-
December 12th, 2006, 03:38 AM
#11
Please get rid of the "09 extra button"
-
December 12th, 2006, 04:38 AM
#12
Junior Member
Logfile of HijackThis v1.99.1
Scan saved at 7:36:49 PM, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\PHG.PHG-OSIF27X9QUK\My Documents\hijackthis\HijackThis.exe
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155192292151
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Here are some of the websites that popup
!youbebo.com
!tvlord.com
!gazabo.com
!relood.com/
!anyfreetime.com/?4a4830f0
!yousolo.com
-
December 12th, 2006, 12:18 PM
#13
OK, what do you have "Alcohol 120" for?
-
December 12th, 2006, 04:55 PM
#14
All those "cookies" are from spyware companies known to put out self-reinstalling and stealthed programs. They harvest information and they phone home.
You can start by blocking cookies from those domains. You can also make sure your popup blocker is active and not compromised or you can use a 3rd party popup blocker like the Google toolbar.
In IE open Tools>Pop UP blocker>PopUp blocker settings
Check your IE security settings also.
All of the mentioned malware are known issues contained in the Spybot Search and Destroy database and should be able to be removed using spybot from safe mode.
Are you running spywareblaster? This program helps prevent lot of these objects from being installed in the first place.
http://www.javacoolsoftware.com/spywareblaster.html
You can manage your HOSTS file using this tool.. http://hostsman.abelhadigital.com/
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
Claude Swanson
-
December 15th, 2006, 04:05 AM
#15
Junior Member
I downloaded hostsman and added the websites, the websites still pop-up but cannot be accessed, is there a way to stop them? It is only those specific pop ups. Even if I am not surfing the web they pop up like clock work.
-
December 15th, 2006, 06:02 PM
#16
Originally Posted by phgonline
I downloaded hostsman and added the websites, the websites still pop-up but cannot be accessed, is there a way to stop them? It is only those specific pop ups. Even if I am not surfing the web they pop up like clock work.
Did you use Ccleaner?
One other thing you may want to do at this point is flush out your system restore points.
Warning: All restore points will be deleted! - User must be logged on as Administrator
- Right click the My Computer icon on the Desktop and click on Properties.
- Click on the System Restore tab.
- Put a check mark next to 'Turn off System Restore on All Drives'.
- Click the 'OK' button.
- You will be prompted to restart the computer. Click Yes.
Note: To Enable System Restore, follow steps one to six and on step four remove the check mark next to 'Turn off System Restore on All Drives'. A new restore point will automatically be created. Using Disk Cleanup with the System Restore option, all restore points will be deleted except for the most recent restore point.
After you have rebooted the system a few times, run your cleaners and do a defrag.
IMO getting this will help.. Bite the Bullit and get Firefox
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
Claude Swanson
-
December 16th, 2006, 03:40 AM
#17
Junior Member
Thats where the popups are coming from now after I updated windows to SP2. Before it was only in IE then after the update they started poping up in Firefox... Anyways I have ccleaners and used it but they still pop up, I will try the disk cleanup.
-
December 16th, 2006, 12:24 PM
#18
OK, maybe a different approach will work?
First a couple of questions:
1. Do the pop-ups happen when you boot into safe mode ?
2. Have you run Crap Cleaner and your scans in safe mode ?
You might try this:
1. Get WinPatrol from BillP Studios
2. Use the tools to check out cookies, BHOs and the like
3. Go into the "startup" module and disable everything you don't really absolutely need for your PC to function. This does not remove them, it just stops them from automatically loading on bootup. In particular disable stuff that you have downloaded from anywhere that is not the original author's site.
4. Reboot into safe mode and run your CrapCleaner and scans.
5. Reboot into normal mode.
Do you still get the pop-ups?
-
December 18th, 2006, 11:47 PM
#19
Junior Member
When in safe mode I don't get the pop-ups and I already used ccleaner in safe mode, I will try out winpatrol and see what happens.
-
December 19th, 2006, 12:30 AM
#20
I am beginning to suspect that you may have downloaded something from a compromised website. Whilst it probably does what it is supposed to, it could well be the source of these pop-ups as well.
Hey, this is a wild guess, but it seems to fit your experience?
1. A variety of scanners find nothing, not even in safe mode. I would have at least expected them to find something suspicious, even if they couldn't clean it.
2. HijackThis! doesn't seem to show anything that I see as an obvious threat (mind you, I do not claim to be an expert )
3. Whatever it is doesn't start in safe mode.
So, it must be something non-essential in startup that is causing this?
My suggestion would be to shut down all stuff that is not absolutely essential and see if this solves the problem. Then just start things manually, one at a time and wait a bit after each item, until you get the problem again. The last item you started will be the culprit.
Obviously, you should do this offline. I am afraid that it may be quite time consuming.
If you are running any downloaded "Warez" or "cracks" then those will be your most likely suspects.
Try to remember what you downloaded immediately before this problem started.
Incidentally, when you run your scans do you select:
1. All files
2. Full system scan
3. Heuristic scan
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|