Not Sure? Popups Are Search Inquire, Partypoker, Red Mccombs...

Unknown
edited November 2005 in Spyware & Virus Removal
Let me start by thanking you for taking the time to read this. I have ran all kinds of spyware progs, to no avail.
I have ran adaware se, spybot s+d, bulletproof, cws shredder, lqfix, l2mfix and as I am typing now they are still popups. I am throughing myself at the mercy of your expertise as I am at a complete and utter loss on where to go now. I will now pass on this problem and bow down to the superior skills of the experts, as I have failed!

Logfile of HijackThis v1.99.1
Scan saved at 1:14:46 AM, on 11/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Documents and Settings\HP_Administrator\Desktop\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Comments

  • TroganTrogan London, UK
    edited November 2005
    Hi,

    Please move HJT from your Desktop to its own folder on your C: so backups can be created. Do this before continuing.
    ===


    Run HiJackThis then:

    1. Click "Open the Misc Tools Section"
    2. Click "Open Process manager"

    -

    Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

    C:\WINDOWS\ALCXMNTR.EXE

    Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.
    ===


    Do a search for ALCXMNTR.EXE, if found, delete it.
    ===


    Download Ewido Security Suite
    1. Install ewido security suite
    2. When installing the program, under "Additonal Options" uncheck..
      • Install background guard
      • Install scan via context menu
    3. Launch ewido, there should now be an icon on your desktop, double-click it.
    4. The program will now open to the main screen.
    5. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    6. You will need to update ewido to the latest definition files:
      • On the left hand side of the main screen click update.
      • Then click on Start Update.
    7. The update will start and a progress bar will show the updates being installed.
      (the status bar at the bottom will display "Update successful")

    If you are having problems with the updater, you can use this link to manually update ewido.
    Ewido Manual Updates

    Once the updates are installed, do the following:
    1. Click on scanner.
    2. Click on Complete System Scan, the scan will now begin.
    3. While the scan is in progress you will be promted to clean files, click OK.
    4. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
    5. Once the scan has completed, there will be a button located at the bottom of the screen named Save Report.
    6. Click Save Report.
    7. Now save the report .txt file to your desktop.

    Now close ewido security suite.
    ===


    How are things now?
  • JohnnyMc
    edited November 2005
    Once all that finished I still had popups from Search Inquire. Here is a new log file.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:53:13 AM, on 11/25/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\HJT\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
    O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • TroganTrogan London, UK
    edited November 2005
    Your log is 100% clean.


    I think the popups your getting are just the odd ones that appear in websites...


    Try this:

    Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
    Click the Free Trial link under to "SpySweeper" to download the program.
    Install it. Once the program is installed, it will open.
    It will prompt you to update to the latest definitions, click Yes.
    Once the definitions are installed, click Options on the left side.
    Click the Sweep Options tab.
    Under What to Sweep please put a check next to the following:
    Sweep Memory
    Sweep Registry
    Sweep Cookies
    Sweep All User Accounts
    Enable Direct Disk Sweeping
    Sweep Contents of Compressed Files
    Sweep for Rootkits
    Please UNCHECK Do not Sweep System Restore Folder.
    Click Sweep Now on the left side.
    Click the Start button.
    When it's done scanning, click the Next button.
    Make sure everything has a check next to it, then click the Next button.
    It will remove all of the items found.
    Click Session Log in the upper right corner, copy everything in that window.
    Click the Summary tab and click Finish.
    Paste the contents of the session log you copied into your next reply.



    How are things after this scan?
  • JohnnyMc
    edited November 2005
    ok here it is finally.

