstaller.exe Deleted
C:\WINDOWS\mxduo.dll Deleted
C:\WINDOWS\wmpdev.dll Deleted
C:\WINDOWS\wmphost.dll Deleted
C:\Program Files\VideoAccessCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2CD35D98-DC52-4F57-8312-AA5DF50F7683}: DhcpNameServer=24.226.10.193 24.226.1.93 24.226.10.194
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2CD35D98-DC52-4F57-8312-AA5DF50F7683}: DhcpNameServer=24.226.10.193 24.226.1.93 24.226.10.194
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2CD35D98-DC52-4F57-8312-AA5DF50F7683}: DhcpNameServer=24.226.10.193 24.226.1.93 24.226.10.194
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.226.10.193 24.226.1.93 24.226.10.194
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.226.10.193 24.226.1.93 24.226.10.194
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.226.10.193 24.226.1.93 24.226.10.194

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

-----------------------------------------------------------------------------------------------------

2. SUPER anti spyware

--------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/04/2007 at 01:11 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 01:05:45

Memory items scanned : 358
Memory threats detected : 0
Registry items scanned : 5080
Registry threats detected : 0
File items scanned : 60343
File threats detected : 348

Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][9].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][6].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected]www.worldgroups[1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][14].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][5].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][13].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][4].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][5].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][12].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected].marketbanker[1].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\[email protected][4].txt
C:\Documents and Settings\user\Cookies\[email protected][7].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt

----------------------------------------------------------------------------------------------------


----------



## pantera_team_a (Aug 30, 2007)

3. New hijack this log

----------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:49 PM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} (lgbplay Class) - https://video.manheim.com/lib/LiveSound.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4894 bytes

----------------------------------------------------------------------------------------------------

I hope this is all right.... so far the popups have stoped coming and the system seems to run nicely again... thanks again ahead of time for all the help and paciance... (im french so dont mind my spelling... lol) BTW... this is a customers computer so if something ugly comes up in the logs... dont ask me where he got it...

Paul


----------



## pantera_team_a (Aug 30, 2007)

after looking over the SAS log after posting it.... lol no wonder he's had so many problems... look at all the nasty stuff he goes to.... lol


----------



## MFDnNC (Sep 7, 2004)

Those 3rd party cookies does not mean necessarily they have been to those sites

IE - Block Third party cookies
1. Click on the Tools button on the Internet Explorer tool bar.
2. Highlight and click on Internet options at the bottom of the Tools menu. 
3. Select the Privacy Tab of the Internet Options menu.
4. Select the Advanced... button at the bottom of the screen. 
5. Select override automatic cookie handling button.
6. To block third party cookies select block under "Third-party cookies".
7. Select "always allow session cookies".
8. Click on the OK button at the bottom of the screen.

Clean








If you feel its is fixed mark it solved via Thread Tools above

Clear restore points  heres how

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

This clears infected restore points and sets a new, clean one.


----------



## pantera_team_a (Aug 30, 2007)

MFDnNC You are a god my friend.... i thank you very much... another happy customer thanks to your expertise

paul


----------

