Jump to content
joeldeman

Pop ups

Recommended Posts

I am having all sort of pop ups out of nowhere. I have run spybot and this is my hijack this log. Please help.

Logfile of HijackThis v1.99.1

Scan saved at 8:34:19 PM, on 9/22/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSystem32WLTRYSVC.EXE

C:WINDOWSSystem32bcmwltry.exe

C:WINDOWSsystem32LEXBCES.EXE

C:WINDOWSsystem32spoolsv.exe

C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

C:Program FilesCommon FilesCreative Labs SharedServiceCreativeLicensing.exe

C:WINDOWSsystem32CTsvcCDA.exe

C:WINDOWSsystem32LEXPPS.EXE

C:WINDOWSeHomeehRecvr.exe

C:WINDOWSeHomeehSched.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

C:Program FilesMicrosoft SQL ServerMSSQL$MICROSOFTSMLBIZBinnsqlservr.exe

C:Program FilesDellQuickSetNICCONFIGSVC.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesTrend MicroAntiVirus 2007tavsvc.exe

C:Program FilesTrend MicroAntiVirus 2007Componentstmproxy.exe

C:WINDOWSsystem32UStorSrv.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:WINDOWSsystem32WLTRAY.exe

C:WINDOWSstsystra.exe

C:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe

C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe

C:WINDOWSSystem32DLADLACTRLW.EXE

C:Program FilesLexmark 1200 Serieslxczbmgr.exe

C:Program FilesTrend MicroAntiVirus 2007tavui.exe

C:Program FilesLexmark 1200 Serieslxczbmon.exe

C:Program FilesQuickTimeQTTask.exe

C:Program FilesiTunesiTunesHelper.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesSpybot - Search & DestroyTeaTimer.exe

C:Program FilesInternet ExplorerIEXPLORE.EXE

C:Program FilesInternet ExplorerIEXPLORE.EXE

C:WINDOWSsystem32dllhost.exe

C:Program FilesiPodbiniPodService.exe

C:Program FilesPC Connectivity SolutionServiceLayer.exe

C:PROGRA~1Yahoo!browserycommon.exe

C:Program FilesYahoo!browserybrwicon.exe

C:Documents and SettingsJoelSmithDesktophijackthisHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://att.yahoo.com/

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:PROGRA~1Yahoo!Commonyiesrvc.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSSystem32DLADLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:Program FilesBAEBAE.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:Program FilesYahoo!browserYSidebarIEBHO.dll

O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe

O4 - HKLM..Run: [broadcom Wireless Manager UI] C:WINDOWSsystem32WLTRAY.exe

O4 - HKLM..Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe /r

O4 - HKLM..Run: [updReg] C:WINDOWSUpdReg.EXE

O4 - HKLM..Run: [iSUSPM Startup] "C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup

O4 - HKLM..Run: [iSUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start

O4 - HKLM..Run: [DLA] C:WINDOWSSystem32DLADLACTRLW.EXE

O4 - HKLM..Run: [Lexmark 1200 Series] "C:Program FilesLexmark 1200 Serieslxczbmgr.exe"

O4 - HKLM..Run: [Trend Micro AntiVirus 2007] C:Program FilesTrend MicroAntiVirus 2007tavui.exe -1 --delay 15

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"

O4 - HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime

O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"

O4 - HKLM..Run: [Army browse cdrom vga] C:Documents and SettingsAll UsersApplication DataMfcd upload army browseidle once.exe

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncwcescomm.exe"

O4 - HKCU..Run: [Vc ball] C:DOCUME~1JOELSM~1APPLIC~1SAVESE~1SetupGlobal.exe

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1Office12EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll

O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:PROGRA~1Yahoo!Commonyiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MI1933~1OFFICE11REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O10 - Unknown file in Winsock LSP: c:windowssystem32tmlsp.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32tmlsp.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32tmlsp.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32tmlsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll

O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab

O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab

O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab

O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:Program FilesCommon FilesCreative Labs SharedServiceCreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:Program FilesMicrosoft SQL ServerMSSQL$MICROSOFTSMLBIZBinnsqlservr.exe" -sMICROSOFTSMLBIZ (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:Program FilesDellQuickSetNICCONFIGSVC.exe

O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe

O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:Program FilesMicrosoft SQL ServerMSSQL$MICROSOFTSMLBIZBinnsqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:Program FilesTrend MicroAntiVirus 2007tavsvc.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:Program FilesTrend MicroAntiVirus 2007Componentstmproxy.exe

O23 - Service: UStorage Server Service - OTi - C:WINDOWSsystem32UStorSrv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:WINDOWSSystem32WLTRYSVC.EXE

Share this post


Link to post
Share on other sites

POP UPS !!!  I remember those....

Joel, welcome.  As above, be sure to scan your computer inside and out for spyware and viruses...use multiple different engines (ie. online scans) for each until you're SURE you've used every fine-tooth comb out there.  And don't bother paying for security software... no point, as there are many great freeware out there.  And look into getting a browser with a built-in popup blocker.  I use Firefox 2.0  -->  http://www.mozilla.com/en-US/firefox/?from=getfirefox

Last tip.... quit clicking on the popups!  I know that they promise you the world...but it's all lies!  (jj...maybe)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...