« previous next »
Pages: [1]

Author Topic: Removing Annoying Pop ups  (Read 894 times)

Offline monica_ian_ralliart

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« on: February 22, 2006, 12:15:06 AM »
Someone please help.

I have been getting many pop ups and everytime i clicked on internet explorer, the default website would be www.findthewebsiteyouneed.com. It's so damn F**king annoying. I tried running HijackThis, everytime it loads, 5 seconds later, the program disappear.

I am also using a CWSshredder, can anyone tell me if C:\WINDOWS\winsysban5.exe, C:\WINDOWS\winsysban6.exe and C:\WINDOWS\winsysban7.exe is removable?

Monica
Logged

Offline birdman

  • Full Member
  • ***
  • Posts: 188
  • Karma: +0/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #1 on: February 22, 2006, 09:36:07 PM »
winsysban5.exe
winsysban6.exe
winsysban7.exe
   is Trojan/Backdoor and should be removed,use Killbox if you cannot remove it.
« Last Edit: February 22, 2006, 09:36:46 PM by birdman »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #2 on: February 22, 2006, 11:47:44 PM »
birdman is right
But the best thing you could do
From my signature below, download and save too a permanent folder on your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe

Do a SCAN and Save a Log file---Save the log----copy and paste the WHOLE contents of the log  here... Don't try and fix anything yet----It is all important
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline monica_ian_ralliart

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #3 on: February 23, 2006, 11:50:21 PM »
but i can't run hijackthis on my computer. the program disappears immediately when i try to run it. same for my task manager, it doesn't show my task manager at all. was thinking if it has got something to do with my computer(it is actually the computer that i use at work) and everytime it start up there is a RUNDLL error msg.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #4 on: February 23, 2006, 11:53:30 PM »
Can you do the following if you can
Download and save WinPFind.zip
UNZIP the contents to your desktop
Don't run it yet

RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter

In safe mode
Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Click START SCAN
This could take some time as it will scan your drive
Close out after

I don't normally want to see a Hijackthis log from safe mode, but see if you can run a Scan and save logfile in safe mode

Reboot back to Normal mode

Back in Windows
Post the results of the WindPFind.txt located in the WinPFind folder
Also hijackthis log if you were able to run it
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline monica_ian_ralliart

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #5 on: February 24, 2006, 03:01:08 AM »
Hey questsolo,

here are the results from WinPFind:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 1    Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX!                 23/01/2006 9:51:30 AM       12288      C:\drsmartload1.exe
UPX!                 23/01/2006 10:51:02 AM      10624      C:\drsmartload419a.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Items found in C:\WINDOWS\hosts

UPX!                 01/02/2006 10:20:56 AM      19968      C:\WINDOWS\winsysban4.exe
UPX!                 27/01/2006 4:16:30 PM       10752      C:\WINDOWS\winsysupd3.exe
UPX!                 01/02/2006 10:20:44 AM      11264      C:\WINDOWS\winsysupd4.exe

