Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » HJT log, Please help me with these annoying pop ups

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

HJT log, Please help me with these annoying pop ups

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 04-04-2007, 02:35 AM
Junior Member
New Recruit
  
Join Date: Mar 2005
Posts: 42
dotcomphilly Is a beginner here at D-A-L
HJT log, Please help me with these annoying pop ups
Started a few days ago dont remember downloading anything or going to any different websites but could have been someone else using the computer that did it. Tried cleaning it up the best I could before posting.

thanks

Logfile of HijackThis v1.99.1
Scan saved at 9:29:09 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\CTHELPER.EXE
F:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - F:\WINDOWS\system32\tmpB.tmp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {78b91348-ff48-43ad-ad27-ecb816bc9e1f} - F:\WINDOWS\system32\hdwave.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SBDrvDet] F:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [OrderReminder] F:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HostManager] F:\Program Files\Common Files\AOL\1127950184\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] F:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] F:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SoundService] rundll32.exe "F:\WINDOWS\iifedd.dll",setvm
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "F:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://F:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: hdwave - F:\WINDOWS\SYSTEM32\hdwave.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - F:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - F:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Card Adapter (NETDown) - Unknown owner - F:\WINDOWS\smss.exe (file missing)

thanks
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 04-04-2007, 05:28 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: HJT log, Please help me with these annoying pop ups
You have a popup infection which you noted and another serious infection which should be addressed first.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 05-04-2007, 01:13 AM
Junior Member
New Recruit
  
Join Date: Mar 2005
Posts: 42
dotcomphilly Is a beginner here at D-A-L
Re: HJT log, Please help me with these annoying pop ups
SDFix: Version 1.76

Run by Ant - Wed 04/04/2007 - 20:03:58.82

Microsoft Windows XP [Version 5.1.2600]

Running From: F:\Documents and Settings\Ant\Desktop\sdfix\SDFix

Safe Mode:
Checking Services:

Name:
NETDown

ImagePath:
F:\WINDOWS\smss.exe

NETDown Deleted


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

F:\DOCUME~1\Ant\LOCALS~1\Temp\tmpA.tmp.exe - Deleted
F:\DOCUME~1\Ant\LOCALS~1\Temp\tmpB.tmp.exe - Deleted
F:\DOCUME~1\Ant\LOCALS~1\Temp\abc123.pid - Deleted
F:\DOCUME~1\Ant\LOCALS~1\Temp\autorun.inf - Deleted
F:\DOCUME~1\Ant\LOCALS~1\Temp\install.exe - Deleted
F:\WINDOWS\system32\drivers\etc\hosts.tim - Deleted



ADS Check:

F:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\support.com\\bin\\tgcmd.exe"="F:\\Program Files\\support.com\\bin\\tgcmd.exe:*:Enabled:Suppo rt.com Scheduler and Command Dispatcher"
"F:\\Program Files\\FlashFXP\\FlashFXP.exe"="F:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP"
"F:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="F:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yah oo! Messenger"
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="F:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"F:\\WINDOWS\\Cyb2k.exe"="F:\\WINDOWS\\Cyb2k.exe:* :Enabled:CYBERsitter Control Panel"
"F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"F:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="F:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"F:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="F:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"F:\\Program Files\\America Online 9.0\\waol.exe"="F:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"F:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="F:\\Prog ram Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled: AOLTsMon"
"F:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="F:\\Prog ram Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled: AOLTopSpeed"
"F:\\Program Files\\Common Files\\AOL\\1127950184\\EE\\AOLServiceHost.exe"="F :\\Program Files\\Common Files\\AOL\\1127950184\\EE\\AOLServiceHost.exe:*:E nabled:AOL"
"F:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="F:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"F:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="F:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"F:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="F:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"F:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="F:\ \Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Ena bled:AOL"
"F:\\Program Files\\America Online 9.0a\\waol.exe"="F:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:AOL"
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="F:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"F:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="F:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - F:\DOCUME~1\Ant\Desktop\sdfix\SDFix\backups\backup s.zip

Checking For Files with Hidden Attributes :

F:\Program Files\America Online 9.0\AOLphx.exe
F:\Program Files\America Online 9.0\rbm.exe
F:\Program Files\America Online 9.0a\AOLphx.exe
F:\Program Files\America Online 9.0a\rbm.exe
F:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
F:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp

Finished
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 05-04-2007, 01:19 AM
Junior Member
New Recruit
  
Join Date: Mar 2005
Posts: 42
dotcomphilly Is a beginner here at D-A-L
Re: HJT log, Please help me with these annoying pop ups
Logfile of HijackThis v1.99.1
Scan saved at 8:18:57 PM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\notepad.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\CTHELPER.EXE
F:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - F:\WINDOWS\system32\tmpB.tmp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {78b91348-ff48-43ad-ad27-ecb816bc9e1f} - F:\WINDOWS\system32\hdwave.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SBDrvDet] F:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [OrderReminder] F:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HostManager] F:\Program Files\Common Files\AOL\1127950184\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] F:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] F:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "F:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://F:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: hdwave - F:\WINDOWS\SYSTEM32\hdwave.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - F:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - F:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe

Thanks in advance for the help its appreciated.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 05-04-2007, 04:53 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: HJT log, Please help me with these annoying pop ups
Several issues need to be considered before proceeding:

  • SDFIX:
    http://www.google.ca/search?hl=en&q=...e+Search&meta=
    Your system has likely been compromised to point where even cleaning does not promise you a trustworthy machine. There is lot of serious concern for the SDBOT infection family and its known updateable/installable capabilities whether in use or not (20K hits for inclusive search terms SDBOT, banking, and password). If you do online banking or have passwords that would be a serious concern in the hands of others (identity theft or compromise of confidential information), then more serious action is likely advisable and potentially warranted (backup user files and do a clean re-install). More often than not they want your PC as a compromised zombie (a botnet/spambot member to do evil deeds) – but who is to know.

