[Solved]annex75: Help!! Adware and Pop-ups are Infuriating.
Hi Trogan,
I think i'm experiencing similar problem with firstadsolution pop ups everywhere and getting annoyed with them. So, are the steps to clean the adware exactly the same for me? or do you need me to post the HJT log first? Pls, i need your expert help...
I think i'm experiencing similar problem with firstadsolution pop ups everywhere and getting annoyed with them. So, are the steps to clean the adware exactly the same for me? or do you need me to post the HJT log first? Pls, i need your expert help...
0
This discussion has been closed.
Comments
I've split your post so you can have your own thread...makes it less confusing! Could you post a HJT log and we'll see whats wrong.
Logfile of HijackThis v1.99.1
Scan saved at 2:11:53 PM, on 10/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
E:\Symantec\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Symantec\NavNT\rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
E:\Symantec\NavNT\vptray.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Utilities\LogMeIn\LogMeInSystray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINNT\vsnpstd.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
E:\Utilities\Actual Title Buttons\ActualTitleButtonsCenter.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
E:\Palm\palmOne\HOTSYNC.EXE
E:\Utilities\multiDesk\multiDesk.exe
E:\Internet\Zone Labs\ZoneAlarm\zapro.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
E:\Internet\Shareaza\Shareaza.exe
D:\MySQL\MySQL Administrator 1.1\MySQLSystemTrayMonitor.exe
D:\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
D:\MySQL\MySQL Query Browser 1.1\MySQLQueryBrowser.exe
C:\Program Files\Outlook Express\msimn.exe
E:\Internet\FreshDownload\fd.exe
E:\Internet\Opera7\opera.exe
C:\WINNT\system32\msiexec.exe
E:\Downloads\Temp\HijackThis.exe
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - E:\Internet\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {E90B30AE-11CD-B4A6-51DD-68C1E24E4F30} - C:\DOCUME~1\Abe\APPLIC~1\EACHDA~1\MORE SLOW.exe (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] E:\Symantec\NavNT\vptray.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Zone Labs Client] E:\Internet\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "E:\Utilities\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINNT\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Utilities\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKCU\..\Run: [Actual Title Buttons] E:\Utilities\Actual Title Buttons\ActualTitleButtonsCenter.exe
O4 - HKCU\..\Run: [IdleGreat] C:\DOCUME~1\Abe\APPLIC~1\64BARB~1\Glue eggs.exe
O4 - Startup: HotSync Manager.lnk = E:\Palm\palmOne\HOTSYNC.EXE
O4 - Startup: multiDesk.lnk = E:\Utilities\multiDesk\multiDesk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Read By Natural Voice Reader - E:\Utilities\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - E:\Utilities\Natural Voice Reader Standard\read.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Internet\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Internet\WinHTTrack\WinHTTrackIEBar.dll
O12 - Plugin for .bz2: E:\Internet\Opera7\PLUGINS\npfd.dll
O12 - Plugin for .exe: E:\Internet\Opera7\PLUGINS\npfd.dll
O12 - Plugin for .zip: E:\Internet\Opera7\PLUGINS\npfd.dll
O12 - Plugin for P³Äbc: E:\Internet\Opera7\PLUGINS\npfd.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ECA (cpanel) - Unknown owner - C:\WINNT\javapanel.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - E:\Symantec\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - D:\MySQL\MySQL.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\Symantec\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
- Norton anti-virus
- ZoneAlarm
Thnx
Could you go to Start > Control Panel > Add/Remove Programs and uninstall 'Window Search', 'Window Searching', 'Window Active' 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done.
If none of the above are listed, run the Lop Remover from:
http://66.220.17.157/help.html
Btw, sorry for my delayed response.
I also forgot to mention this but could you post a new HJT log after please.
Logfile of HijackThis v1.99.1
Scan saved at 10:47:10 PM, on 16/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
E:\Symantec\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Symantec\NavNT\rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
E:\Symantec\NavNT\vptray.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis1.exe
E:\Internet\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Utilities\LogMeIn\LogMeInSystray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINNT\vsnpstd.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
E:\Utilities\Actual Title Buttons\ActualTitleButtonsCenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
E:\Palm\palmOne\HOTSYNC.EXE
E:\Utilities\multiDesk\multiDesk.exe
D:\MySQL\MySQL Administrator 1.1\MySQLSystemTrayMonitor.exe
C:\Program Files\Outlook Express\msimn.exe
D:\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
D:\MySQL\MySQL Query Browser 1.1\MySQLQueryBrowser.exe
E:\Internet\Opera7\opera.exe
E:\Downloads\Temp\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - E:\Internet\FreshDownload\fdcatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] E:\Symantec\NavNT\vptray.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Zone Labs Client] E:\Internet\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "E:\Utilities\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINNT\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Utilities\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKCU\..\Run: [Actual Title Buttons] E:\Utilities\Actual Title Buttons\ActualTitleButtonsCenter.exe
O4 - Startup: HotSync Manager.lnk = E:\Palm\palmOne\HOTSYNC.EXE
O4 - Startup: multiDesk.lnk = E:\Utilities\multiDesk\multiDesk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Read By Natural Voice Reader - E:\Utilities\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - E:\Utilities\Natural Voice Reader Standard\read.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Internet\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Internet\WinHTTrack\WinHTTrackIEBar.dll
O12 - Plugin for .bz2: E:\Internet\Opera7\PLUGINS\npfd.dll
O12 - Plugin for .exe: E:\Internet\Opera7\PLUGINS\npfd.dll
O12 - Plugin for .zip: E:\Internet\Opera7\PLUGINS\npfd.dll
O12 - Plugin for P³Äbc: E:\Internet\Opera7\PLUGINS\npfd.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ECA (cpanel) - Unknown owner - C:\WINNT\javapanel.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - E:\Symantec\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - D:\MySQL\MySQL.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\Symantec\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
Thanks.
