|
|
|
Pop Ups
|
|
|
Haomaru
Junior Member
|
23. June 2008 @ 11:42 |
Link to this message
|
Hi, i keep getting internet explorer pop ups, i have pop up blocker installed, and still they keep coming up, some of the pop ups are like streaming videos, which drastically slows down the machine, if i am playing games ect., and sometimes i get the pop up saying that i should download spyware tools ect., and i noticed since this problem started happening, my machine takes longer to boot up, any help would be appreciated
|
|
Advertisement
|
 |
|
|
AfterDawn Addict
|
23. June 2008 @ 12:46 |
Link to this message
|
Hi Haomaru,
First, let?s do a little Pre-Cleaning and Post some Logs so we can see what?s going on?
Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download and install SUPERAntiSpyware Free
? Double-click SUPERAntiSypware.exe and use the default settings for installation.
? An icon will be created on your desktop. Double-click that icon to launch the program.
? If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)[/i]
? Under the "Configuration and Preferences", click the Preferences... button.
? Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
? Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
? Click the "Close" button to leave the control center screen and exit the program.
? Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Double-click ATF-Cleaner.exe to run the program.
? Under Main "Select Files to Delete" choose: Select All.
? Click the Empty Selected button.
? If you use Firefox browser click Firefox at the top and choose: Select All
? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? If you use Opera browser click Opera at the top and choose: Select All
? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".
Scan with SUPERAntiSpyware as follows:
? Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
? On the left, make sure you check C:\Fixed Drive.
? On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
? After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
? Make sure everything has a checkmark next to it and click "Next".
? A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
? If asked if you want to reboot, click "Yes" and reboot normally.
? To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
? Click Close to exit the program.
Reboot to Normal Mode
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
? Doubleclick HJTInstall.exe to install it.
? By default it will install to C:\Program Files\Trend Micro\HijackThis .
? Click on Install.
? It will create a HijackThis icon on the desktop.
? Once installed, it will launch Hijackthis.
? Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
? Copy/Paste the log to your next reply please.
Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
Please post the HijackThis log, SUPERAntiSpyware Log and Uninstall list in your next reply.
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Haomaru
Junior Member
|
25. June 2008 @ 21:06 |
Link to this message
|
Thanks for the reply 2old, are are the logs
Super Anti Spyware Log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/25/2008 at 08:27 PM
Application Version : 4.15.1000
Core Rules Database Version : 3490
Trace Rules Database Version: 1481
Scan type : Complete Scan
Total Scan Time : 01:05:09
Memory items scanned : 167
Memory threats detected : 0
Registry items scanned : 5758
Registry threats detected : 14
File items scanned : 63167
File threats detected : 101
Adware.Tracking Cookie
C:\Documents and Settings\Fishers\Cookies\fishers@realmedia[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@ads.pointroll[1].txt
C:\Documents and Settings\Fishers\Cookies\fishers@media.adrevolver[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@tribalfusion[1].txt
C:\Documents and Settings\Fishers\Cookies\fishers@network.realmedia[1].txt
C:\Documents and Settings\Fishers\Cookies\fishers@adopt.specificclick[1].txt
C:\Documents and Settings\Fishers\Cookies\fishers@mediaplex[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@advertising[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@www.burstnet[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@www.burstbeacon[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@casalemedia[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@bs.serving-sys[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@atdmt[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@questionmarket[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@imrworldwide[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@ads.monster[1].txt
C:\Documents and Settings\Fishers\Cookies\fishers@serving-sys[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@fastclick[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@adbrite[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@adrevolver[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@doubleclick[1].txt
C:\Documents and Settings\Fishers\Cookies\fishers@revsci[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@mytf2.hlstatsx[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@media6degrees[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@trafficmp[1].txt
C:\Documents and Settings\Fishers\Cookies\fishers@medtrackalert[1].txt
C:\Documents and Settings\Fishers\Cookies\fishers@ad2.doublepimp[1].txt
C:\Documents and Settings\Fishers\Cookies\fishers@insightexpressai[1].txt
C:\Documents and Settings\Fishers\Cookies\fishers@adopt.euroclick[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@ads.revsci[1].txt
C:\Documents and Settings\Fishers\Cookies\fishers@www.googleadservices[1].txt
C:\Documents and Settings\Fishers\Cookies\fishers@indiads[1].txt
C:\Documents and Settings\Fishers\Cookies\fishers@specificclick[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@apmebf[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@media.adrevolver[1].txt
C:\Documents and Settings\Fishers\Cookies\fishers@bluestreak[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@zedo[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@burstnet[2].txt
C:\Documents and Settings\Fishers\Cookies\fishers@videoegg.adbureau[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@ad.yieldmanager[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@adbrite[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@adecn[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@adlegend[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@adnetserver[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@adopt.euroclick[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@adopt.specificclick[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@adrevolver[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@adrevolver[3].txt
D:\Documents and Settings\Fishers\Cookies\fishers@ads.addynamix[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@ads.clicksor[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@ads.revsci[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@ads.vlaze[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@adserver.easyad[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@adultfriendfinder[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@advertising[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@affiliate.wordtracker[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@atdmt[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@azjmp[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@bluestreak[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@burstnet[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@cache.trafficmp[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@casalemedia[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@consumergain[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@da-tracking[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@dealtime[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@doubleclick[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@dynamic.media.adrevolver[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@hornymatches[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@linksynergy[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@media.adrevolver[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@media.adrevolver[3].txt
D:\Documents and Settings\Fishers\Cookies\fishers@media6degrees[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@myroitracking[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@precisionclick[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@realmedia[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@serve.clickbooth[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@servedby.adxpower[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@servedby.adxpower[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@specificclick[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@stat.dealtime[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@statcounter[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@trafficmp[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@tremor.adbureau[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@tribalfusion[2].txt
D:\Documents and Settings\Fishers\Cookies\fishers@www.burstbeacon[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@www.burstnet[1].txt
D:\Documents and Settings\Fishers\Cookies\fishers@zedo[2].txt
Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion
Trojan.DNSChanger-Codec
HKU\S-1-5-21-1004336348-1965331169-725345543-1003\Software\GetModule
HKU\S-1-5-21-1004336348-1965331169-725345543-1003\Software\GetPack
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck#UninstallString
Adware.AdSponsor/ISM
C:\Program Files\GetModule\dicik.gz
C:\Program Files\GetModule\GetModule19.exe
C:\Program Files\GetModule\kwdik.gz
C:\Program Files\GetModule\pckik.dat
C:\Program Files\GetModule
C:\Program Files\GetPack\dictame.gz
C:\Program Files\GetPack\GetPack19.exe
C:\Program Files\GetPack\trgtame.gz
C:\Program Files\GetPack
C:\Program Files\iCheck\iCheck.exe
C:\Program Files\iCheck\Uninstall.exe
C:\Program Files\iCheck
Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE
Hijackthis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:18 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: tspchefk - {f820d4ed-de89-4bca-a40b-83cabddc91d3} - C:\Documents and Settings\All Users\Application Data\tspchefk.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7750 bytes
Uninstall List
Adobe Flash Player ActiveX
Alive 3GP Video Converter (version 1.8.3.6)
Any Video Converter Professional 2.5.9
BChanger
FlashGet 1.9.6.1073
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Java(TM) 6 Update 6
Kaspersky Anti-Virus 2009
Kaspersky Anti-Virus 2009
LimeWire PRO 4.18.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
MSVC80_x86
MSXML 6.0 Parser
Nero 8
neroxml
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
NSS (remove only)
NVIDIA Drivers
PC Connectivity Solution
QuickTime
Sound Blaster Live! Web 2K/XP
Steam
SUPERAntiSpyware Free Edition
VCRedistSetup
VideoLAN VLC media player 0.8.6f
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
WinRAR archiver
Yahoo! ¤u¨ã¦C
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
|
AfterDawn Addict
|
26. June 2008 @ 04:00 |
Link to this message
|
Hey Haomaru,
Do you still have POP-UPS???
Let me know.
Meantime do this:
Goto > Start > control panel > Add/remove programs and uninstall -> BChanger
Fix These lines in HijackThis:
If they are still there
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
If you know this one, leave it, if not, Fix it.
O21 - SSODL: tspchefk - {f820d4ed-de89-4bca-a40b-83cabddc91d3} - C:\Documents and Settings\All Users\Application Data\tspchefk.dll
Use the Search in Windows Explorer and delete the following files/folders, if they exist:
C:\Program Files\BChanger\bchanger.dll
C:\Documents and Settings\All Users\Application Data\tspchefk.dll
Post a fresh HJT Log and let me know what?s happening..
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Haomaru
Junior Member
|
26. June 2008 @ 09:17 |
Link to this message
|
Thanks again O2, well i was able to fix via these files via HJT O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O21 - SSODL: tspchefk - {f820d4ed-de89-4bca-a40b-83cabddc91d3} - C:\Documents and Settings\All Users\Application Data\tspchefk.dll
But was unable to delete these
C:\Program Files\BChanger\bchanger.dll
C:\Documents and Settings\All Users\Application Data\tspchefk.dll
i got access denied error msg.
New HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:27 AM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7218 bytes
|
|
Haomaru
Junior Member
|
26. June 2008 @ 09:28 |
Link to this message
|
Oh and currently no pop ups, thank you.
|
|
Advertisement
|
|
|
AfterDawn Addict
|
26. June 2008 @ 09:37 |
Link to this message
|
Hey Haomaru,
Well your Log is as Clean as an Old Maid?s Parlor. :)
You may be able to delete those files in Safe Mode.
I don?t think they will give you any problems but give it a try. ;)
Holler if anything turns up.
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
