Sign in with
Sign up | Sign in
Your question

Help Please With Annoying Popups - Highjack This File

Last response: in Windows XP
Share
August 2, 2005 7:01:01 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Can't get rid of popups dispite having all the most recommended
Spyware,Adware and Popup programs. Seems like it is being generated by
something I downloaded. I'm including a copy of my HJT log. Hope
someone can help. Thanks ...
Scott.



Logfile of HijackThis v1.99.1
Scan saved at 11:55:09 AM, on 8/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\Grxp4exe.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-ca\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HHVcdV5Sys\VC5Play.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\BOINC\boinc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Agent\agent.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.weatheroffice.ec.gc.ca/city/pages/ns-34_metr...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.weatheroffice.ec.gc.ca/city/pages/ns-34_metr...
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: PopStop - {20988EDF-4CB5-4083-9829-262BBFD0CD52} -
C:\WINDOWS\system32\PopStop.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
- C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor -
{B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: Norton Internet Security -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Omnipage] C:\Program
Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft
Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton
SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
Apps\Updater\01.03.0000.1005\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VC5Player] "C:\Program
Files\HHVcdV5Sys\VC5Play.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media
Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program
Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program
Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program
Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI
Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton
SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A}
/MODE CfgWiz
O4 - HKCU\..\Run: [MIX SURF]
C:\DOCUME~1\ADMINI~1\APPLIC~1\DOWNLO~1\InterAmen.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program
Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Program
Files\BOINC\boincmgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PopStop - {20988EDF-4CB5-4083-9829-262BBFD0CD52} -
C:\WINDOWS\system32\PopStop.dll
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} -
C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD}
- C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
-
http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program
Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton Internet
Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program
Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program
Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software
GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
Anonymous
August 2, 2005 7:01:02 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Scott wrote:
> Can't get rid of popups dispite having all the most recommended
> Spyware,Adware and Popup programs. Seems like it is being generated by
> something I downloaded. I'm including a copy of my HJT log. Hope
> someone can help. Thanks ...

This ain't the place for HJT logs.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
August 2, 2005 7:01:02 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Scott wrote:

> Can't get rid of popups dispite having all the most recommended
> Spyware,Adware and Popup programs. Seems like it is being generated by
> something I downloaded. I'm including a copy of my HJT log. Hope
> someone can help. Thanks ...
> Scott.

Here are links to forums where you can post your HJT log. Pick one of
them and reading the posting FAQ first:

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtu... -
another tutorial
http://aumha.net/viewforum.php?f=30
http://castlecops.com/forum67.html
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Related resources
Anonymous
August 2, 2005 9:35:14 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Have hijackthis fix the following lines.

O4 - HKCU\..\Run: [MIX SURF]
C:\DOCUME~1\ADMINI~1\APPLIC~1\DOWNLO~1\InterAmen.exe

Then Download, install, update and run all of the following.

Ad-Aware
http://www.pcbutts1.com/downloads/aawsepersonal.exe

Spybot search and destroy
http://www.pcbutts1.com/downloads/spybotsd14.exe

Microsoft Windows AntiSpyware (Beta1)
http://www.microsoft.com/downloads/details.aspx?FamilyI...