    Nevertheless, initial cleaning may be a good first step to give you some renewed degree of control and then time to more fully consider your options. Let us know how you wish to proceed.

  • You are not currently running a proper real-time (always on) antivirus tool.

    There are some good free Antivirus programs that are decent, including AVG and Avast!. Install one of them if you wish to salvage your PC as best you can. Also, post a revised HijackThis LOG to reflect such an installation, if applicable.

    AVG: http://free.grisoft.com/doc/1
    Avast: http://www.avast.com/eng/avast_4_home.html
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 06-04-2007, 01:59 AM
Junior Member
New Recruit
  
Join Date: Mar 2005
Posts: 42
dotcomphilly Is a beginner here at D-A-L
Re: HJT log, Please help me with these annoying pop ups
Installed Avast hopefully I can get this cleaned up with out having to reformat.

Thanks again for all of your help.

Logfile of HijackThis v1.99.1
Scan saved at 8:58:07 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\CTHELPER.EXE
F:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - F:\WINDOWS\system32\tmp9.tmp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {78b91348-ff48-43ad-ad27-ecb816bc9e1f} - F:\WINDOWS\system32\hdwave.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SBDrvDet] F:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [OrderReminder] F:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HostManager] F:\Program Files\Common Files\AOL\1127950184\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] F:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] F:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "F:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://F:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: hdwave - F:\WINDOWS\SYSTEM32\hdwave.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - F:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 06-04-2007, 02:48 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: HJT log, Please help me with these annoying pop ups
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 06-04-2007, 03:06 AM
Junior Member
New Recruit
  
Join Date: Mar 2005
Posts: 42
dotcomphilly Is a beginner here at D-A-L
Re: HJT log, Please help me with these annoying pop ups
Logfile of HijackThis v1.99.1
Scan saved at 10:05:53 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\CTHELPER.EXE
F:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {78b91348-ff48-43ad-ad27-ecb816bc9e1f} - F:\WINDOWS\system32\hdwave.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SBDrvDet] F:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [OrderReminder] F:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HostManager] F:\Program Files\Common Files\AOL\1127950184\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] F:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] F:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "F:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://F:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: hdwave - F:\WINDOWS\SYSTEM32\hdwave.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - F:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 06-04-2007, 03:07 AM
Junior Member
New Recruit
  
Join Date: Mar 2005
Posts: 42
dotcomphilly Is a beginner here at D-A-L
Re: HJT log, Please help me with these annoying pop ups
VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 950 PM 4/5/2007

Listing files found while scanning....

F:\WINDOWS\system32\tmp9.tmp.dll

Beginning removal...

Attempting to delete F:\WINDOWS\system32\tmp9.tmp.dll
F:\WINDOWS\system32\tmp9.tmp.dll Has been deleted!

Performing Repairs to the registry.
Done!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 06-04-2007, 03:36 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: HJT log, Please help me with these annoying pop ups
Are your popup issues now resolved? Let us know, please.


You appear to running both Ewido and Avg Anti-Spyware (AVGAS). AVGAS is essentially an updated version of Ewido. Please uninstall Ewido if that is the case and then REBOOT.


Thereafter, please ensure that AVGAS (right-click icon in tooltray to exit) is not running while you conduct the following scan:

Using Internet Explorer run Panda's ActiveScan from here and perform a full system scan.

1. Once you are on the Panda site click the "Scan your PC" button
2. A new window will open...click the big "Check Now" button
3. Enter your Country
4. Enter your State/Province
5. Enter your e-mail address and click send
6. Select either Home User or Company
7. Click the big Scan Now button
8. If it wants to install an ActiveX component allow it
9. It will start downloading the files it requires for the scan (Note: It will take a couple minutes). You may need to click the ‘Retry again’ BUTTON or you may need to exit and retry at the ‘Scan Now’ BUTTON.
10. Click on "Local Disks" to start the scan
11. Post Panda scan results in your next reply
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Annoying pop-ups kellehs Spyware, Adware, Viruses and HijackThis Logs 9 16-07-2008 10:23 PM
Ok This is So annoying!!! PLEASE HELP!!! FutureWindowsVistaUser Windows XP Help 5 03-12-2006 01:15 AM
IE keeps on freezing, really annoying! novice General Internet Issues and Questions 4 23-11-2005 03:34 AM
Really annoying strive4impact Spyware, Adware, Viruses and HijackThis Logs 1 11-08-2005 12:47 AM
Annoying little box. Gary Spyware, Adware, Viruses and HijackThis Logs 20 22-12-2004 08:53 PM


All times are GMT +1. The time now is 03:11 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav