Popups(RESOLVED)

  1. 13-07-2006  #1
    amercm120
    amercm120 is offline Newbie

    Popups(RESOLVED)

    Hello, I recently posted a HJT log on your website and I just got around to following your instructions. Here is a HJT log after I did everything. Thank you for all of your help.


    Logfile of HijackThis v1.99.1
    Scan saved at 12:52:38 PM, on 7/13/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\soundman.exe
    C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Support.com\bin\jobcheck.exe
    C:\Program Files\Support.com\bin\tgshell.exe
    C:\Program Files\HijackThis\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [web ace] C:\DOCUME~1\Clayton\APPLIC~1\LIESAX~1\Gpl grid bleh.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1151631907229
    O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://aerial.leepa.org/ecwplugins/ncs.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Last edited by amercm120; 13-07-2006 at 09:03 PM.

  3. 13-07-2006  #2
    amercm120
    amercm120 is offline Newbie
    Here is the link to my previous thread: http://www.d-a-l.com/help/showthread.php?t=42627
  4. 14-07-2006  #3
    Neal
    Neal is offline Dedicated Member
    I need to see an Ewido scan log please as requested by VOPTHIS
  5. 15-07-2006  #4
    amercm120
    amercm120 is offline Newbie
    I decided to post a more recent HJT log in addition to the Ewido log. Thank you so much for your help.

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 9:23:58 PM 7/14/2006

    + Scan result:



    :mozilla.10:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.11:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.12:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.13:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.14:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.35:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.44:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.45:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.56:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.67:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.6:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.76:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.7:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.81:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.86:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.8:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.91:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.9:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.26:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Addynamix : No action taken.
    :mozilla.65:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Addynamix : No action taken.
    :mozilla.161:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Adserver : No action taken.
    :mozilla.162:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Adserver : No action taken.
    :mozilla.239:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Adserver : No action taken.
    :mozilla.240:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Adserver : No action taken.
    :mozilla.8:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Atdmt : No action taken.
    :mozilla.183:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Bluestreak : No action taken.
    :mozilla.152:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
    :mozilla.193:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
    :mozilla.120:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Burstnet : No action taken.
    :mozilla.46:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Burstnet : No action taken.
    :mozilla.124:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.130:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.132:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.135:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.137:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.149:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.177:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.29:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.65:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.66:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.67:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.68:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.69:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.70:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.70:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.71:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.72:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.73:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.74:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.74:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.11:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.38:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.148:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.200:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.201:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.63:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.64:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.161:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.162:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.163:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.201:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.206:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.209:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.150:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Overture : No action taken.
    :mozilla.151:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Overture : No action taken.
    :mozilla.152:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Overture : No action taken.
    :mozilla.153:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Overture : No action taken.
    :mozilla.212:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Overture : No action taken.
    :mozilla.87:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Overture : No action taken.
    :mozilla.88:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Overture : No action taken.
    :mozilla.89:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Overture : No action taken.
    :mozilla.238:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.239:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.243:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.255:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.27:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.28:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.29:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.30:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.155:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Qksrv : No action taken.
    :mozilla.156:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Qksrv : No action taken.
    :mozilla.36:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Qksrv : No action taken.
    :mozilla.43:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Qksrv : No action taken.
    C:\Documents and Settings\Clayton\Cookies\clayton@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
    :mozilla.164:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.165:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.166:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.167:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.168:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.82:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.83:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.84:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.85:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.86:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.128:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.173:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.178:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.75:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.19:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.20:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.21:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.22:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.23:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.37:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.38:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.39:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.40:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.41:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.22:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.23:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.241:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.242:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.243:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.244:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.245:C:\Program Files\Support.com\backup\Co\cookies.txt\25920_5a48 8ecf9_/cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.24:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.25:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.26:C:\Program Files\Support.com\backup\Co\cookies.txt\27826_59da e0ee3_/cookies.txt -> TrackingCookie.Zedo : No action taken.


    ::Report end

    --------------------------------------------------------------------------------------------------------
    --------------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 9:27:20 PM, on 7/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\soundman.exe
    C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HijackThis\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [web ace] C:\DOCUME~1\Clayton\APPLIC~1\LIESAX~1\Gpl grid bleh.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1151631907229
    O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://aerial.leepa.org/ecwplugins/ncs.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  6. 15-07-2006  #5
    Neal
    Neal is offline Dedicated Member
    Have you ever had Messenger Plus? It appears you may have a LOP infection from useing that program, so...



    Download and unzip to it's own folder:
    http://metallica.geekstogo.com/findlop.zip

    Run(Double Click) the findlop.bat which can be found in the findlop folder and post the result.


    Also...



    Open Hijackthis.

    Click the "Open the Misc Tools" section Button.

    Click the "Open Uninstall Manager" Button.

    Click the "Save list..." Button.

    Save it to your desktop. Copy and paste the contents into your reply.
  7. 15-07-2006  #6
    amercm120
    amercm120 is offline Newbie
    I have yet to remove the tracking cookies that were found in the ewido scan. When should I do so? Also, the same popups keep on reappreaing. Here are the results of findlop and HJT. Thank you once again.

    [TRACE] Enumerating jobs and queues
    [TRACE] Activating job 'A9C0D44C91BB4E24.job'
    [TRACE] Printing all job properties

    ApplicationName: 'c:\docume~1\clayton\applic~1\liesax~1\BIRDCOALWIN .exe'
    Parameters: ''
    WorkingDirectory: ''
    Comment: ''
    Creator: 'Clayton'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 05/27/2006 21:00:00
    NextRun: 07/15/2006 16:00:00
    StartError: S_OK
    ExitCode: 0
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 1
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 02/04/1996
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 1440
    MinutesInterval: 60
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0


    [TRACE] Activating job 'Symantec NetDetect.job'
    [TRACE] Printing all job properties

    ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
    Parameters: ''
    WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
    Comment: 'Symantec NetDetect'
    Creator: 'Miguel'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 04/03/2004 22:27:00
    NextRun: 07/15/2006 15:07:00
    StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
    ExitCode: 0x65
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 0
    TaskFlags: 0

    2 Triggers

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 04/03/2004
    EndDate: 00/00/0000
    StartTime: 01:27
    MinutesDuration: 1440
    MinutesInterval: 5
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 1:
    Type: AtLogon
    StartDate: 08/16/2003
    EndDate: 00/00/0000
    StartTime: 18:23
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    --------------------------------------------------------------------------------------------------------
    --------------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 3:06:34 PM, on 7/15/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\soundman.exe
    C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HijackThis\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [web ace] C:\DOCUME~1\Clayton\APPLIC~1\LIESAX~1\Gpl grid bleh.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1151631907229
    O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://aerial.leepa.org/ecwplugins/ncs.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  8. 15-07-2006  #7
    Neal
    Neal is offline Dedicated Member
    Yep, you got a LOP infection and we will see if we can get rid of it in a minute.


    I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
    1. Run Spybot-S&D
    2. Go to the Mode menu, and make sure "Advanced Mode" is selected
    3. On the left hand side, choose Tools -> Resident
    4. Uncheck "Resident TeaTimer" and OK any prompts
    You can reenable TeaTimer once your system is clean.


    Also...



    Open Hijackthis.

    Click the "Open the Misc Tools" section Button.

    Click the "Open Uninstall Manager" Button.

    Click the "Save list..." Button.

    Save it to your desktop. Copy and paste the contents into your reply.


    Download: Microsoft Task Scheduler Command Line Utility

    http://mvps.org/winhelp2002/jt.zip

    Unzip and copy jt.exe to your Windows folder.

    Open Notepad, copy and paste the below and "Save As" KillJobs.bat
    In the "Save as type" select: All Files

    @echo off
    jt /sd A9C0D44C91BB4E24.job


    Copy KillJobs.bat to your Windows folder.
    Double-click on "KillJobs.bat"
    (when prompted, allow the file to run)



    If you want to remove tracking cookies you must quarantine them after the scan is done.



    Remove from add/remove program if present:

    viewpoint/viewpoint manager/viewpoint media player
    weatherbug---if the free version
    LimeShop


    Reboot


    Run hiajckthis and click on scan buttton and put checks next to these:


    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKCU\..\Run: [web ace] C:\DOCUME~1\Clayton\APPLIC~1\LIESAX~1\Gpl grid bleh.exe---if still there after the above

    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)


    Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


    Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):



    DELETE FOLDERS

    C:\Program Files\Viewpoint
    C:\DOCUMENTS and SETTINGS\Clayton\APPLICATION DATA\LIESAX~1---folder begins with LIESAX
    C:\Program Files\LimeShop


    Reboot normal mode and post a hijackthis log and tell if popups are still coming and what do they say if so.
  9. 16-07-2006  #8
    amercm120
    amercm120 is offline Newbie
    Hello, I followed your instructions and I ran into a few roadblocks. I couldn't get KillJobs.bat to work. I copied and pasted @echo off jt/sd A9C0D44C91BB4E24.job into notepad and saved it as all files. I then copied both jt.exe and killjobs.exe into C:\WINDOWS and when that didn't work I copied then into C:\Documents and Settings\Clayton\WINDOWS. When both failed I skipped that step and continued on. When I went to change/remove Limeshop, I got WJView Error which read: ERROR: Could not execute Main: The system cannot find the file specified. Is this because I uninstalled Limewire several months ago yet there are still some components lying around? This is where I stopped and decided to write this because I didn't want to run the HJT and delete the folders until the aforementioned problems were resolved. By the way, here is my uninstall manager.