Checking %System% folder...
PEC2                 29/08/2002 9:00:00 AM       41397      C:\WINDOWS\SYSTEM32\dfrg.msc
WinShutDown          22/02/2006 1:44:00 PM   R S 236615     C:\WINDOWS\SYSTEM32\en0ml1d11.dll
ad-w-a-r-e.com       22/02/2006 1:44:00 PM   R S 236615     C:\WINDOWS\SYSTEM32\en0ml1d11.dll
WinShutDown          17/02/2006 6:17:20 PM   R S 234374     C:\WINDOWS\SYSTEM32\g0040adqed0e0.dll
ad-w-a-r-e.com       17/02/2006 6:17:20 PM   R S 234374     C:\WINDOWS\SYSTEM32\g0040adqed0e0.dll
WinShutDown          14/02/2006 2:28:12 PM   R S 236891     C:\WINDOWS\SYSTEM32\i6jq0g15e6.dll
ad-w-a-r-e.com       14/02/2006 2:28:12 PM   R S 236891     C:\WINDOWS\SYSTEM32\i6jq0g15e6.dll
WinShutDown          15/02/2006 5:57:20 PM   R S 237327     C:\WINDOWS\SYSTEM32\ir2sl5f71.dll
ad-w-a-r-e.com       15/02/2006 5:57:20 PM   R S 237327     C:\WINDOWS\SYSTEM32\ir2sl5f71.dll
WinShutDown          22/02/2006 2:21:02 PM   R S 233820     C:\WINDOWS\SYSTEM32\ir4ml5h11.dll
ad-w-a-r-e.com       22/02/2006 2:21:02 PM   R S 233820     C:\WINDOWS\SYSTEM32\ir4ml5h11.dll
WinShutDown          14/02/2006 6:25:16 PM   R S 236693     C:\WINDOWS\SYSTEM32\irp6l57s1.dll
ad-w-a-r-e.com       14/02/2006 6:25:16 PM   R S 236693     C:\WINDOWS\SYSTEM32\irp6l57s1.dll
WinShutDown          24/02/2006 12:33:06 PM  R S 236917     C:\WINDOWS\SYSTEM32\k6lqlg3516.dll
ad-w-a-r-e.com       24/02/2006 12:33:06 PM  R S 236917     C:\WINDOWS\SYSTEM32\k6lqlg3516.dll
WinShutDown          19/03/2006 2:54:32 PM   R S 234374     C:\WINDOWS\SYSTEM32\k8no0i53e8.dll
ad-w-a-r-e.com       19/03/2006 2:54:32 PM   R S 234374     C:\WINDOWS\SYSTEM32\k8no0i53e8.dll
WinShutDown          17/02/2006 4:39:46 PM   R S 234423     C:\WINDOWS\SYSTEM32\ktj6l71s1.dll
ad-w-a-r-e.com       17/02/2006 4:39:46 PM   R S 234423     C:\WINDOWS\SYSTEM32\ktj6l71s1.dll
WinShutDown          04/02/2006 6:33:36 PM   R S 236662     C:\WINDOWS\SYSTEM32\ktlul7391.dll
ad-w-a-r-e.com       04/02/2006 6:33:36 PM   R S 236662     C:\WINDOWS\SYSTEM32\ktlul7391.dll
WinShutDown          03/02/2006 7:46:44 PM   R S 236049     C:\WINDOWS\SYSTEM32\l06o0aj3edo.dll
ad-w-a-r-e.com       03/02/2006 7:46:44 PM   R S 236049     C:\WINDOWS\SYSTEM32\l06o0aj3edo.dll
WinShutDown          15/02/2006 10:49:56 AM  R S 237069     C:\WINDOWS\SYSTEM32\m6po0g73e6.dll
ad-w-a-r-e.com       15/02/2006 10:49:56 AM  R S 237069     C:\WINDOWS\SYSTEM32\m6po0g73e6.dll
PEC2                 25/11/2005 11:41:50 AM      75264      C:\WINDOWS\SYSTEM32\mswindtc.exe
WinShutDown          22/02/2006 3:32:20 PM   R S 236408     C:\WINDOWS\SYSTEM32\mvl4l93q1.dll
ad-w-a-r-e.com       22/02/2006 3:32:20 PM   R S 236408     C:\WINDOWS\SYSTEM32\mvl4l93q1.dll
WinShutDown          18/02/2006 12:20:32 PM  R S 234374     C:\WINDOWS\SYSTEM32\n08o0al3edq.dll
ad-w-a-r-e.com       18/02/2006 12:20:32 PM  R S 234374     C:\WINDOWS\SYSTEM32\n08o0al3edq.dll
Umonitor             29/08/2002 9:00:00 AM       631808     C:\WINDOWS\SYSTEM32\rasdlg.dll
WinShutDown          01/02/2006 2:08:50 PM   R S 235978     C:\WINDOWS\SYSTEM32\SvnthCore11Resources.dll
ad-w-a-r-e.com       01/02/2006 2:08:50 PM   R S 235978     C:\WINDOWS\SYSTEM32\SvnthCore11Resources.dll
WinShutDown          15/02/2006 10:24:16 AM  R S 236693     C:\WINDOWS\SYSTEM32\wahisn.dll
ad-w-a-r-e.com       15/02/2006 10:24:16 AM  R S 236693     C:\WINDOWS\SYSTEM32\wahisn.dll
winsync              29/08/2002 9:00:00 AM       1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1  www.qoologic.com
127.0.0.1  www.urllogic.com


