PDA

View Full Version : Popups here also



Haifuss
2007-04-20, 02:54
Here is my Hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 4:50:32 PM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\xloadnet\xloadnet.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ICROSO~1.NET\chkntfs.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WinSysModule] dsrss.exe
O4 - HKLM\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Suoe] "C:\WINDOWS\ICROSO~1.NET\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176238582718
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

Haifuss
2007-04-20, 02:59
Here it is(part 1):

Incident Status Location

Adware:Adware/PurityScan Not disinfected c:\windows\??crosoft.net\r?ndll.exe
Adware:Adware/Borlander Not disinfected c:\windows\updater.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\goadm.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Ipwindows\ipwins.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Ipwindows\ipwins.exe
Virus:Trj/Keylog.LN Disinfected Operating system
Virus:Trj/Downloader.MDW Disinfected Operating system
Adware:adware/systemdoctor Not disinfected c:\windows\system32\issearch.exe
Virus:trj/sters.d Disinfected Operating system
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\x5c6cv5g.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\x5c6cv5g.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\x5c6cv5g.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\x5c6cv5g.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\x5c6cv5g.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\x5c6cv5g.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\x5c6cv5g.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\x5c6cv5g.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason\Cookies\jason@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason\Cookies\jason@adrevolver[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason\Cookies\jason@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason\Cookies\jason@atdmt[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason\Cookies\jason@clickbank[2].txt
Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\Jason\Cookies\jason@delfinproject[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason\Cookies\jason@doubleclick[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@drivecleaner[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jason\Cookies\jason@fastclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Jason\Cookies\jason@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jason\Cookies\jason@mediaplex[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Cookies\jason@realmedia[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Jason\Cookies\jason@stats1.reliablestats[2].txt

Haifuss
2007-04-20, 03:01
Here it is (part 2):

Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Jason\Cookies\jason@systemdoctor[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Jason\Cookies\jason@targetnet[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jason\Cookies\jason@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jason\Cookies\jason@tribalfusion[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jason\Cookies\jason@winantivirus[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.drivecleaner[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.systemdoctor[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason\Cookies\jason@zedo[1].txt
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Ipwindows\UnInstall.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\b122.exe
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\abpomqrc.dll
Adware:Adware/SpywareQuake Not disinfected C:\WINDOWS\system32\components\flx5.dll
Virus:Trj/Qhost.EV Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20070216-100223.backup
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\gfmfrhor.dll
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\ismini.exe
Virus:Trj/Downloader.MDW Not disinfected C:\WINDOWS\system32\Ldrdsb\dsbSetup.dat[²θΗ]
Virus:Trj/Downloader.MDW Not disinfected C:\WINDOWS\system32\Ldrdsb\dsbSetup.exe[²θΗ]
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\Ldrdsb\Shldsb.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ovfqyolw.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\raoiqitr.dll
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\Shldsb.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\ugkgqiej.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xmkidisl.dll
Potentially unwanted tool:Application/Processor Not disinfected H:\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected H:\smitRem\smitRem.exe[smitRem/Process.exe]
Sorry about the jumbledness. I have word wrap disabled in notepad, but cant seem to find it in here.

tashi
2007-05-03, 08:57
Hello and sorry for the wait, the forum has been very busy.

Did you see this sticky topic:

If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)

tashi
2007-05-08, 18:11
This topic has been archived.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.