=====
We need to stop a service...
=====
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.8.cab
O23 - Service: ECA (cpanel) - Unknown owner - C:\WINNT\javapanel.exe (file missing)
- Close ALL open windows (especially Internet Explorer!)
Click Fix Checked
Next we need to view hidden files and folders:
Now, find and delete the following, if possible.
C:\WINNT\javapanel.exe << this file
=====
Reboot your computer!
=====
Please do the following:
Step 1.
==========
- Please download F-Secure's trial Blacklight from here
- Print out the help page for guidance. It will be found here
- Click the "I Accept" button at the the license agreement
- Click the "Download" button to start the download
- Save it to your Desktop
Step 2.
==========
- Double-click the blbeta.exe file on your Desktop
- Select the "I Accept the agreement" at the license agreement, then click "Next"
- Make sure all open programs and windows are closed (including this IE window) before clicking the "Scan" button
- Click "Scan
- When the animated graphics, in the bottom right-hand corner, disappears, click "Next"
- A text log file will appear on your Desktop when the scan is complete. It will start with fsbl-xxxxxx.txt (ie: fsbl-20051017165931.log)
- Paste the contents of that log back here, along with a new HJT log.
Blacklight log:
06/27/06 23:25:04 [Info]: BlackLight Engine 1.0.37 initialized
06/27/06 23:25:04 [Info]: OS: 5.0 build 2195 (Service Pack 4)
06/27/06 23:25:05 [Note]: 7019 4
06/27/06 23:25:05 [Note]: 7005 0
06/27/06 23:25:47 [Note]: 7006 0
06/27/06 23:25:47 [Note]: 7011 1160
06/27/06 23:25:48 [Note]: 7026 0
06/27/06 23:25:48 [Note]: 7026 0
06/27/06 23:26:03 [Note]: FSRAW library version 1.7.1015
06/27/06 23:28:36 [Note]: 2000 1006
06/27/06 23:29:22 [Note]: 7007 0
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 11:29:53 PM, on 27/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
E:\Symantec\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Symantec\NavNT\rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
E:\Symantec\NavNT\vptray.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis1.exe
E:\Internet\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Utilities\LogMeIn\LogMeInSystray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINNT\vsnpstd.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jucheck.exe
E:\Utilities\Actual Title Buttons\ActualTitleButtonsCenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
E:\Palm\palmOne\HOTSYNC.EXE
E:\Utilities\multiDesk\multiDesk.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\NOTEPAD.EXE
E:\Downloads\Temp\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - E:\Internet\FreshDownload\fdcatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] E:\Symantec\NavNT\vptray.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Zone Labs Client] E:\Internet\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "E:\Utilities\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINNT\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Utilities\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKCU\..\Run: [Actual Title Buttons] E:\Utilities\Actual Title Buttons\ActualTitleButtonsCenter.exe
O4 - Startup: HotSync Manager.lnk = E:\Palm\palmOne\HOTSYNC.EXE
O4 - Startup: multiDesk.lnk = E:\Utilities\multiDesk\multiDesk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Read By Natural Voice Reader - E:\Utilities\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - E:\Utilities\Natural Voice Reader Standard\read.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Internet\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Internet\WinHTTrack\WinHTTrackIEBar.dll
O12 - Plugin for .bz2: E:\Internet\Opera7\PLUGINS\npfd.dll
O12 - Plugin for .exe: E:\Internet\Opera7\PLUGINS\npfd.dll
O12 - Plugin for .zip: E:\Internet\Opera7\PLUGINS\npfd.dll
O12 - Plugin for P³Äbc: E:\Internet\Opera7\PLUGINS\npfd.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: DefWatch - Symantec Corporation - E:\Symantec\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - D:\MySQL\MySQL.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\Symantec\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
To be honest, i noticed that i'm not getting the annoying pop ups any longer. Not sure if it's just coincidence. I let you decide if you think it's worth going all the way with this. Thanks.
But, I'm glad to say your log is clean and I'm happy that the popups have stopped.
Let me know if you have any other problems I can help with or if we can mark this resolved.
Thread closed!