[ckim]

Hi,

As son as I open the internet, a lot of pop up windows comes up.
Please help!

Here is log files

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-23 12:09:14
PROTECTIONS: 0
MALWARE: 26
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00001888 adware/dyfuca Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer
00018457 adware/purityscan Adware No 0 Yes No c:\documents and settings\lupe diaz\local settings\temp\!update.exe
00034463 adware/wupd Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540013}
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\clsid\{205ff73b-ca67-11d5-99dd-444553540013}
00045952 spyware/media-motor Spyware No 1 Yes No hkey_local_machine\software\mm
00047660 adware/sqwire Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\tsa
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.036\FILE0060.CHK
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.041\FILE0001.CHK
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.036\FILE0067.CHK
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.025\FILE0001.CHK
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.024\FILE0006.CHK
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.042\FILE0000.CHK
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\FOUND.023\FILE0007.CHK
00204405 adware/searchresults Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\protocols\filter\text/html\CLSID\{3551784B-E99A-474f-B782-3EC814442918}
00213030 application/regclean32 HackTools No 0 Yes No c:\documents and settings\lupe diaz\application data\registry cleaner
00213030 application/regclean32 HackTools No 0 Yes No c:\program files\registry cleaner trial
00213030 application/regclean32 HackTools No 0 Yes No hkey_local_machine\software\registry cleaner
00217379 adware/dollarrevenue Adware No 0 No No c:\windows\drsmartload.dat
00217379 adware/dollarrevenue Adware No 0 No No hkey_local_machine\software\microsoft\drsmartload
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\controlset001\enum\root\legacy_network_monitor
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\controlset001\enum\root\legacy_cmdservice
00241963 adware/fchelp Adware No 0 Yes No hkey_current_user\software\fcman
01299001 Trj/Mailbot.DT Virus/Trojan No 1 Yes No C:\WINDOWS\SYSTEM32\Clearer.exe
01299001 Trj/Mailbot.DT Virus/Trojan No 1 Yes No C:\WINDOWS\Clearer.exe
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\YWHOXLBM.DLL
02893538 Adware/PurityScan Adware Yes 1 Yes No C:\DOCUMENTS AND SETTINGS\LUPE DIAZ\LOCAL SETTINGS\TEMP\!UPDATE.EXE
02893538 Adware/PurityScan Adware Yes 1 Yes No C:\DOCUMENTS AND SETTINGS\LUPE DIAZ\APPLICATION DATA\SУSTEM\NOTEPAD.EXE
02903391 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\DIDUNIKO.DLL
02903391 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\RKFGVYKM.DLL
02903391 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\NCETMAXV.DLL
02903391 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\AINOMIRG.DLL
02903391 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\TTRYASCO.DLL
02905020 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\WXRAATXC.DLL
02905027 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\ORRQKGDR.DLL
02906745 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\XLBKHDGX.DLL
02907724 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\BEHAMKEA.DLL
02909334 Rootkit/Agent.IKR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\DRIVERS\ASCC.SYS
02927671 Adware/TTC Adware No 0 Yes No C:\WINDOWS\POTA777444.exe
02927675 Adware/TTC Adware No 0 No No C:\WINDOWS\POTA777444.exe[TTC.dll]
02942076 Adware/PurityScan Adware Yes 1 Yes No C:\DOCUMENTS AND SETTINGS\LUPE DIAZ\APPLICATION DATA\ADOBE\WΥAUBOOT.EXE
02980234 Adware/Zenosearch Adware No 0 Yes No C:\WINDOWS\SYSTEM32\MCNTPSDM.EXE
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location mX

3i
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description mX

3i
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:44 PM, on 5/23/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Lupe Diaz\Application Data\Adobe\w?auboot.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\DOCUME~1\LUPEDI~1\APPLIC~1\SSTEM~1\notepad.exe
F:\Spyware Removal Tools\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0dd98dcc-3396-44a7-9292-e539d12b315d} - C:\WINDOWS\System32\pnadwgj.dll (file missing)
O2 - BHO: (no name) - {4F7D0787-6772-4195-B404-98478689B260} - (no file)
O2 - BHO: {b1df8cbd-d159-86eb-d124-b42746a12136} - {63121a64-724b-421d-be68-951ddbc8fd1b} - C:\WINDOWS\System32\hiyhcpci.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: (no name) - {BB94C508-1180-5CD9-68B3-7C191A37686F} - C:\WINDOWS\Ajxrycaj.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search - {A922F01A-8F81-E9EB-7C22-1B505071DF0C} - C:\WINDOWS\Ajxrycaj.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKCU\..\Run: [Ussimhnd] "C:\Documents and Settings\Lupe Diaz\Application Data\Adobe\w?auboot.exe"
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\LUPEDI~1\APPLIC~1\SSTEM~1\notepad.exe" -vt ndrv
O4 - HKCU\..\Policies\Explorer\Run: [osupsh] C:\WINDOWS\System32\osupsh.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\GetFlash.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farme...ctiveX/smsx.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://ml.sitexdata....ult/arview2.cab
O18 - Filter hijack: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
O20 - AppInit_DLLs: ?A?C C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: hggfccd - hggfccd.dll (file missing)
O20 - Winlogon Notify: wygsnnac - wygsnnac.dll (file missing)
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Access Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 5996 bytes

[Advertisements]

Don't make multiple topics

You are already being helped

[Rorschach112]

Don't make multiple topics

You are already being helped