    Ad-Aware SE Personal
    Adobe PageMaker 7.0
    Adobe Reader 6.0
    Adware Away v2.2.8.9
    AIM Toolbar
    AOL Instant Messenger
    ARNZ ATR72-200 & 500
    AsfTools 3.1 (remove only)
    Audio Recorder Pro
    Avance AC'97 Audio
    AVI to VCD/DVD 4.02
    Azureus
    BellSouth FastAccess DSL Help Center
    BroadJump Client Foundation
    Call of Duty Game of the Year Edition
    Chaos Pack 1.00 for Pocket Tanks Deluxe
    Cinema Tycoon Gold (remove only)
    Codec Pack - All In 1 6.0.3.0
    Cole2k Media - Codec Pack (Advanced)
    Command & Conquer Generals
    Command and ConquerTM Generals Zero Hour
    Cucusoft iPod Movie/Video Converter 2.00
    dBpowerAMP Music Converter
    dBpowerAMP WMA V9.1 Codec
    DC Realism 1.0
    DesertCombat 0.7
    Digital Photo Navigator 1.0
    DiscWizard for Windows
    DivX Codec
    Easy CD Creator 5 Platinum
    ESPN Java Check
    ewido anti-spyware 4.0
    FrostWire
    G-Force
    Google Earth
    HijackThis 1.99.1
    HSP56 MicroModem Drivers
    Image Web Server IE Plugins 2,0,0,104
    iPod for Windows 2006-01-10
    iPod for Windows User Guide
    iPod Updater 2004-11-15
    iTunes
    J2SE Runtime Environment 5.0 Update 1
    Java 2 Runtime Environment Standard Edition v1.3.1_04
    Learn2 Player (Uninstall Only)
    LimeShop
    LiveReg (Symantec Corporation)
    LiveUpdate 2.0 (Symantec Corporation)
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    Media Library Management Wizard
    MediaInfo 0.7.2.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft Close Combat: A Bridge Too Far
    Microsoft Combat Flight Simulator 2
    Microsoft Data Access Components KB870669
    Microsoft Flight Simulator 2004 A Century of Flight
    Microsoft Office XP Professional with FrontPage
    Microsoft SQL Server Desktop Engine
    Microsoft Windows XP Video Decoder Checkup Utility
    Microsoft® Winter Fun Pack 2004 for Windows® XP
    Motorola Handset USB Driver
    Movie Maker Background Music Files
    Movie Maker Sound Effects
    Movie Maker Title Images
    MPEG Joiner
    MSN Music Assistant
    My Toolbar - Toolbar
    NVIDIA Drivers
    oggcodecs 0.71.0946
    Panda ActiveScan
    PartyPoker
    Personal License Update Wizard for Windows Media Player
    Plus! MP3 Audio Converter LE
    PQ DVD to iPod Video Converter (remove only)
    Prentice Hall Biology Exploring Life Online Activities
    ProSavageDDR and Utilities
    PSP Movie Creator(remove only)
    PSP Video Express(remove only)
    PunkBuster for Battlefield 1942
    QuickTime
    Roll
    S3Display
    S3Gamma2
    S3Info2
    S3Overlay
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Sony Sound Forge 8.0b
    Spybot - Search & Destroy 1.4
    Sure Delete 5.1.1
    Switch Uninstall
    Symantec AntiVirus Client
    Uniblue Registry Booster
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    VIA Rhine-Family Fast Ethernet Adapter
    WavePad Uninstall
    Web Savings from Ebates
    Webinblue A-10A Thunderbolt II for CFS2
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Media Bonus Pack for Windows XP
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 9 Series Winter Fun Pack
    Windows Media Player Playlist Import to Excel Wizard
    Windows Media Player Skin Importer
    Windows Media Player Tray Control
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB884020
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    WinRAR archiver
    WinZip
    Xfire (remove only)
    XPlay
    ZoneAlarm
  10. 16-07-2006  #9
    Neal
    Neal is offline Dedicated Member
    OK, you can delete the limeshop folder if you have already uninstalled limewire and just skip the LOP part above we will go a different route on that, just do everything else. Now let's see if we can get rid of LOP below. Do killbox thing first before trying to do hijackthis fix. Thanks.


    Please download the Killbox by Option^Explicit.

    Note:In the event you already have Killbox, this is a new version that I need you to download.
    • Save it to your desktop.
    • Please double-click Killbox.exe to run it.
    • Select
      • "Delete on Reboot
      • Then click on either the "All Files" button if there is more than 1 item to Delete.
    • Please copy the file path(s) below to the clipboard by highlighting ALL of them and pressing CTRL + C

      [b]A9C0D44C91BB4E24.job

    • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
    • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
    If your computer does not restart automatically, please restart it manually.


    Post a new hijackthis log after the above please.
  11. 17-07-2006  #10
    amercm120
    amercm120 is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    When I opened killbox, no files or folders appeared. That is where I stopped. Thank you for your time, it is very much appreciated.
+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
« hey | Please check HijackThis log »