Sponsored By

Reston

Xp: Popups While I Browse[INACTIVE]

Recommended Posts

I'm getting popups. ErrorSafe? Take a look at my HJT log please.

Logfile of HijackThis v1.99.1

Scan saved at 8:22:41 AM, on 6/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\Chronograph\chrono.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AutoSizer\AutoSizer.exe

C:\Program Files\Clock Tray Skins

Lite\ClockTraySkins.exe

C:\Program Files\Dulux WeatherShield

WeatherDesk\weather.exe

C:\Program Files\UnH Solutions\IE Privacy

Keeper\IEPrivacyKeeper.exe

C:\Program Files\iolo\System Mechanic

4\PopupStopper.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\CyberBuddy\CyberBud.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\Program Files\Samsung\Digimax Viewer

2.1\STImgBrowser.exe

C:\Program Files\Executive

Software\Diskeeper\DkService.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\WINDOWS\system32\SLEE401.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Shrink Pic\shrink_pic.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\msagent\AgentSvr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Joe

Fardella.JOEY\Desktop\Security\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://mirror.bom.gov.au/products/IDR123.shtml

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://mirror.bom.gov.au/products/IDR123.shtml

R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: iiBar -

{8AA99D86-978D-4963-A845-24AF39FB0CF2} - C:\Program Files\iiBar\iiBar.dll

O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI

Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program

Files\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program

Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [smcService]

C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [PPMemCheck]

c:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [PestPatrol Control Center]

c:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [CookiePatrol]

c:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun

O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AutoSizer] "C:\Program

Files\AutoSizer\AutoSizer.exe"

O4 - HKCU\..\Run: [skinClockLite] C:\Program Files\Clock Tray Skins Lite\ClockTraySkins.exe

O4 - HKCU\..\Run: [Dulux WeatherShield WeatherDesk]

C:\Program Files\Dulux WeatherShield WeatherDesk\weather.exe

O4 - HKCU\..\Run: [iE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy

Keeper\IEPrivacyKeeper.exe" -startup

O4 - HKCU\..\Run: [system Mechanic Popup Stopper]

"C:\Program Files\iolo\System Mechanic 4\PopupStopper.exe"

O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: CyberBuddy.lnk = C:\Program Files\CyberBuddy\CyberBud.exe

O4 - Global Startup: Digimax Viewer 2.1.lnk =

C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe

O4 - Global Startup: Logitech SetPoint.lnk =

C:\Program Files\Logitech\SetPoint\KEM.exe

O8 - Extra context menu item: &Google Search -

res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word

- res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links -

res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page

- res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages -

res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into

English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} -

C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Subscribe in Desktop

Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} -

C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) -

{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) -

{D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH Solutions\IE

Privacy Keeper\IEPrivacyKeeper.exe (HKCU)

O9 - Extra 'Tools' menuitem: IE Privacy Keeper -

{D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} -

https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1}

(ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

(Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}

(MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

(BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}

(Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase7617.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}

(Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136969391307

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}

(ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E}

(PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/wtOtherA...iomanagerwt.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs:

C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service

(aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido

anti-malware\ewidoctrl.exe

O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware

Sandra Lite 2005.SR2\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) -

SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra

Lite 2005.SR2\RpcSandraSrv.exe

O23 - Service: Steganos Live Encryption Engine

(Version 401) [service] (SLEE_401_SERVICE) - Unknown owner

- C:\WINDOWS\system32\SLEE401.exe

O23 - Service: Sygate Personal Firewall (SmcService)

- Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Share this post


Link to post
Share on other sites

Hello Reston, :)

Please do a new HJT scan and make sure word wrap is disabled in notepad prior to posting your log. Thanks!

Share this post


Link to post
Share on other sites

Inactive topic...

If you still need help on this problem, contact me or one of the Moderators to re-open this up.

Topic closed.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.