 |  |  |  |  |  |  |  |
popups in firefox
Thread Solved |
•
•
Join Date: Jul 2008
Posts: 2,934
Reputation: 
Solved Threads: 167
Were these pop-ups in Firefox? I still don't know why "C" drive is not being scanned. The latest MBA-M scan shows that "D" drive was scanned, not "C" even though you told it to scan "C" drive.
Can you tell me, what is on "C" drive? Firefox clearly showed it was running from "C" drive.
Can you tell me, what is on "C" drive? Firefox clearly showed it was running from "C" drive.
•
•
Join Date: Nov 2008
Posts: 82
Reputation:
Solved Threads: 0
Junior Poster in Training
the C drive is scan i watched it i think its all clear from c drive its just that the same vundo trojan keeps coming back.
anyways yesterday i tried superantispysweeper it found many trojans mostly vundo. after whcih i ran MBA-M it found nothing.
i think it could be because of registry and this software detected at least 14 errors from registry
anyways yesterday i tried superantispysweeper it found many trojans mostly vundo. after whcih i ran MBA-M it found nothing.
i think it could be because of registry and this software detected at least 14 errors from registry
•
•
Join Date: Jul 2008
Posts: 2,934
Reputation:
Solved Threads: 167
•
•
•
•
Originally Posted by jazzyjaj 
i think it could be because of registry and this software detected at least 14 errors from registry
Really sounds to me like a rootkit is on there but since you say your computer is now totally clean since running superantispysweeper.
You will need to run a new HJT scan and post that log so we can complete the fixes in there before downloading the new Firefox version but go ahead and completely uninstall Firefox. It is running from "C" drive so you are going to have to go in there and uninstall it.
You never answered, exactly what IS on "C" drive other than Firefox?
Last edited by jholland1964; Nov 12th, 2008 at 12:39 am.
•
•
Join Date: Nov 2008
Posts: 82
Reputation:
Solved Threads: 0
Junior Poster in Training
Onmy C drive i have movies, music videos and counter strike.
I used to have na OS before like one year ago but now i deleted it but still have the Documnets and settings folder.
I used to have na OS before like one year ago but now i deleted it but still have the Documnets and settings folder.
•
•
Join Date: Nov 2008
Posts: 82
Reputation:
Solved Threads: 0
Junior Poster in Training
here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:05, on 2008-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\McAfee.com\Agent\mcagent.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
d:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {49DC26F5-43C2-4312-B885-AE9080736D93} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6A044BCA-7D52-4619-B36C-96FD0A436DD7} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A957451F-324E-472A-BE5C-B8B8E68EDA5A} - (no file)
O2 - BHO: (no name) - {EE528997-7B75-45EA-AB8A-0298C5D3F04D} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [e0ff4138] rundll32.exe "D:\WINDOWS\system32\mqqcncgr.dll",b
O8 - Extra context menu item: &Download all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4353 bytes
since running the spysweeper i have this problem whenever i start it says this is missing mqqcncgr.dll. I think it was removed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:05, on 2008-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\McAfee.com\Agent\mcagent.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
d:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {49DC26F5-43C2-4312-B885-AE9080736D93} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6A044BCA-7D52-4619-B36C-96FD0A436DD7} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A957451F-324E-472A-BE5C-B8B8E68EDA5A} - (no file)
O2 - BHO: (no name) - {EE528997-7B75-45EA-AB8A-0298C5D3F04D} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [e0ff4138] rundll32.exe "D:\WINDOWS\system32\mqqcncgr.dll",b
O8 - Extra context menu item: &Download all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4353 bytes
since running the spysweeper i have this problem whenever i start it says this is missing mqqcncgr.dll. I think it was removed.
•
•
Join Date: Jul 2008
Posts: 2,934
Reputation:
Solved Threads: 167
•
•
•
•
Originally Posted by jazzyjaj
Onmy C drive i have movies, music videos and counter strike.
I used to have na OS before like one year ago but now i deleted it but still have the Documnets and settings folder.
•
•
Join Date: Nov 2008
Posts: 82
Reputation:
Solved Threads: 0
Junior Poster in Training
i deleted the windows folder and edited the boot.ini.
Which antivirus,firewall, and spyware should i use combination or all in one.
Which antivirus,firewall, and spyware should i use combination or all in one.
•
•
Join Date: Nov 2008
Posts: 82
Reputation:
Solved Threads: 0
Junior Poster in Training
dude do you think we can mark this as solved
 |
Similar Threads
- spyware problem, popups (Viruses, Spyware and other Nasties)
- popups in Firefox, IE (w/l2mfix, hjt logs) (Viruses, Spyware and other Nasties)
- Help!!! IE Popups in Firefox (Viruses, Spyware and other Nasties)
- Desktop Popups (AHH!) and CWS Infection (Related problems?) (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: hijack this log please help
- Next Thread: Trojan Virus
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercials conficker connect control crosssitescripting cyber cyberwarfare ddos domains e-mafia education email europe exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday
