PDA

View Full Version : firstadsolution pop ups


ianzach
2006-10-04, 12:07
hi

please help me with this problem as i cant seem to get rid of it

attached is my highjackthis report
ianzach
2006-10-04, 15:02
hi

please help me with this problem as i cant seem to get rid of it

attached is my highjackthis report

ran spybot after and this is my report after finding some other malware

Logfile of HijackThis v1.99.1
Scan saved at 02:46:08 PM, on 2006/10/04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\Mam2Pan.Exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\program files\drivecleaner 2006\dc2006.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Common Files\DriveCleaner 2006\DC6cw.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINZIP\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\ANTISPYWARE\hyjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.highveld.co.za/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.highveld.co.za/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 85.192.32.112 lloydstsb.co.uk
O1 - Hosts: 85.192.32.112 www.lloydstsb.co.uk (http://www.lloydstsb.co.uk)
O1 - Hosts: 85.192.32.112 www.lloydstsb.com (http://www.lloydstsb.com)
O1 - Hosts: 85.192.32.112 personal.barclays.co.uk
O1 - Hosts: 85.192.32.112 barclays.co.uk
O1 - Hosts: 85.192.32.112 www.barclays.co.uk (http://www.barclays.co.uk)
O1 - Hosts: 85.192.32.112 nwolb.com
O1 - Hosts: 85.192.32.112 hsbc.co.uk
O1 - Hosts: 85.192.32.112 www.hsbc.co.uk (http://www.hsbc.co.uk)
O1 - Hosts: 85.192.32.112 abbey.com
O1 - Hosts: 85.192.32.112 www.abbey.com (http://www.abbey.com)
O1 - Hosts: 85.192.32.112 www.abbey.co.uk (http://www.abbey.co.uk)
O1 - Hosts: 85.192.32.112 abbey.co.uk
O1 - Hosts: 85.192.32.112 cahoot.com
O1 - Hosts: 85.192.32.112 www.cahoot.com (http://www.cahoot.com)
O1 - Hosts: 85.192.32.112 www.cahoot.co.uk (http://www.cahoot.co.uk)
O1 - Hosts: 85.192.32.112 cahoot.co.uk
O1 - Hosts: 85.192.32.112 www.co-operativebank.co.uk (http://www.co-operativebank.co.uk)
O1 - Hosts: 85.192.32.112 co-operativebank.co.uk
O1 - Hosts: 85.192.32.112 www.co-operativebank.com (http://www.co-operativebank.com)
O1 - Hosts: 85.192.32.112 co-operativebank.com
O1 - Hosts: 85.192.32.112 welcome2.co-operativebankonline.co.uk
O1 - Hosts: 85.192.32.112 welcome6.co-operativebankonline.co.uk
O1 - Hosts: 85.192.32.112 welcome8.co-operativebankonline.co.uk
O1 - Hosts: 85.192.32.112 welcome10.co-operativebankonline.co.uk
O1 - Hosts: 85.192.32.112 www.cajamar.es (http://www.cajamar.es)
O1 - Hosts: 85.192.32.112 cajamar.es
O1 - Hosts: 85.192.32.112 www.cajamar.com (http://www.cajamar.com)
O1 - Hosts: 85.192.32.112 www.unicaja.es (http://www.unicaja.es)
O1 - Hosts: 85.192.32.112 unicaja.es
O1 - Hosts: 85.192.32.112 www.unicaja.com (http://www.unicaja.com)
O1 - Hosts: 85.192.32.112 unicaja.com
O1 - Hosts: 85.192.32.112 www.caixagalicia.es (http://www.caixagalicia.es)
O1 - Hosts: 85.192.32.112 caixagalicia.es
O1 - Hosts: 85.192.32.112 www.caixagalicia.com (http://www.caixagalicia.com)
O1 - Hosts: 85.192.32.112 caixagalicia.com
O1 - Hosts: 85.192.32.112 activa.caixagalicia.es
O1 - Hosts: 85.192.32.112 www.caixapenedes.es (http://www.caixapenedes.es)
O1 - Hosts: 85.192.32.112 caixapenedes.es
O1 - Hosts: 85.192.32.112 www.caixapenedes.com (http://www.caixapenedes.com)
O1 - Hosts: 85.192.32.112 caixapenedes.com
O1 - Hosts: 85.192.32.112 www.caixasabadell.es (http://www.caixasabadell.es)
O1 - Hosts: 85.192.32.112 caixasabadell.es
O1 - Hosts: 85.192.32.112 www.caixasabadell.net (http://www.caixasabadell.net)
O1 - Hosts: 85.192.32.112 caixasabadell.net
O1 - Hosts: 85.192.32.112 www.cajamadrid.es (http://www.cajamadrid.es)
O1 - Hosts: 85.192.32.112 cajamadrid.es
O1 - Hosts: 85.192.32.112 www.cajamadrid.com (http://www.cajamadrid.com)
O1 - Hosts: 85.192.32.112 cajamadrid.com
O1 - Hosts: 85.192.32.112 www.ccm.es (http://www.ccm.es)
O1 - Hosts: 85.192.32.112 ccm.es
O1 - Hosts: 85.192.32.112 www.haspa.de (http://www.haspa.de)
O1 - Hosts: 85.192.32.112 haspa.de
O1 - Hosts: 85.192.32.112 ssl2.haspa.de
O1 - Hosts: 85.192.32.112 www.dresdner-bank.de (http://www.dresdner-bank.de)
O1 - Hosts: 85.192.32.112 dresdner-bank.de
O1 - Hosts: 85.192.32.112 www.dresdner-privat.de (http://www.dresdner-privat.de)
O1 - Hosts: 85.192.32.112 postbank.de
O1 - Hosts: 85.192.32.112 www.postbank.de (http://www.postbank.de)
O1 - Hosts: 85.192.32.112 www.sparda-b.de (http://www.sparda-b.de)
O1 - Hosts: 85.192.32.112 sparda-b.de
O1 - Hosts: 85.192.32.112 www.bankingonline.de (http://www.bankingonline.de)
O1 - Hosts: 85.192.32.112 www.raiffeisenbank-erding.de (http://www.raiffeisenbank-erding.de)
O1 - Hosts: 85.192.32.112 raiffeisenbank-erding.de
O1 - Hosts: 85.192.32.112 www.vr-networld-ebanking.de (http://www.vr-networld-ebanking.de)
O1 - Hosts: 85.192.32.112 vr-networld-ebanking.de
O1 - Hosts: 85.192.32.112 www.bnhof.de (http://www.bnhof.de)
O1 - Hosts: 85.192.32.112 bnhof.de
O1 - Hosts: 85.192.32.112 www.deutsche-bank.de (http://www.deutsche-bank.de)
O1 - Hosts: 85.192.32.112 deutsche-bank.de
O1 - Hosts: 85.192.32.112 www.citibank.de (http://www.citibank.de)
O1 - Hosts: 85.192.32.112 citibank.de
O1 - Hosts: 85.192.32.112 cipehb13.cdg.citibank.de
O1 - Hosts: 85.192.32.112 www.dkb.de (http://www.dkb.de)
O1 - Hosts: 85.192.32.112 dkb.de
O1 - Hosts: 85.192.32.112 www.sparkasse-regensburg.de (http://www.sparkasse-regensburg.de)
O1 - Hosts: 85.192.32.112 sparkasse-regensburg.de
O1 - Hosts: 85.192.32.112 www.berliner-bank.de (http://www.berliner-bank.de)
O1 - Hosts: 85.192.32.112 berliner-bank.de
O1 - Hosts: 85.192.32.112 www.berliner-sparkasse.de (http://www.berliner-sparkasse.de)
O1 - Hosts: 85.192.32.112 berliner-sparkasse.de
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Mam2Pan] Mam2Pan.Exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DriveCleaner 2006] "c:\program files\drivecleaner 2006\dc2006.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DC6cw] "C:\Program Files\Common Files\DriveCleaner 2006\DC6cw.exe" -c
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Forget Me Not.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: iBurst Terminal UTL.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\WINZIP\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152173599234
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1280F061-6194-4EFF-B11B-3C5E04911B46}: NameServer = 196.25.255.34,196.25.255.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{1280F061-6194-4EFF-B11B-3C5E04911B46}: NameServer = 196.25.255.34,196.25.255.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{1280F061-6194-4EFF-B11B-3C5E04911B46}: NameServer = 196.25.255.34,196.25.255.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
tashi
2006-10-09, 08:59
Hello,

If you have not resolved the problem, we have this sticky topic:

If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)
tashi
2006-10-16, 07:30
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.