Ewido Security Suite trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Scott" <shale132@hotmail.com> wrote in message
news:nb2ve19tjuo1ktskmpsgbe3b3injgeme5e@4ax.com...
> Can't get rid of popups dispite having all the most recommended
> Spyware,Adware and Popup programs. Seems like it is being generated by
> something I downloaded. I'm including a copy of my HJT log. Hope
> someone can help. Thanks ...
> Scott.
>
>
>
> Logfile of HijackThis v1.99.1
> Scan saved at 11:55:09 AM, on 8/2/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> C:\Program Files\Norton Internet Security\ISSVC.exe
> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
> C:\Program Files\Microsoft Hardware\Mouse\point32.exe
> C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
> C:\Program Files\Logitech\iTouch\iTouch.exe
> C:\WINDOWS\system32\Grxp4exe.exe
> C:\WINDOWS\system32\LVCOMSX.EXE
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
> C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-ca\msnappau.exe
> C:\Program Files\QuickTime\qttask.exe
> C:\Program Files\HHVcdV5Sys\VC5Play.exe
> C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
> C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
> C:\Program Files\Logitech\Video\LogiTray.exe
> C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
> C:\Program Files\Logitech\ImageStudio\LogiTray.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
> C:\WINDOWS\system32\ctfmon.exe
> c:\progra~1\intern~1\iexplore.exe
> C:\Program Files\Spyware Doctor\swdoctor.exe
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BackWeb-8876480.exe
> C:\Program Files\Logitech\Video\FxSvr2.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\BOINC\boincmgr.exe
> C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
> C:\Program Files\Norton Internet Security\Norton
> AntiVirus\navapsvc.exe
> C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
> C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
> C:\Program Files\BOINC\boinc.exe
> C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> C:\Program Files\HHVcdV5Sys\VC5SecS.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
> C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
> C:\Program Files\MSN\MSNCoreFiles\msn6.exe
> C:\Program Files\MSN Messenger\msnmsgr.exe
> C:\Program Files\Agent\agent.exe
> C:\Program Files\Logitech\Video\AlbumDB2.exe
> C:\Program Files\HJT\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.weatheroffice.ec.gc.ca/city/pages/ns-34_metr...
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.weatheroffice.ec.gc.ca/city/pages/ns-34_metr...
> O2 - BHO: Yahoo! Companion BHO -
> {02478D38-C3F9-4efb-9B51-7695ECA05670} -
> C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
> O2 - BHO: PopStop - {20988EDF-4CB5-4083-9829-262BBFD0CD52} -
> C:\WINDOWS\system32\PopStop.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
> - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
> O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
> Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
> O2 - BHO: Norton Internet Security -
> {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common
> Files\Symantec Shared\AdBlocking\NISShExt.dll
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
> files\google\googletoolbar1.dll
> O2 - BHO: PCTools Browser Monitor -
> {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
> C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
> O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
> C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
> C:\Program Files\Norton Internet Security\Norton
> AntiVirus\NavShExt.dll
> O3 - Toolbar: &Yahoo! Companion -
> {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
> O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
> C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
> O3 - Toolbar: Norton Internet Security -
> {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common
> Files\Symantec Shared\AdBlocking\NISShExt.dll
> O3 - Toolbar: Norton AntiVirus -
> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
> Internet Security\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar1.dll
> O4 - HKLM\..\Run: [Omnipage] C:\Program
> Files\ScanSoft\OmniPageSE\opware32.exe
> O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft
> Hardware\Mouse\point32.exe
> O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
> O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
> O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
> Files\Logitech\iTouch\iTouch.exe
> O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
> O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
> AntiSpyware\gcasServ.exe"
> O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton
> SystemWorks\Norton Ghost\Agent\GhostTray.exe
> O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
> C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
> O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
> Apps\Updater\01.03.0000.1005\en-ca\msnappau.exe"
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [VC5Player] "C:\Program
> Files\HHVcdV5Sys\VC5Play.exe"
> O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media
> Creator 7\Drag to Disc\DrgToDsc.exe"
> O4 - HKLM\..\Run: [CloneCDTray] "C:\Program
> Files\SlySoft\CloneCD\CloneCDTray.exe" /s
> O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
> O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
> Files\Logitech\Video\ISStart.exe
> O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
> Files\Logitech\Video\LogiTray.exe
> O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
> Files\Logitech\QCDriver3\LVCOMS.EXE
> O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program
> Files\Logitech\ImageStudio\ISStart.exe
> O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program
> Files\Logitech\ImageStudio\LogiTray.exe
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI
> Multimedia\main\ATIDtct.EXE
> O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton
> SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A}
> /MODE CfgWiz
> O4 - HKCU\..\Run: [MIX SURF]
> C:\DOCUME~1\ADMINI~1\APPLIC~1\DOWNLO~1\InterAmen.exe
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
> Doctor\swdoctor.exe" /Q
> O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program
> Files\Logitech\Video\ManifestEngine.exe" boot
> O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BackWeb-8876480.exe
> O4 - Startup: PowerReg Scheduler.exe
> O4 - Global Startup: BOINC Manager.lnk = C:\Program
> Files\BOINC\boincmgr.exe
> O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
> Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
> O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
> present
> O8 - Extra context menu item: &Google Search - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsearch.html
> O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
> Files\Yahoo!\Common/ycsrch.htm
> O8 - Extra context menu item: Backward Links - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
> O8 - Extra context menu item: Similar Pages - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsimilar.html
> O8 - Extra context menu item: Translate into English -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
> O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
> Files\Yahoo!\Common/ycdict.htm
> O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
> Files\Yahoo!\Common/ycdict.htm
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
> - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
> O9 - Extra button: PopStop - {20988EDF-4CB5-4083-9829-262BBFD0CD52} -
> C:\WINDOWS\system32\PopStop.dll
> O9 - Extra button: Spyware Doctor -
> {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
> C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
> O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} -
> C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
> O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD}
> - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
> O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
> {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
> Files\Yahoo!\Messenger\yhexbmes0521.dll
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
> - C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
> (MessengerStatsClient Class) -
> http://messenger.zone.msn.com/binary/MessengerStatsPACl...
> O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
> -
> http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
> O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
> -
> http://a840.g.akamai.net/7/840/537/2004061001/housecall...
> O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
> (MsnMessengerSetupDownloadControl Class) -
> http://messenger.msn.com/download/MsnMessengerSetupDown...
> O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
> http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
> O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
> http://messenger.zone.msn.com/binary/Chess.cab31267.cab
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec
> Shared\ccEvtMgr.exe
> O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation
> - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
> O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec
> Shared\ccPwdSvc.exe
> O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec
> Shared\ccSetMgr.exe
> O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program
> Files\Norton Internet Security\ISSVC.exe
> O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
> Symantec Corporation - C:\Program Files\Norton Internet
> Security\Norton AntiVirus\navapsvc.exe
> O23 - Service: Norton Ghost - Symantec Corporation - C:\Program
> Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
> O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
> Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
> O23 - Service: SAVScan - Symantec Corporation - C:\Program
> Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
> O23 - Service: ScriptBlocking Service (SBService) - Symantec
> Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec
> Shared\SNDSrvc.exe
> O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> O23 - Service: Speed Disk service - Symantec Corporation -
> C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
> O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
> Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\Security
> Center\SymWSC.exe
> O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software
> GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
>
>
Anonymous
August 2, 2005 9:35:15 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

