Sunman212
2006-04-22, 07:48
Hi, I keep getting popup ads from places such as muon and axil and globe 7.... I run adaware and it doesnt catch anything, norton doesn't catch anything, and spybot S&D catches a few cookies that I can't seem to delete. Can you check my hijackthis log to see if I can do anything to stop the ads? any help would be appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 12:45:23 AM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\system32\crypserv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\sun\Desktop\Ju Sun\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/_ads/adsPopup2.htm?0
R3 - Default URLSearchHook is missing
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100542378779
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: gfrispy - C:\WINNT\system32\s4880eluehq80.dll
O23 - Service: ADSService - Aluria Software, LLC - C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:45:23 AM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\system32\crypserv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\sun\Desktop\Ju Sun\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/_ads/adsPopup2.htm?0
R3 - Default URLSearchHook is missing
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100542378779
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: gfrispy - C:\WINNT\system32\s4880eluehq80.dll
O23 - Service: ADSService - Aluria Software, LLC - C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe