Content Top
DAL Computer Help » Internet Issues Including Security » Spyware, Adware, Viruses and HijackThis Logs » Popups(RESOLVED)

Popups(RESOLVED)

HEY! You're not logged in which is fine if you simply want to browse for answers, however if you want to post your own Questions and hangout here you need to Register! ...Registration takes 2 minutes and is completely free. If you have already registered simply log in using the form to the right.

Reply
Page 1 of 3 1 23 >
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
Old 13-07-2006, 06:10 PM   #1 (permalink)
D-A-L Newbie
 
Status: Newbie
Join Date: Jun 2006
Posts: 13
 amercm120 Is a beginner here at D-A-L



amercm120 is offline  
Popups(RESOLVED)
Hello, I recently posted a HJT log on your website and I just got around to following your instructions. Here is a HJT log after I did everything. Thank you for all of your help.


Logfile of HijackThis v1.99.1
Scan saved at 12:52:38 PM, on 7/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Support.com\bin\jobcheck.exe
C:\Program Files\Support.com\bin\tgshell.exe
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [web ace] C:\DOCUME~1\Clayton\APPLIC~1\LIESAX~1\Gpl grid bleh.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1151631907229
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://aerial.leepa.org/ecwplugins/ncs.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Last edited by amercm120; 13-07-2006 at 09:03 PM.


Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote

Advertisement - Register to remove Ads its free!

Old 13-07-2006, 06:12 PM   #2 (permalink)
D-A-L Newbie
 
Status: Newbie
Join Date: Jun 2006
Posts: 13
 amercm120 Is a beginner here at D-A-L



amercm120 is offline  
Re: Popups
Here is the link to my previous thread: Constant Pop-ups


Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 14-07-2006, 01:44 AM   #3 (permalink)
 
Neal's Avatar
 
Status: Senior Member
Join Date: Sep 2005
Posts: 5,016
 Neal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furniture



Neal is offline  
Re: Popups
I need to see an Ewido scan log please as requested by VOPTHIS
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.



Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 15-07-2006, 02:28 AM   #4 (permalink)
D-A-L Newbie
 
Status: Newbie
Join Date: Jun 2006
Posts: 13
 amercm120 Is a beginner here at D-A-L



amercm120 is offline  
Re: Popups
I decided to post a more recent HJT log in addition to the Ewido log. Thank you so much for your help.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:23:58 PM 7/14/2006

+ Scan result:



:mozilla.10:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.35:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.44:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.45:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.56:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.67:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.6:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.76:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.7:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.81:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.86:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.8:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.91:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.9:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.65:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.161:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.162:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.239:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.240:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.8:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.183:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.152:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.193:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.120:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.46:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.124:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.130:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.132:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.135:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.137:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.149:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.177:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.29:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.65:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.66:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.67:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.68:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.69:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.70:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.70:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.71:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.72:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.73:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.74:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.74:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.11:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.38:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.148:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.200:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.201:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.63:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.64:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.161:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.162:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.163:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.201:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.206:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.209:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.150:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.151:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.152:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.153:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.212:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.87:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.88:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.89:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.238:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.239:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.243:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.255:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.27:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.28:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.29:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.30:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.155:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.156:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.36:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.43:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Clayton\Cookies\clayton@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
:mozilla.164:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.165:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.166:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.167:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.168:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.82:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.83:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.84:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.85:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.86:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.128:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.173:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.178:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.75:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.19:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.20:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.21:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.22:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.23:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.37:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.38:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.39:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.40:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.41:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.22:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.23:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.241:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.242:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.243:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.244:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.245:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.24:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.25:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.26:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end

--------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:27:20 PM, on 7/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [web ace] C:\DOCUME~1\Clayton\APPLIC~1\LIESAX~1\Gpl grid bleh.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1151631907229
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://aerial.leepa.org/ecwplugins/ncs.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 15-07-2006, 04:52 AM   #5 (permalink)
 
Neal's Avatar
 
Status: Senior Member
Join Date: Sep 2005
Posts: 5,016
 Neal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furniture



Neal is offline  
Re: Popups
Have you ever had Messenger Plus? It appears you may have a LOP infection from useing that program, so...



Download and unzip to it's own folder:
http://metallica.geekstogo.com/findlop.zip

Run(Double Click) the findlop.bat which can be found in the findlop folder and post the result.


Also...



Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.



Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 15-07-2006, 08:07 PM   #6 (permalink)
D-A-L Newbie
 
Status: Newbie
Join Date: Jun 2006
Posts: 13
 amercm120 Is a beginner here at D-A-L



amercm120 is offline  
Re: Popups
I have yet to remove the tracking cookies that were found in the ewido scan. When should I do so? Also, the same popups keep on reappreaing. Here are the results of findlop and HJT. Thank you once again.

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A9C0D44C91BB4E24.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\clayton\applic~1\liesax~1\BIRDCOALWIN .exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Clayton'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 05/27/2006 21:00:00
NextRun: 07/15/2006 16:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/04/1996
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'Miguel'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 04/03/2004 22:27:00
NextRun: 07/15/2006 15:07:00
StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
ExitCode: 0x65
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

2 Triggers

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 04/03/2004
EndDate: 00/00/0000
StartTime: 01:27
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 1:
Type: AtLogon
StartDate: 08/16/2003
EndDate: 00/00/0000
StartTime: 18:23
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

--------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:06:34 PM, on 7/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [web ace] C:\DOCUME~1\Clayton\APPLIC~1\LIESAX~1\Gpl grid bleh.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1151631907229
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://aerial.leepa.org/ecwplugins/ncs.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 15-07-2006, 08:39 PM   #7 (permalink)
 
Neal's Avatar
 
Status: Senior Member
Join Date: Sep 2005
Posts: 5,016
 Neal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furniture



Neal is offline  
Re: Popups
Yep, you got a LOP infection and we will see if we can get rid of it in a minute.


I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
  1. Run Spybot-S&D
  2. Go to the Mode menu, and make sure "Advanced Mode" is selected
  3. On the left hand side, choose Tools -> Resident
  4. Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.


Quote:
Also...



Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.


Quote:
Download: Microsoft Task Scheduler Command Line Utility

http://mvps.org/winhelp2002/jt.zip

Unzip and copy jt.exe to your Windows folder.

Open Notepad, copy and paste the below and "Save As" KillJobs.bat
In the "Save as type" select: All Files

Quote:
@echo off
jt /sd A9C0D44C91BB4E24.job


Copy KillJobs.bat to your Windows folder.
Double-click on "KillJobs.bat"
(when prompted, allow the file to run)



If you want to remove tracking cookies you must quarantine them after the scan is done.



Remove from add/remove program if present:

viewpoint/viewpoint manager/viewpoint media player
weatherbug---if the free version
LimeShop


Reboot


Run hiajckthis and click on scan buttton and put checks next to these:


O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [web ace] C:\DOCUME~1\Clayton\APPLIC~1\LIESAX~1\Gpl grid bleh.exe---if still there after the above

O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)


Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):



DELETE FOLDERS

C:\Program Files\Viewpoint
C:\DOCUMENTS and SETTINGS\Clayton\APPLICATION DATA\LIESAX~1---folder begins with LIESAX
C:\Program Files\LimeShop


Reboot normal mode and post a hijackthis log and tell if popups are still coming and what do they say if so.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.



Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 16-07-2006, 05:30 PM   #8 (permalink)
D-A-L Newbie
 
Status: Newbie
Join Date: Jun 2006
Posts: 13
 amercm120 Is a beginner here at D-A-L



amercm120 is offline  
Re: Popups
Hello, I followed your instructions and I ran into a few roadblocks. I couldn't get KillJobs.bat to work. I copied and pasted @echo off jt/sd A9C0D44C91BB4E24.job into notepad and saved it as all files. I then copied both jt.exe and killjobs.exe into C:\WINDOWS and when that didn't work I copied then into C:\Documents and Settings\Clayton\WINDOWS. When both failed I skipped that step and continued on. When I went to change/remove Limeshop, I got WJView Error which read: ERROR: Could not execute Main: The system cannot find the file specified. Is this because I uninstalled Limewire several months ago yet there are still some components lying around? This is where I stopped and decided to write this because I didn't want to run the HJT and delete the folders until the aforementioned problems were resolved. By the way, here is my uninstall manager.


