Jump to content


Photo

POP UP ADS


  • Please log in to reply
1 reply to this topic

#1 wooster

wooster

    Member

  • New Member
  • Pip
  • 2 posts

Posted 25 June 2004 - 02:25 PM

hi......new user here....ive read the faq's....

i keep getting adverts popping up in big and small boxes on my screen.....

these are my hijack log and start up list texts:

Logfile of HijackThis v1.97.7
Scan saved at 20:22:12, on 25/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\documents and settings\tony\local settings\temp\Rjx4lGp.exe
C:\WINDOWS\System32\easocs.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\tasipt12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SysAI\SysAI.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Rjx4lGp.exe] C:\documents and settings\tony\local settings\temp\Rjx4lGp.exe
O4 - HKLM\..\Run: [tpFS39X] easocs.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [cEw2RVbpe] tasipt12.exe
O4 - Startup: Update Visual Trading.lnk = C:\Program Files\VTrading\WiseUpdt.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://download.yaho...bt/yregucfg.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1070738738110
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howu...nload/appdl.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downlo...es/IA/ia_XP.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.c...lient/setup.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7961.4497222222
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downlo...UTH_pack_XP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {D6526FE0-E651-11CF-99CB-00C04FD64497} (Microsoft MSChat Control Object) - http://www.forextips...t/mschatocx.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...ildAppNonUS.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD140970-ECAD-4F5D-99F3-B8265CE7966E}: NameServer = 194.74.65.86 194.72.9.44


StartupList report, 25/06/2004, 20:23:19
StartupList version: 1.52
Started from : C:\unzipped\hijackthis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\documents and settings\tony\local settings\temp\Rjx4lGp.exe
C:\WINDOWS\System32\easocs.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\tasipt12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SysAI\SysAI.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\unzipped\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Tony\Start Menu\Programs\Startup]
Update Visual Trading.lnk = C:\Program Files\VTrading\WiseUpdt.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
DataCaching = C:\PROGRA~1\DATACA~1\FLashKsk.exe
InCD = C:\Program Files\Ahead\InCD\InCD.exe
NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
SpeedTouch USB Diagnostics = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Advanced Tools Check = C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
HP Software Update = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
SM1BG = C:\WINDOWS\SM1BG.EXE
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
Rjx4lGp.exe = C:\documents and settings\tony\local settings\temp\Rjx4lGp.exe
tpFS39X = easocs.exe
AutoUpdater = "C:\Program Files\AutoUpdate\AutoUpdate.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
(Default) =
cEw2RVbpe = tasipt12.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\SysAI\AproposPlugin.dll - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[RegUserCfgUI Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yregucfg.dll
CODEBASE = http://download.yaho...bt/yregucfg.cab

[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://download.micr...b?1070738738110

[ICSScannerLight Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ICSScannerLight.dll
CODEBASE = http://download.zone...ee/cm/ICSCM.cab

[Cult3D ActiveX Player]
InProcServer32 = C:\WINDOWS\System32\Cult3D\IECult.dll
CODEBASE = http://www.cult3d.co...wnload/cult.cab

[AppDLCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\appdl.dll
CODEBASE = http://download.howu...nload/appdl.cab

[{486E48B5-ABF2-42BB-A327-2679DF3FB822}]
InProcServer32 = C:\WINDOWS\System32\ia.dll
CODEBASE = http://akamai.downlo...es/IA/ia_XP.cab

[InstallShield Setup Player 2K2]
CODEBASE = http://www.napster.c...lient/setup.exe

[InstallShield International Setup Player]
InProcServer32 = c:\windows\downlo~1\isetup.dll
CODEBASE = http://www.installen...gine/isetup.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupd...7961.4497222222

[WebResponseAttachments Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\FILETR~1.OCX
CODEBASE = https://webresponse....eX/FileXfer.cab

[EGP2ECOM Class]
InProcServer32 = C:\WINDOWS\System32\P2ECOM.dll
CODEBASE = http://akamai.downlo...UTH_pack_XP.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[Microsoft MSChat Control Object]
InProcServer32 = C:\WINDOWS\System32\MSChat.ocx
CODEBASE = http://www.forextips...t/mschatocx.cab

[WMService Class]
InProcServer32 = C:\WINDOWS\WildApp.dll
CODEBASE = http://download.over...ildAppNonUS.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Documents and Settings\Tony\pctspk.exe||C:\DOCUME~1\Tony\LOCALS~1\Temp\_iu14D2N.tmp||C:\Documents and Settings\Tony\pctspk.exe|||L

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 9,395 bytes
Report generated in 0.090 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#2 wooster

wooster

    Member

  • New Member
  • Pip
  • 2 posts

Posted 28 June 2004 - 09:19 AM

hi.....ive not had reply to my post of 25 june at 2.25pm and wondered if anybody had any ideas........the pop up ads are driving me up the wall and any help would be appreciated......

thanks

wooster




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button