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
                     24/02/2006 3:30:48 PM     S 2048       C:\WINDOWS\bootstat.dat
                     21/01/2006 4:11:16 PM    H  54156      C:\WINDOWS\QTFont.qfn
                     04/02/2006 10:49:02 AM    S 64         C:\WINDOWS\CSC\00000001
                     27/01/2006 3:34:10 PM     S 64         C:\WINDOWS\CSC\00000002
                     24/02/2006 3:31:00 PM   R S 236918     C:\WINDOWS\system32\damap.dll
                     24/02/2006 2:14:36 PM   R S 236918     C:\WINDOWS\system32\dn0001dme.dll
                     22/02/2006 1:44:00 PM   R S 236615     C:\WINDOWS\system32\en0ml1d11.dll
                     17/02/2006 6:17:20 PM   R S 234374     C:\WINDOWS\system32\g0040adqed0e0.dll
                     14/02/2006 2:28:12 PM   R S 236891     C:\WINDOWS\system32\i6jq0g15e6.dll
                     15/02/2006 5:57:20 PM   R S 237327     C:\WINDOWS\system32\ir2sl5f71.dll
                     22/02/2006 2:21:02 PM   R S 233820     C:\WINDOWS\system32\ir4ml5h11.dll
                     14/02/2006 6:25:16 PM   R S 236693     C:\WINDOWS\system32\irp6l57s1.dll
                     24/02/2006 12:33:06 PM  R S 236917     C:\WINDOWS\system32\k6lqlg3516.dll
                     19/03/2006 2:54:32 PM   R S 234374     C:\WINDOWS\system32\k8no0i53e8.dll
                     17/02/2006 4:39:46 PM   R S 234423     C:\WINDOWS\system32\ktj6l71s1.dll
                     04/02/2006 6:33:36 PM   R S 236662     C:\WINDOWS\system32\ktlul7391.dll
                     03/02/2006 7:46:44 PM   R S 236049     C:\WINDOWS\system32\l06o0aj3edo.dll
                     15/02/2006 10:49:56 AM  R S 237069     C:\WINDOWS\system32\m6po0g73e6.dll
                     22/02/2006 3:32:20 PM   R S 236408     C:\WINDOWS\system32\mvl4l93q1.dll
                     18/02/2006 12:20:32 PM  R S 234374     C:\WINDOWS\system32\n08o0al3edq.dll
                     24/02/2006 3:29:36 PM   R S 236917     C:\WINDOWS\system32\o2840clqefqe0.dll
                     01/02/2006 2:08:50 PM   R S 235978     C:\WINDOWS\system32\SvnthCore11Resources.dll
                     15/02/2006 10:24:16 AM  R S 236693     C:\WINDOWS\system32\wahisn.dll
                     24/02/2006 3:31:00 PM    H  20480      C:\WINDOWS\system32\config\default.LOG
                     24/02/2006 3:30:56 PM    H  1024       C:\WINDOWS\system32\config\SAM.LOG
                     24/02/2006 3:30:50 PM    H  16384      C:\WINDOWS\system32\config\SECURITY.LOG
                     24/02/2006 3:32:02 PM    H  188416     C:\WINDOWS\system32\config\software.LOG
                     24/02/2006 3:30:48 PM    H  913408     C:\WINDOWS\system32\config\system.LOG
                     27/01/2006 4:07:36 PM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\31DDUENG\desktop.ini
                     27/01/2006 4:07:36 PM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W5IBO16R\desktop.ini
                     27/01/2006 4:07:36 PM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XVZY7NWB\desktop.ini
                     27/01/2006 4:07:36 PM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YZ6TKZKZ\desktop.ini
                     17/01/2006 6:33:46 PM    HS 388        C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e7590395-07b9-4622-a9aa-82a64bb29a0b
                     17/01/2006 6:33:46 PM    HS 24         C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
                     24/02/2006 3:29:48 PM    H  6          C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation          29/08/2002 9:00:00 AM       66048      C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       578560     C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       129024     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       150016     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       292352     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       121856     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       65536      C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       559616     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       256000     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation             25/01/2003 2:21:00 AM       139264     C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       36864      C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       36864      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems               30/01/2001 11:21:04 AM      24683      C:\WINDOWS\SYSTEM32\plugincpl130_02.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       109056     C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       268288     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       90112      C:\WINDOWS\SYSTEM32\timedate.cpl
HP Computer Corporation        04/01/2003 2:28:38 AM       122880     C:\WINDOWS\SYSTEM32\UICONFIG.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       121856     C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       65536      C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       187904     C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       559616     C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       35840      C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       36864      C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       147456     C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       28160      C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
                     25/10/2005 10:33:38 AM      1824       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
                     27/11/2003 8:59:08 AM       1027       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
                     03/11/2002 7:35:32 AM    HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
                     22/04/2005 4:38:34 PM       1730       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
                     08/06/2005 5:33:28 PM       681        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
                     12/11/2003 5:33:44 PM       1559       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
                     02/11/2002 11:22:58 PM   HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini
                     25/11/2005 10:35:12 AM      1356       C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
                     03/11/2002 7:35:32 AM    HS 84         C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
                     02/11/2002 11:22:56 PM   HS 62         C:\Documents and Settings\Administrator\Application Data\desktop.ini
                     25/10/2005 10:43:36 AM      143952     C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
                     24/04/2005 4:23:22 PM       22080      C:\Documents and Settings\Administrator\Application Data\Microsoft Access.ADR
                     04/10/2005 11:45:56 AM      38463      C:\Documents and Settings\Administrator\Application Data\Microsoft Excel.ADR

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
       =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
   {A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}    = C:\WINDOWS\system32\SvnthCore11Resources.dll
   {72B9F897-78E6-4930-B4FE-80E3091794E6}    = C:\WINDOWS\system32\mgiwave.dll
   {71B9C6FF-B129-4672-8EC0-5A30B3917BCD}    = C:\WINDOWS\system32\damap.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
   {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}    = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
   Adobe PDF = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\System32\msdxm.ocx
   {EF99BD32-C1FB-11D2-892F-0090271D4F88}    = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
   {47833539-D0C5-4125-9FA8-0819E2EAAC93}    = Adobe PDF   : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : C:\Program Files\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF   : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll
   {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
   {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF   : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   NvCplDaemon   RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
   DrvLsnr   C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
   AdaptecDirectCD   "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
   srmclean   C:\Cpqs\Scom\srmclean.exe
   CPQEASYACC   C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
   ccApp   "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
   ccRegVfy   "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
   iTunesHelper   "C:\Program Files\iTunes\iTunesHelper.exe"
   QuickTime Task   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   win msdt service   mswindtc.exe
   mlp   C:\apace.exe
   winsysupd   C:\windows\winsysupd10.exe
   winsysban   C:\windows\winsysban10.exe
   gimmygames   C:\windows\gimmygames10.exe
   spd   C:\inp.exe
   Symantec NetDriver Monitor   C:\PROGRA~1\SYMNET~1\SNDMon.exe
   Windows Firewall Monitor   C:\inp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
   win msdt service   mswindtc.exe
   mlp   C:\apace.exe
   spd   C:\inp.exe
   Windows Firewall Monitor   C:\inp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   ctfmon.exe   C:\WINDOWS\System32\ctfmon.exe
   win msdt service   mswindtc.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
   win msdt service   mswindtc.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption   
   legalnoticetext   
   shutdownwithoutlogon   1
   undockwithoutlogon   1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder                  {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn                            {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck                          {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray                           {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbjt32
    = winbjt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate
    = C:\WINDOWS\system32\dn0001dme.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs   