    ********
    1:06 AM: | Start of Session, Friday, November 25, 2005 |
    1:06 AM: Spy Sweeper started
    1:06 AM: Sweep initiated using definitions version 575
    1:06 AM: Starting Memory Sweep
    1:08 AM: Memory Sweep Complete, Elapsed Time: 00:02:03
    1:08 AM: Starting Registry Sweep
    1:08 AM: Found Adware: dollarrevenue
    1:08 AM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)
    1:09 AM: Registry Sweep Complete, Elapsed Time:00:00:11
    1:09 AM: Starting Cookie Sweep
    1:09 AM: Found Spy Cookie: 888 cookie
    1:09 AM: [email]hp_administrator@888[2].txt[/email] (ID = 2019)
    1:09 AM: Found Spy Cookie: yieldmanager cookie
    1:09 AM: [email]hp_administrator@ad.yieldmanager[1].txt[/email] (ID = 3751)
    1:09 AM: Found Spy Cookie: adecn cookie
    1:09 AM: [email]hp_administrator@adecn[2].txt[/email] (ID = 2063)
    1:09 AM: Found Spy Cookie: exitexchange cookie
    1:09 AM: [email]hp_administrator@exitexchange[1].txt[/email] (ID = 2633)
    1:09 AM: Found Spy Cookie: clickandtrack cookie
    1:09 AM: [email]hp_administrator@hits.clickandtrack[2].txt[/email] (ID = 2397)
    1:09 AM: Found Spy Cookie: rn11 cookie
    1:09 AM: [email]hp_administrator@rn11[2].txt[/email] (ID = 3261)
    1:09 AM: [email]hp_administrator@www.888[1].txt[/email] (ID = 2020)
    1:09 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    1:09 AM: Starting File Sweep
    1:09 AM: Found Adware: delfin
    1:09 AM: c:\documents and settings\all users\application data\nfo (16 subtraces) (ID = -2147468687)
    1:09 AM: Found Adware: spysheriff
    1:09 AM: secure32.html (ID = 184319)
    1:09 AM: a0026824.exe (ID = 193259)
    1:09 AM: a0026832.exe (ID = 194610)
    1:09 AM: Found Adware: targetsaver
    1:09 AM: a0026826.exe (ID = 195130)
    1:09 AM: a0026834.exe (ID = 193995)
    1:09 AM: Found Adware: look2me
    1:09 AM: a0026825.exe (ID = 168558)
    1:09 AM: a0026827.exe (ID = 195131)
    1:10 AM: a0026828.exe (ID = 195132)
    1:10 AM: a0026833.exe (ID = 166172)
    1:11 AM: Found Adware: tvmedia
    1:11 AM: a0020407.dll (ID = 81657)
    1:11 AM: a0020406.exe (ID = 81642)
    1:11 AM: a0028431.dll (ID = 159)
    1:11 AM: Found Adware: apropos
    1:11 AM: a0026823.exe (ID = 185940)
    1:12 AM: secure32.html (ID = 184319)
    1:12 AM: Found Trojan Horse: trojan-backdoor-us15info
    1:12 AM: tool5.exe (ID = 183857)
    1:12 AM: tool4.exe (ID = 183857)
    1:12 AM: tool3.exe (ID = 183857)
    1:12 AM: mfex-3.dat (ID = 81642)
    1:12 AM: iufwc.dll (ID = 195129)
    1:12 AM: 538.dfn (ID = 133429)
    1:13 AM: a0026693.exe (ID = 196862)
    1:13 AM: a0028488.exe (ID = 193501)
    1:13 AM: Found Adware: command
    1:13 AM: a0026830.exe (ID = 185985)
    1:14 AM: Found Adware: websearch toolbar
    1:14 AM: a0026700.cfg (ID = 87583)
    1:15 AM: a0026701.cfg (ID = 87651)
    1:15 AM: a0028471.dll (ID = 159)
    1:15 AM: mon1920.dbd (ID = 57692)
    1:15 AM: a0026767.exe (ID = 195128)
    1:16 AM: a0030768.dll (ID = 163672)
    1:16 AM: mfex-4.dat (ID = 81657)
    1:17 AM: a0019984.dll (ID = 81676)
    1:17 AM: mfex-3.dat (ID = 81642)
    1:17 AM: a0030348.dll (ID = 159)
    1:18 AM: Found Adware: adtech2005
    1:18 AM: a0026822.exe (ID = 194580)
    1:18 AM: mfex-3.dat (ID = 81642)
    1:18 AM: a0026835.exe (ID = 194150)
    1:18 AM: mfex-4.dat (ID = 81657)
    1:19 AM: a0026831.dll (ID = 194609)
    1:19 AM: a0028479.dll (ID = 159)
    1:19 AM: mfex-4.dat (ID = 81657)
    1:19 AM: a0026702.cfg (ID = 87724)
    1:19 AM: a0030353.dll (ID = 159)
    1:20 AM: a0028482.ocx (ID = 194608)
    1:20 AM: a0028390.dll (ID = 159)
    1:21 AM: a0026836.exe (ID = 166181)
    1:21 AM: a0028432.dll (ID = 159)
    1:21 AM: wingenerics.dll (ID = 50187)
    1:22 AM: a0026829.vbs (ID = 185675)
    1:22 AM: Found Adware: keenvalue/perfectnav
    1:22 AM: a0026699.cfg (ID = 64871)
    1:23 AM: Found System Monitor: potentially rootkit-masked files
    1:23 AM: 0000759a_43823920_00066ff3 (ID = 0)
    1:23 AM: 00005e76_43865461_000487ab (ID = 0)
    1:23 AM: 00006899_43864272_0005f5e1 (ID = 0)
    1:23 AM: 00000e12_438645fe_000baeb9 (ID = 0)
    1:23 AM: 000012e1_438231d4_00057bcf (ID = 0)
    1:23 AM: 00003b25_43855c53_00000000 (ID = 0)
    1:23 AM: 00001649_43854790_00094c5f (ID = 0)
    1:23 AM: 00000902_43864246_0008583b (ID = 0)
    1:23 AM: 0000701f_4382592a_0008583b (ID = 0)

    I had to delete this part as this file was TOO Large to post




    2:26 AM: Warning: Invalid file - not a PKZip file
    2:26 AM: Warning: Unhandled Archive Type
    2:27 AM: Warning: Unhandled Archive Type
    2:27 AM: Warning: Unhandled Archive Type
    2:27 AM: Warning: Unhandled Archive Type
    2:27 AM: Warning: Invalid file - not a PKZip file
    2:27 AM: Warning: Invalid file - not a PKZip file
    2:27 AM: Warning: Invalid file - not a PKZip file
    2:27 AM: Warning: Invalid file - not a PKZip file
    2:27 AM: Warning: Invalid file - not a PKZip file
    2:27 AM: Warning: Invalid file - not a PKZip file
    2:27 AM: Warning: Invalid file - not a PKZip file
    2:29 AM: File Sweep Complete, Elapsed Time: 01:20:21
    2:29 AM: Full Sweep has completed. Elapsed time 01:22:47
    2:29 AM: Traces Found: 3515
    7:31 AM: Removal process initiated
    7:31 AM: Quarantining All Traces: look2me
    7:31 AM: Quarantining All Traces: spysheriff
    7:31 AM: Quarantining All Traces: trojan-backdoor-us15info
    7:31 AM: Quarantining All Traces: websearch toolbar
    7:31 AM: Quarantining All Traces: apropos
    7:31 AM: apropos is in use. It will be removed on reboot.
    7:31 AM: wingenerics.dll is in use. It will be removed on reboot.
    7:31 AM: Quarantining All Traces: adtech2005
    7:31 AM: Quarantining All Traces: command
    7:31 AM: Quarantining All Traces: delfin
    7:31 AM: Quarantining All Traces: dollarrevenue
    7:31 AM: Quarantining All Traces: keenvalue/perfectnav
    7:31 AM: Quarantining All Traces: targetsaver
    7:31 AM: Quarantining All Traces: tvmedia
    7:31 AM: Quarantining All Traces: 888 cookie
    7:31 AM: Quarantining All Traces: adecn cookie
    7:31 AM: Quarantining All Traces: clickandtrack cookie
    7:31 AM: Quarantining All Traces: exitexchange cookie
    7:31 AM: Quarantining All Traces: rn11 cookie
    7:31 AM: Quarantining All Traces: yieldmanager cookie
    7:31 AM: Removal process completed. Elapsed time 00:00:32
    ********
    1:04 AM: | Start of Session, Friday, November 25, 2005 |
    1:04 AM: Spy Sweeper started
    1:04 AM: Your spyware definitions have been updated.
    1:04 AM: Updating spyware definitions
    1:04 AM: Your definitions are up to date.
    1:06 AM: | End of Session, Friday, November 25, 2005 |
  • TroganTrogan London, UK
    edited November 2005
    How is your computer?
  • JohnnyMc
    edited November 2005
    I think I am OK, So far so good! Thanks so much for your help!!
  • TroganTrogan London, UK
    edited November 2005
    OK good :thumbsup:



    Please consider joining the Folding@Home Project :)
    Join our Folding@Home team! Alzheimer's, Parkinson's, cancer... we're trying to cure them with our computers! You've at least read a little about it in the greeting I sent you when you signed up for the site. We're always really pleased to greet new members to the team, and it's a quick way to become an appreciated member of the community.
    MORE INFO: READ THIS



    Follow this guide by Crunchie to stay more secure

    Now that your PC is clean you need to follow these easy steps to keeping it this way:

    Secure your Internet Explorer by going here and following the instructions there.

    Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

    Use a firewall to help prevent your PC's control being usurped by undesireables.

    Install and keep updated, Ad-Aware SE, and Spybot S&D.
    Run them both on a regular basis, following the manufacturer's recommendations.

    Install and keep updated, SpywareBlaster 3.4

    Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

    Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.


    Clear your Temp folders.
    Clear out your Temporary internet files and other temp files.
    Go to Start > Settings > Control Panel >Internet Options.
    Under the General tab click the Delete temporary internet files,
    delete all Offline content as well. Clear out Cookies.

    Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

    Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

    C:\Documents and Settings\username\Local Settings\Temp\

    In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

    Empty the Recycle Bin.

    For XP users.
    After something like this it is a good idea to Flush the Restore Points and start fresh.
    To flush the XP system Restore Points.

    Go to Start>Run and type msconfig. Press enter.

    When msconfig opens, click the Launch System Restore Button.
    On the next page, click the System Restore Settings link on the left.

    Check the box labelled 'Turn off System restore'.

    Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

    Note that all previous restore points will be lost.

    ===============

    If you have any more problems, post back.



    Let me know when I can mark this resolved :)
  • JohnnyMc
    edited November 2005
    Outstanding job, go ahead and mark as resolved, you helped alot! Thank You!
  • TroganTrogan London, UK
    edited November 2005
    Cool :thumbsup:
This discussion has been closed.