pcbutts1 wrote:
> Have hijackthis fix the following lines.
>
> O4 - HKCU\..\Run: [MIX SURF]
> C:\DOCUME~1\ADMINI~1\APPLIC~1\DOWNLO~1\InterAmen.exe <snip>

Notice pcButthead doesn't tell you why to remove it. Ask him to give
you a specific explanation as to why it should be removed, BEFORE you do
anything.

pcButthead has a very poor reputation in this newsgroup, so you are much
better off following Malke's advice and ask REAL HJT experts, not some
butthead that really doesn't know what he is doing.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 2, 2005 10:14:23 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

You going to start it up again kunttrail?

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
news:uWIUvv4lFHA.708@TK2MSFTNGP09.phx.gbl...
> pcbutts1 wrote:
>> Have hijackthis fix the following lines.
>>
>> O4 - HKCU\..\Run: [MIX SURF]
>> C:\DOCUME~1\ADMINI~1\APPLIC~1\DOWNLO~1\InterAmen.exe <snip>
>
> Notice pcButthead doesn't tell you why to remove it. Ask him to give you
> a specific explanation as to why it should be removed, BEFORE you do
> anything.
>
> pcButthead has a very poor reputation in this newsgroup, so you are much
> better off following Malke's advice and ask REAL HJT experts, not some
> butthead that really doesn't know what he is doing.
>
> --
> Peace!
> Kurt
> Self-anointed Moderator
> microscum.pubic.windowsexp.gonorrhea
> http://microscum.com/mscommunity
> "Trustworthy Computing" is only another example of an Oxymoron!
> "Produkt-Aktivierung macht frei"
>
Anonymous
August 2, 2005 10:14:24 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

pcbutts1 wrote:
> You going to start it up again kunttrail?

Notice that he had the opportunity to explain his advise, but didn't.

That's a sure sign that he knows not what he is talking about.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
August 3, 2005 10:40:34 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Scott wrote:

> Can't get rid of popups dispite having all the most recommended
> Spyware,Adware and Popup programs. Seems like it is being generated by
> something I downloaded. I'm including a copy of my HJT log. Hope
> someone can help. Thanks ...
> Scott.
>
>
>
> Logfile of HijackThis v1.99.1
> Scan saved at 11:55:09 AM, on 8/2/2005

Scott, hopefully you've posted the log to one of the forums that Malke
suggested. This is not the place for HJT logs and ignore pcbutts1.


--
Rock
MS MVP Windows - Shell/User
!