Ad-Aware SE Personal
Adobe PageMaker 7.0
Adobe Reader 6.0
Adware Away v2.2.8.9
AIM Toolbar
AOL Instant Messenger
ARNZ ATR72-200 & 500
AsfTools 3.1 (remove only)
Audio Recorder Pro
Avance AC'97 Audio
AVI to VCD/DVD 4.02
Azureus
BellSouth FastAccess DSL Help Center
BroadJump Client Foundation
Call of Duty Game of the Year Edition
Chaos Pack 1.00 for Pocket Tanks Deluxe
Cinema Tycoon Gold (remove only)
Codec Pack - All In 1 6.0.3.0
Cole2k Media - Codec Pack (Advanced)
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Cucusoft iPod Movie/Video Converter 2.00
dBpowerAMP Music Converter
dBpowerAMP WMA V9.1 Codec
DC Realism 1.0
DesertCombat 0.7
Digital Photo Navigator 1.0
DiscWizard for Windows
DivX Codec
Easy CD Creator 5 Platinum
ESPN Java Check
ewido anti-spyware 4.0
FrostWire
G-Force
Google Earth
HijackThis 1.99.1
HSP56 MicroModem Drivers
Image Web Server IE Plugins 2,0,0,104
iPod for Windows 2006-01-10
iPod for Windows User Guide
iPod Updater 2004-11-15
iTunes
J2SE Runtime Environment 5.0 Update 1
Java 2 Runtime Environment Standard Edition v1.3.1_04
Learn2 Player (Uninstall Only)
LimeShop
LiveReg (Symantec Corporation)
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Media Library Management Wizard
MediaInfo 0.7.2.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Close Combat: A Bridge Too Far
Microsoft Combat Flight Simulator 2
Microsoft Data Access Components KB870669
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server Desktop Engine
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft® Winter Fun Pack 2004 for Windows® XP
Motorola Handset USB Driver
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MPEG Joiner
MSN Music Assistant
My Toolbar - Toolbar
NVIDIA Drivers
oggcodecs 0.71.0946
Panda ActiveScan
PartyPoker
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
PQ DVD to iPod Video Converter (remove only)
Prentice Hall Biology Exploring Life Online Activities
ProSavageDDR and Utilities
PSP Movie Creator(remove only)
PSP Video Express(remove only)
PunkBuster for Battlefield 1942
QuickTime
Roll
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Sony Sound Forge 8.0b
Spybot - Search & Destroy 1.4
Sure Delete 5.1.1
Switch Uninstall
Symantec AntiVirus Client
Uniblue Registry Booster
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
VIA Rhine-Family Fast Ethernet Adapter
WavePad Uninstall
Web Savings from Ebates
Webinblue A-10A Thunderbolt II for CFS2
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Bonus Pack for Windows XP
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Series Winter Fun Pack
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
Xfire (remove only)
XPlay
ZoneAlarm


Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 16-07-2006, 08:51 PM   #9 (permalink)
 
Neal's Avatar
 
Status: Senior Member
Join Date: Sep 2005
Posts: 5,016
 Neal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furniture



Neal is offline  
Re: Popups
OK, you can delete the limeshop folder if you have already uninstalled limewire and just skip the LOP part above we will go a different route on that, just do everything else. Now let's see if we can get rid of LOP below. Do killbox thing first before trying to do hijackthis fix. Thanks.


Please download the Killbox by Option^Explicit.

Note:In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select
    • "Delete on Reboot
    • Then click on either the "All Files" button if there is more than 1 item to Delete.
  • Please copy the file path(s) below to the clipboard by highlighting ALL of them and pressing CTRL + C

    [b]A9C0D44C91BB4E24.job

  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.


Post a new hijackthis log after the above please.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.



Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 17-07-2006, 01:57 AM   #10 (permalink)