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 24/02/2006 3:35:21 PM

man... this is soo long.... and the next one from HijackThis. Sorry that I made u read results from HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 3:47:16 PM, on 24/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\WinPFind\WinPFind\winpfind.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [win msdt service] mswindtc.exe
O4 - HKLM\..\Run: [mlp] C:\apace.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd10.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban10.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames10.exe
O4 - HKLM\..\Run: [spd] C:\inp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Windows Firewall Monitor] C:\inp.exe
O4 - HKLM\..\RunServices: [win msdt service] mswindtc.exe
O4 - HKLM\..\RunServices: [mlp] C:\apace.exe
O4 - HKLM\..\RunServices: [spd] C:\inp.exe
O4 - HKLM\..\RunServices: [Windows Firewall Monitor] C:\inp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [win msdt service] mswindtc.exe
O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Teachers-Desk
O17 - HKLM\Software\..\Telephony: DomainName = Teachers-Desk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Teachers-Desk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\dn0001dme.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Many Thanks!
Monica

Sorry that I made u read results from HijackThis in safe mode.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #6 on: February 25, 2006, 10:54:17 AM »
Sorry for the delay
Let's get you started,

== Download Hoster.zip  and unzip it too a folder of it's own
Open Hoster
Click the "Backup Hosts File"
Then select the "Restore Original Hosts" button

==Download the Killbox by Option^Explicit.
* Save it to desktop or a folder

==Download CWShredder.exe and save to your desktop, don't run yet

==Download and Install
Windows Cleanup! 4.0
Don't run it yet

==Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" Uncheck
 "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

==If you don't have the latest version of Ad-Aware installed
Download and Install
Ad-Aware SE Personal 1.06
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Don't run a scan yet

Copy the rest of these instructions too notepad please
Go to Start>>run>>type in Notepad
Hit OK
This will open a blank notepad

Save these instructions for use in safe mode

Reboot back to safe mode
In safe mode
=Open Killbox.exe
Copy the file name below and paste it to the Full path of file to delete in Killbox

C:\WINDOWS\winsysban4.exe
Then click the Red Circle with the White X
Allow to delete the file and make backup

Do the same with the rest of these
Don't worry about any file not found messages
==================================
C:\WINDOWS\winsysupd3.exe
C:\WINDOWS\SYSTEM32\mswindtc.exe
C:\windows\gimmygames10.exe
C:\inp.exe
C:\apace.exe
=================================

==Double click to run CWShredder.exe
Click on the FIX button, let it run and fix what it finds
When it's done, close it out

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido anti-malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
    Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows

Run Hoster again and "Restore Original hosts"

Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [win msdt service] mswindtc.exe
O4 - HKLM\..\Run: [mlp] C:\apace.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd10.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban10.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames10.exe
O4 - HKLM\..\Run: [spd] C:\inp.exe

O4 - HKLM\..\Run: [Windows Firewall Monitor] C:\inp.exe
O4 - HKLM\..\RunServices: [win msdt service] mswindtc.exe
O4 - HKLM\..\RunServices: [mlp] C:\apace.exe
O4 - HKLM\..\RunServices: [spd] C:\inp.exe
O4 - HKLM\..\RunServices: [Windows Firewall Monitor] C:\inp.exe

O4 - HKCU\..\Run: [win msdt service] mswindtc.exe
O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

Return to Normal mode
I'll want to see a couple logs later, but can you do this first please

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

[color=\"red\"]IMPORTANT:  Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! This Fix must NOT be run in safe mode for it to work.[/color]

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first and letting me see a log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline monica_ian_ralliart

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #7 on: February 28, 2006, 06:04:45 AM »
Hi quest,

thats a lot of steps man, phew...

