All Sorts of Pop-Ups...Please help

**ekoala** · 2005-12-07, 22:10

I have run Spybot and Adaware, and it doesn't seem to work. Please help

Logfile of HijackThis v1.99.1
Scan saved at 2:09:14 PM, on 12/7/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\nslsvice.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINNT\system32\cba\pds.exe
C:\Program Files\LANDesk\LDClient\qipclnt.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cscript.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\igps.exe
C:\WINNT\system32\pgws.exe
C:\Program Files\LOTUS\Sametime Client\Connect.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\microsoft access\Office\OSA.EXE
C:\WINNT\system32\hpoinw07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINNT\system32\hpoipm07.exe
C:\Documents and Settings\kenned\Desktop\hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.ray.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxysrv.ext.ray.com/proxy
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\Program Files\LANDesk\LDClient\softmon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Video Config] C:\WINNT\vidconfig.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [0ce80c5c.dll] RUNDLL32.EXE 0ce80c5c.dll,b 7356734
O4 - HKLM\..\Run: [lspins] "C:\WINNT\system32\igps.exe"
O4 - HKCU\..\Run: [Video Config] C:\WINNT\vidconfig.exe
O4 - HKCU\..\Run: [Sametime Connect] "C:\Program Files\LOTUS\Sametime Client\Connect.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\microsoft access\Office\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.bestbuy.com
O16 - DPF: {57A27583-4A8B-4721-8237-89ECB893B153} (Pulse V5 ActiveX Full Control) - http://rlpweb003.pla.us.ray.com/thea...er5.2AxWin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://unipriseevents.webex.com/cli...nt/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.ray.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.ray.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rsc.raytheon.com,res.ray.com,msd.ray.com,and.us.ray.com,raymail.ray.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.ray.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = rsc.raytheon.com,res.ray.com,msd.ray.com,and.us.ray.com,raymail.ray.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rsc.raytheon.com,res.ray.com,msd.ray.com,and.us.ray.com,raymail.ray.com
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINNT\system32\cba\pds.exe
O23 - Service: Intel QIP Client Service - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\qipclnt.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - C:\quartus\bin\JTAGServer.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINNT\system32\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

**ekoala** · 2005-12-08, 14:38

Is no one going to help?

**LonnyRJones** · 2005-12-08, 14:48

Hi
Thanks for your patience

go here and submit this file
C:\WINNT\vidconfig.exe
Submit a file--VirusTotal: http://www.virustotal.com/flash/index_en.html

let us know what was found

**ekoala** · 2005-12-08, 15:34

There is no file by that name under the WINNT directory. I even made it so that I can see hidden files

**LonnyRJones** · 2005-12-08, 15:58

Ok

Restart your pc into safe mode
http://www.microsoft.com/windows2000...t/safemode.asp

Start Hijackthis and place a check next to these items If there.
Close all browser windows and shut down all other programs that show in the taskbar. (even Folders)
O2 - BHO: (no name) - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - (no file)
O4 - HKLM\..\Run: [Video Config] C:\WINNT\vidconfig.exe
O4 - HKLM\..\Run: [0ce80c5c.dll] RUNDLL32.EXE 0ce80c5c.dll,b 7356734
O4 - HKLM\..\Run: [lspins] "C:\WINNT\system32\igps.exe"
O4 - HKCU\..\Run: [Video Config] C:\WINNT\vidconfig.exe
====================================
Hit fix checked and close Hijackthis.
delete these files at these loactions
C:\WINNT\system32\igps.exe
C:\WINNT\system32\pgws.exe
C:\program files\QL < folder

Restart the PC back to a normal windows session
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post a fresh hijackthis log please, be sure to mention any current problems

**ekoala** · 2005-12-08, 17:42

Logfile of HijackThis v1.99.1
Scan saved at 9:42:01 AM, on 12/8/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\nslsvice.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINNT\system32\cba\pds.exe
C:\Program Files\LANDesk\LDClient\qipclnt.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LOTUS\Sametime Client\Connect.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\microsoft access\Office\OSA.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINNT\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Documents and Settings\kenned\Desktop\hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.ray.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxysrv.ext.ray.com/proxy
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\Program Files\LANDesk\LDClient\softmon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Sametime Connect] "C:\Program Files\LOTUS\Sametime Client\Connect.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\microsoft access\Office\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.bestbuy.com
O16 - DPF: {57A27583-4A8B-4721-8237-89ECB893B153} (Pulse V5 ActiveX Full Control) - http://rlpweb003.pla.us.ray.com/thea...er5.2AxWin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://unipriseevents.webex.com/cli...nt/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.ray.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.ray.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rsc.raytheon.com,res.ray.com,msd.ray.com,and.us.ray.com,raymail.ray.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.ray.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = rsc.raytheon.com,res.ray.com,msd.ray.com,and.us.ray.com,raymail.ray.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rsc.raytheon.com,res.ray.com,msd.ray.com,and.us.ray.com,raymail.ray.com
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINNT\system32\cba\pds.exe
O23 - Service: Intel QIP Client Service - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\qipclnt.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - C:\quartus\bin\JTAGServer.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINNT\system32\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

**LonnyRJones** · 2005-12-09, 02:10

Looks good any problems now ?

If not you should go update internet explorer asap

**ekoala** · 2005-12-09, 03:26

Everything is good, I am going to post another log file for my other machine...in another thread

**LonnyRJones** · 2005-12-09, 10:55

Great

Be sure to update IE even if you use an alternative browser

Prevention:
Put in place a good hosts file http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file: http://www.mvps.org/winhelp2002/hosts2.htm
How did that go ?

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

**tashi** · 2005-12-15, 00:51

As the problem appears to be resolved this topic will be archived.
If you need the topic reopened please pm me.

Thread: All Sorts of Pop-Ups...Please help

Thread Tools

Display

All Sorts of Pop-Ups...Please help

Posting Permissions