L2MFIX find log 010406
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mvn6l95s1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbjt32]
"Asynchronous"=dword:00000001
"DllName"="winbjt32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{BD00B513-6FC7-2C3E-4A96-986C8CD6B525}"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}"=""
"{72B9F897-78E6-4930-B4FE-80E3091794E6}"=""
"{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}"=""

********************************************************************************
**
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}\InprocServer32]
@="C:\\WINDOWS\\system32\\SvnthCore11Resources.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgiwave.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}\InprocServer32]
@="C:\\WINDOWS\\system32\\ksdhela3.dll"
"ThreadingModel"="Apartment"

********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
   ksdhela3.dll   Tue Feb 28 2006   6:58:48p  ..S.R        234,077   228.59 K
   kt2ul7~1.dll   Tue Feb 28 2006   6:58:46p  ..S.R        236,004   230.47 K
   mvn6l9~1.dll   Tue Feb 28 2006   5:48:46p  ..S.R        234,077   228.59 K
   s32evnt1.dll   Tue Jan  3 2006   3:31:44p  A....         91,904    89.75 K

4 items found:  4 files (3 H/S), 0 directories.
   Total of file sizes:  796,062 bytes    777.40 K
Locate .tmp files:

No matches found.
********************************************************************************
**
Directory Listing of system files:
 Volume in drive C has no label.
 Volume Serial Number is 462B-73DE

 Directory of C:\WINDOWS\System32

28/02/2006  06:58 PM           234,077 ksdhela3.dll
28/02/2006  06:58 PM           236,004 kt2ul7f91.dll
28/02/2006  05:48 PM           234,077 mvn6l95s1.dll
28/02/2006  05:46 PM    <DIR>          dllcache
11/08/2003  03:58 PM                32 {A7D34F66-7DE2-49E8-87B9-4638E35B3056}.dat
07/08/2003  04:45 AM    <DIR>          Microsoft
               4 File(s)        704,190 bytes
               2 Dir(s)  28,136,927,232 bytes free

Thanks dude.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #8 on: February 28, 2006, 09:43:56 AM »
Close all other open windows
From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start.  Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log.

Post this log back here please, along with a fresh hijackthis log

Could you also post the Ewido report you saved earlier please
« Last Edit: February 28, 2006, 09:47:25 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline monica_ian_ralliart

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #9 on: February 28, 2006, 10:47:10 PM »
Alright, here u go this is the log file from l2mfix:

L2mfix 010406
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
 Granting SeDebugPrivilege to L2MFIX   ... successful
 
Running From:
C:\WINDOWS\system32
 
Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 480 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 552 'winlogon.exe'
Killing PID 552 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 228 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1504 'rundll32.exe'
Restoring Sedebugprivilege:
 Granting SeDebugPrivilege to Administrators   ... successful
 
Scanning First Pass. Please Wait!
 
First Pass Completed
 
Second Pass Scanning
 
Second pass Completed!
        1 file(s) copied.
        1 file(s) copied.
        1 file(s) copied.
Deleting: C:\WINDOWS\system32\k8jsli1718.dll  
Successfully Deleted: C:\WINDOWS\system32\k8jsli1718.dll  
Deleting: C:\WINDOWS\system32\kt2ul7f91.dll  
Successfully Deleted: C:\WINDOWS\system32\kt2ul7f91.dll  
Deleting: C:\WINDOWS\system32\nnlsapi.dll  
Successfully Deleted: C:\WINDOWS\system32\nnlsapi.dll  
 
msg11?.dll
        0 file(s) copied.
 
 
 
Restoring Windows Update Certificates.:
 
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\kt2ul7f91.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbjt32]
"Asynchronous"=dword:00000001
"DllName"="winbjt32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

 
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\k8jsli1718.dll
C:\WINDOWS\system32\kt2ul7f91.dll
C:\WINDOWS\system32\nnlsapi.dll
 
Registry Entries that were Deleted:
Please verify that the listing looks ok.  
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}\InprocServer32]
@="C:\\WINDOWS\\system32\\SvnthCore11Resources.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgiwave.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}\InprocServer32]
@="C:\\WINDOWS\\system32\\nnlsapi.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}"=-
"{72B9F897-78E6-4930-B4FE-80E3091794E6}"=-
"{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}"=-
[-HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}]
[-HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}]
[-HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
  adding: dlls/k8jsli1718.dll (164 bytes security) (deflated 4%)
  adding: dlls/kt2ul7f91.dll (164 bytes security) (deflated 5%)
  adding: dlls/nnlsapi.dll (164 bytes security) (deflated 5%)
  adding: backregs/71B9C6FF-B129-4672-8EC0-5A30B3917BCD.reg (212 bytes security) (deflated 70%)
  adding: backregs/72B9F897-78E6-4930-B4FE-80E3091794E6.reg (212 bytes security) (deflated 70%)
  adding: backregs/A2FB58C9-164D-4FB6-88C1-300F01D6BBBD.reg (212 bytes security) (deflated 70%)
  adding: backregs/notibac.reg (164 bytes security) (deflated 77%)
  adding: backregs/shell.reg (164 bytes security) (deflated 74%)

Log file from hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 10:12:31 AM, on 01/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [win msdt service] mswindtc.exe
O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Teachers-Desk
O17 - HKLM\Software\..\Telephony: DomainName = Teachers-Desk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Teachers-Desk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\kt2ul7f91.dll (file missing)
O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Log file from Ewido:
---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         6:38:16 PM, 28/02/2006
 + Report-Checksum:      F89593E0

 + Scan result:

   [632] C:\WINDOWS\system32\mrpmsp.dll -> Adware.Look2Me : Error during cleaning
   [712] C:\WINDOWS\system32\mrpmsp.dll -> Adware.Look2Me : Error during cleaning
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831170103.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831170103.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831170103.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831170103.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831174456.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Error during cleaning
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831174456.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Error during cleaning
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831174456.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Error during cleaning
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831174456.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Error during cleaning
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831180146.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831180146.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831180146.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831184122.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831184122.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831184122.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831184122.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113529.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113529.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113529.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113529.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113529.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113529.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113940.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113940.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113940.zip/Program Files/common files/wintools/WToolsB.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113940.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901114156.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901114156.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050902124503.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050902124503.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050902124503.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050902124503.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050902124503.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903101552.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903101552.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903101552.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903101552.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903101552.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903153214.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903153214.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903153214.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903153214.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903153214.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050904110943.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050904110943.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050904110943.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050904110943.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050904110943.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050905084536.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050905084536.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050905084536.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050905084536.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050905084536.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050906084155.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050906084155.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050906084155.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050906084155.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050906084155.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050907085345.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050907085345.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050907085345.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050907085345.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050907085345.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050908084509.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050908084509.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050908084509.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050908084509.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050908084509.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050908084509.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WToolsB.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050910124907.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050910124907.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050910124907.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050910124907.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050910124907.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050910124907.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050910124907.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WToolsB.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050914103700.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050914103700.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050914103700.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050914103700.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050914103700.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050914103700.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050914103700.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WToolsB.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050916114543.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050916114543.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050916114543.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050916114543.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050916114543.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050916114543.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050916114543.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WToolsB.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050918111612.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050918111612.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050918111612.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050918111612.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050918111612.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050918111612.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050918111612.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WToolsB.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050921102730.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050921102730.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050921102730.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050921102730.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050921102730.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050921102730.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050921102730.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20060126184236.zip/Program Files/common files/wintools/WToolsB.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20060126184236.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10D.tmp\sfbho.dll -> Adware.SideFind : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq130.tmp\common.dll -> Adware.WebSearch : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq130.tmp\nzqlihv.wzg -> Adware.WebSearch : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq130.tmp\PIB.exe -> Adware.WebSearch : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq130.tmp\TBPS.exe -> Adware.WebSearch : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq130.tmp\TBPSSvc.exe -> Adware.WebSearch : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq130.tmp\toolbar.dll -> Adware.WebSearch : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp\bin\nls.exe -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp\sais.exe -> Adware.180Solutions : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> TrackingCookie.Casalemedia : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> TrackingCookie.Adserver : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\ysbactivex.dll -> Downloader.IstBar : Cleaned with backup
   C:\WINDOWS\gimmygames.exe -> Downloader.VB.vr : Cleaned with backup
   C:\WINDOWS\gimmygames9.exe -> Downloader.VB.ww : Cleaned with backup
   C:\WINDOWS\system32\AdService.dll -> Trojan.Agent.og : Cleaned with backup
   C:\WINDOWS\system32\en0ml1d11.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\g0040adqed0e0.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\i6jq0g15e6.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\ir2sl5f71.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\ir4ml5h11.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\ir8sl5l71.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\irp6l57s1.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\k6lqlg3516.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\k8no0i53e8.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\ktj6l71s1.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\ktlul7391.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\kzdest.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\l06o0aj3edo.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\m6po0g73e6.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\mvl4l93q1.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\n08o0al3edq.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\SvnthCore11Resources.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\sxsvc.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\wahisn.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\winbjt32.dll -> Trojan.Agent.og : Cleaned with backup
   C:\WINDOWS\Temp\~483948.tmp -> Adware.Wintol : Error during cleaning
   C:\WINDOWS\Temp\~540970.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~585342.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~615033.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~707015.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~779169.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~783512.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~785394.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~869831.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~873933.tmp -> Adware.Wintol : Error during cleaning
   C:\WINDOWS\Temp\~878524.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\winsysban10.exe -> Hijacker.VB.ld : Cleaned with backup
   C:\WINDOWS\winsysban3.exe -> Hijacker.VB.kc : Cleaned with backup
   C:\WINDOWS\winsysban8.exe -> Hijacker.VB.lg : Cleaned with backup
   C:\WINDOWS\winsysban9.exe -> Hijacker.VB.ld : Cleaned with backup
   C:\WINDOWS\winsysupd10.exe -> Downloader.VB.wg : Cleaned with backup
   C:\WINDOWS\winsysupd4.exe -> Hijacker.StartPage.ahg : Cleaned with backup
   C:\WINDOWS\winsysupd5.exe -> Hijacker.StartPage.ahg : Cleaned with backup
   C:\WINDOWS\winsysupd6.exe -> Downloader.VB.wg : Cleaned with backup
   C:\WINDOWS\winsysupd7.exe -> Downloader.VB.wg : Cleaned with backup
   C:\WINDOWS\winsysupd8.exe -> Hijacker.StartPage.ahg : Cleaned with backup
   C:\WINDOWS\winsysupd9.exe -> Downloader.VB.wy : Cleaned with backup
   C:\winsysban5.exe -> Hijacker.VB.kc : Cleaned with backup


::Report End
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #10 on: March 01, 2006, 01:00:05 AM »
Can you enter Yahoo's antispyware quarantine area and delete all backups(zip) files

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKCU\..\Run: [win msdt service] mswindtc.exe
O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe

O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\kt2ul7f91.dll (file missing)
O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing)


After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Run Windows CleanUp! on more time please

REBOOT the computer

Back in Windows post a fresh hijackthis log and let me know how things are running
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline monica_ian_ralliart

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #11 on: March 01, 2006, 04:15:05 AM »
Logfile of HijackThis v1.99.1
Scan saved at 5:08:55 PM, on 01/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Teachers-Desk
O17 - HKLM\Software\..\Telephony: DomainName = Teachers-Desk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Teachers-Desk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



everything is ok right now, no annoying pop ups as yet... Many thanks. any last steps? Do u recommend me to keep those programs? or can I uninstall some of them coz it's all over my desktop right now hahaha....
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #12 on: March 01, 2006, 05:57:18 PM »
Can you do the following please

For extra protection
*Install  SpywareBlaster 3.5.1 by JavaCool[/url]  
    *Will block bad ActiveX Controls
    *Block Malevolent cookies in Internet Explorer and Firefox
    *Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

I would like to see one more log again
Can you run WPFind again please
You can run it in normal mode, but after you click
Start Scan
Don't open or close any windows, let it finish, when the log opens post the contents back here please

Then we'll do some final steps and I'll let you know what you can delete or remove
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline monica_ian_ralliart

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #13 on: March 03, 2006, 02:34:35 AM »
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 1    Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Items found in C:\WINDOWS\hosts


Checking %System% folder...
PEC2                 29/08/2002 9:00:00 AM       41397      C:\WINDOWS\SYSTEM32\dfrg.msc
Umonitor             29/08/2002 9:00:00 AM       631808     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              29/08/2002 9:00:00 AM       1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1  www.qoologic.com
127.0.0.1  www.urllogic.com

qoologic             28/02/2006 5:48:52 PM       1554       C:\WINDOWS\SYSTEM32\drivers\etc\hosts.bak
urllogic             28/02/2006 5:48:52 PM       1554       C:\WINDOWS\SYSTEM32\drivers\etc\hosts.bak

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
                     02/03/2006 11:11:04 AM    S 2048       C:\WINDOWS\bootstat.dat
                     21/01/2006 4:11:16 PM    H  54156      C:\WINDOWS\QTFont.qfn
                     02/03/2006 11:11:04 AM    S 64         C:\WINDOWS\CSC\00000001
                     27/01/2006 3:34:10 PM     S 64         C:\WINDOWS\CSC\00000002
                     02/03/2006 3:11:28 PM    H  1024       C:\WINDOWS\system32\config\default.LOG
                     02/03/2006 5:14:58 PM    H  1024       C:\WINDOWS\system32\config\SAM.LOG
                     02/03/2006 5:11:20 PM    H  1024       C:\WINDOWS\system32\config\SECURITY.LOG
                     02/03/2006 5:34:34 PM    H  1024       C:\WINDOWS\system32\config\software.LOG
                     02/03/2006 12:13:20 PM   H  1024       C:\WINDOWS\system32\config\system.LOG
                     27/01/2006 4:07:36 PM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\31DDUENG\desktop.ini
                     27/01/2006 4:07:36 PM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W5IBO16R\desktop.ini
                     27/01/2006 4:07:36 PM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XVZY7NWB\desktop.ini
                     27/01/2006 4:07:36 PM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YZ6TKZKZ\desktop.ini
                     17/01/2006 6:33:46 PM    HS 388        C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e7590395-07b9-4622-a9aa-82a64bb29a0b
                     17/01/2006 6:33:46 PM    HS 24         C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
                     02/03/2006 11:11:04 AM   H  6          C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation          29/08/2002 9:00:00 AM       66048      C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       578560     C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       129024     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       150016     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       292352     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       121856     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       65536      C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       559616     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       256000     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation             25/01/2003 2:21:00 AM       139264     C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       36864      C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       36864      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems               30/01/2001 11:21:04 AM      24683      C:\WINDOWS\SYSTEM32\plugincpl130_02.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       109056     C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       268288     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       90112      C:\WINDOWS\SYSTEM32\timedate.cpl
HP Computer Corporation        04/01/2003 2:28:38 AM       122880     C:\WINDOWS\SYSTEM32\UICONFIG.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       121856     C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       65536      C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       187904     C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       559616     C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       35840      C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       36864      C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       147456     C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation          29/08/2002 9:00:00 AM       28160      C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
                     25/10/2005 10:33:38 AM      1824       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
                     27/11/2003 8:59:08 AM       1027       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
                     03/11/2002 7:35:32 AM    HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
                     22/04/2005 4:38:34 PM       1730       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
                     08/06/2005 5:33:28 PM       681        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
                     12/11/2003 5:33:44 PM       1559       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
                     02/11/2002 11:22:58 PM   HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini
                     25/11/2005 10:35:12 AM      1356       C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
                     03/11/2002 7:35:32 AM    HS 84         C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
                     02/11/2002 11:22:56 PM   HS 62         C:\Documents and Settings\Administrator\Application Data\desktop.ini
                     25/10/2005 10:43:36 AM      143952     C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
                     24/04/2005 4:23:22 PM       22080      C:\Documents and Settings\Administrator\Application Data\Microsoft Access.ADR
                     04/10/2005 11:45:56 AM      38463      C:\Documents and Settings\Administrator\Application Data\Microsoft Excel.ADR

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
   {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}    = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
   Adobe PDF = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\System32\msdxm.ocx
   {EF99BD32-C1FB-11D2-892F-0090271D4F88}    = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
   {47833539-D0C5-4125-9FA8-0819E2EAAC93}    = Adobe PDF   : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : C:\Program Files\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF   : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll
   {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
   {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF   : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   NvCplDaemon   RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
   DrvLsnr   C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
   AdaptecDirectCD   "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
   srmclean   C:\Cpqs\Scom\srmclean.exe
   CPQEASYACC   C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
   ccApp   "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
   ccRegVfy   "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
   iTunesHelper   "C:\Program Files\iTunes\iTunesHelper.exe"
   QuickTime Task   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   Symantec NetDriver Monitor   C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   ctfmon.exe   C:\WINDOWS\System32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption   
   legalnoticetext   
   shutdownwithoutlogon   1
   undockwithoutlogon   1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder                  {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn                            {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck                          {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray                           {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs   


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 02/03/2006 5:35:07 PM
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #14 on: March 03, 2006, 08:31:56 PM »
Can you again, Open HOSTER
Click on "Restore Original Hosts"
Ok the prompt

Then open Hijackthis>>Open Misc tools section>>Open Hosts file manager
Click the "Open In Notepad" button
A text file will open, copy and paste back here the whole contents please

Let me know how things are running
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline monica_ian_ralliart

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #15 on: March 04, 2006, 04:50:48 AM »
# Copyright © 1993-1999 Microsoft Corp.
#  
# This is a sample HOSTS file used by

Microsoft TCP/IP for Windows.
#  
# This file contains the mappings of IP

addresses to host names. Each
# entry should be kept on an individual

line. The IP address should
# be placed in the first column followed

by the corresponding host name.
# The IP address and the host name should

be separated by at least one
# space.
#  
# Additionally, comments (such as these)

may be inserted on individual
# lines or following the machine name

denoted by a "#" symbol.
#  
# For example:
#  
# 102.54.94.97 rhino.acme.com # source

server
# 38.25.63.10 x.acme.com # x client host
#  
127.0.0.1 localhost
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #16 on: March 04, 2006, 10:54:45 AM »
Looks good
*If everything is running better
Final Cleanup
We should clear all your restore points to ensure you don't restore any nasties that may be sitting idle
    Go to START>>RUN>>In the open field
    Type in
msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]                          
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

                 [indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
Hold onto SpywareBlaster 3.5.1
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
                   
*Make sure your Anti-Virus software is always kept up to date and actively running in the background

*Check for updates with your anti-spyware programs and run a scan on a regular basis
A great addition to Ad-Aware
is Spybot 1.4, I recommend installing it if you don't have it
You can download it from HERE
 or HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check all boxes and then download all updates
After update is complete
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer if any Red entries were fixed
Please Immunize after every update


Now would be a good time to Defragment your system if you haven't done it in awhile
*Keep up to date on Windows updates
This is the most important step in keeping your system secure
Service Pack 2 for Windows has been out for some time now and you still haven't updated
We have done steps to prepare your system for the installation
Please read this link
http://www.microsoft.com/windowsxp/sp2/default.mspx
Read the page>>Take note of the link    What to know before you download and install
In addition: Make sure you keep up on Microsoft Office updates
You will find a link at Windows Updates named "Office Family"

*Make sure your Firewall is enabled and running
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission
SP2 supplies a sufficient firewall, or you can install one from this LINK
The ones at the link will provide a more controlled enviroment, I consider them better protection
ONLY use ONE software firewall please, this includes the one in SP2
More than one will cause conflicts

You may also choose to hold onto Ewido and CleanUp!
Ewido will become a Limited version in a couple weeks
It's still a very good scanner to update and run once a month

What to delete,
Manually delete WPFind.zip and the Folder
Remove CWShredder.exe
Delete Killbox.exe, you can also delete the folder killbox made>>C:\!Killbox
Delete Hoster.zip and the .exe
Delete L2Mfix.exe and the .zip file
If your happy with the way everything is running, remove Hijackthis from add/remove programs and then delete the Hijackthis folder on the desktop

SpywareBlaster>>Ewido>>Spybot 1.4>>Ad-Aware>>CleanUp!
The above you will never want to manually delete, they have uninstallers, but HOLD onto all of them
The installers for these programs, if they still remain on the desktop, go ahead and delete them
The Shortcuts too the programs
I suggest you create a new folder on the desktop, call it something like "Malware"
Move the shortcuts to that new folder


Stay safe  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
« Last Edit: March 04, 2006, 11:20:32 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline monica_ian_ralliart

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #17 on: March 07, 2006, 10:49:41 PM »
Once again, thank you very much, no more pop ups... phew...
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Removing Annoying Pop ups
« Reply #18 on: March 07, 2006, 11:51:21 PM »
Glad to help, take care and stay safe  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
This topic is now locked as the problems appear resolved
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »