Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unbelievably Unbeatable Popup.


  • Please log in to reply
3 replies to this topic

#1 cmmatic

cmmatic

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 12 October 2006 - 07:10 PM

Hello,

I was cleaning out my friend's computer for her, and I'm stuck on one last thing.

I cannot get the popups for WinAntivirus 2006 and DriveCleaner (interrelated, I believe) to go away. I've searched the net, and haven't found anything that worked.

The HijackThis log is completely clean. I ran a Norton AntiVirus scan, a Panda scan, SpyBot, CCleaner, Windows' disk cleanup, and AdAware, and I haven't come up with squat. The popups come in medium size, large size, and as warning boxes (if your system is performing slower than usual, run WinAntiSpyware 2006, etc).

I also found a log that said to use VundoFix, but that came up with nothing. I then ran WinPFind, and here's what I came up with, but I'm not sure if this tells me anything.

Thanks a lot for any help. This thing is driving me nuts!

The WinPFind log:

WARNING: not all files found by this scanner are bad. Consult with a 
knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can 
ignore it. Windows sometimes displays this message due to the high 
volume of disk I/O. As long as the hard disk light is flashing, the program 
is still working properly.

 Windows OS and Versions 

Logfile created on: 10/11/2006 6:56:52 PM
WinPFind v1.5.0	Folder = C:\Documents and Settings\lorena  batel\My 
Documents\Unzipped\WinPFind\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

 Checking Selected Standard Folders 


Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX!				 11/7/2005 7:28:32 PM		40610	  
C:\WINDOWS\seli.exe ()

Checking %System% folder...
UPX!				 3/1/2006 9:42:06 PM		 176677	 
C:\WINDOWS\SYSTEM32\backgrd.jpg ()
PEC2				 7/24/2006 3:42:14 PM		259072	 
C:\WINDOWS\SYSTEM32\cyavmq.exe ()
PECompact2		   7/24/2006 3:42:14 PM		259072	 
C:\WINDOWS\SYSTEM32\cyavmq.exe ()
PEC2				 8/4/2004 7:00:00 AM		 41397	  
C:\WINDOWS\SYSTEM32\DFRG.MSC ()
PEC2				 4/10/2006 1:40:52 AM		619668	 
C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PECompact2		   4/10/2006 1:40:52 AM		619668	 
C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
aspack			   8/4/2004 7:00:00 AM		 708096	 
C:\WINDOWS\SYSTEM32\NTDLL.DLL (Microsoft Corporation)
WSUD				 8/4/2004 7:00:00 AM		 257024	 
C:\WINDOWS\SYSTEM32\NUSRMGR.CPL (Microsoft Corporation)
Umonitor			 8/4/2004 7:00:00 AM		 657920	 
C:\WINDOWS\SYSTEM32\RASDLG.DLL (Microsoft Corporation)
UPX!				 8/24/2006 4:53:40 PM		16384	  
C:\WINDOWS\SYSTEM32\svcia32.dll ()
winsync			  8/4/2004 7:00:00 AM		 1309184	
C:\WINDOWS\SYSTEM32\WBDBASE.DEU ()

Checking %System%\Drivers folder and sub-folders...
qoologic			 2/6/2006 10:14:02 PM		1224	   
C:\WINDOWS\SYSTEM32\drivers\ETC\hosts.msn ()
urllogic			 2/6/2006 10:14:02 PM		1224	   
C:\WINDOWS\SYSTEM32\drivers\ETC\hosts.msn ()
urllogic			 2/6/2006 10:14:02 PM		1224	   
C:\WINDOWS\SYSTEM32\drivers\ETC\hosts.msn ()

Checking the Windows folder and sub-folders for system and hidden files 
within the last 60 days...
					 10/11/2006 6:55:22 PM	 S 2048	   
C:\WINDOWS\BOOTSTAT.DAT ()
					 9/14/2006 8:02:32 PM	 H  10820	  
C:\WINDOWS\Help\nocontnt.GID ()
					 9/13/2006 8:13:28 AM	 H  0		  
C:\WINDOWS\INF\oem19.inf ()
					 8/21/2006 9:00:10 AM	  S 11749	  
C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat ()
					 9/18/2006 10:40:26 AM	 S 8847	   
C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat ()
					 10/11/2006 6:55:28 PM	H  20480	  
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG ()
					 10/11/2006 6:55:48 PM	H  1024	   
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG ()
					 10/11/2006 6:55:24 PM	H  16384	  
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG ()
					 10/11/2006 6:56:16 PM	H  110592	 
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG ()
					 10/11/2006 6:55:22 PM	H  1089536	
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG ()
					 10/1/2006 8:38:16 PM	 H  1024	   
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG ()
					 9/13/2006 5:37:14 AM	  S 341		
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application 
Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
					 9/13/2006 5:37:14 AM	  S 413		
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application 
Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
					 9/13/2006 5:37:14 AM	  S 574		
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application 
Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
					 9/13/2006 5:37:14 AM	  S 126		
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application 
Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
					 9/13/2006 5:37:14 AM	  S 98		 
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application 
Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
					 9/13/2006 5:37:14 AM	  S 136		
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application 
Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
					 10/7/2006 12:27:56 PM	H  1024	   
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application 
Data\Microsoft\Windows\UsrClass.dat.LOG ()
					 9/24/2006 1:36:50 AM	 HS 388		
C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\8236f099-5aa9-46df-ae4e-7c31ab2d1c8b 
()
					 9/24/2006 1:36:50 AM	 HS 24		 
C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred ()
					 10/11/2006 6:58:44 PM	H  330		
C:\WINDOWS\Tasks\MP Scheduled Scan.job ()
					 10/11/2006 6:54:26 PM	H  6		  
C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
					 8/4/2004 7:00:00 AM		 68608	  
C:\WINDOWS\SYSTEM32\ACCESS.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 549888	 
C:\WINDOWS\SYSTEM32\APPWIZ.CPL (Microsoft Corporation)
					 10/7/2003 3:39:00 PM		184320	 
C:\WINDOWS\SYSTEM32\bdeadmin.cpl (Borland Software Corporation)
					 8/4/2004 7:00:00 AM		 110592	 
C:\WINDOWS\SYSTEM32\BTHPROPS.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 135168	 
C:\WINDOWS\SYSTEM32\DESK.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 80384	  
C:\WINDOWS\SYSTEM32\FIREWALL.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 155136	 
C:\WINDOWS\SYSTEM32\HDWWIZ.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 358400	 
C:\WINDOWS\SYSTEM32\INETCPL.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 129536	 
C:\WINDOWS\SYSTEM32\INTL.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 380416	 
C:\WINDOWS\SYSTEM32\IRPROPS.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 68608	  
C:\WINDOWS\SYSTEM32\JOY.CPL (Microsoft Corporation)
					 4/13/2005 4:48:52 AM		49265	  
C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
					 8/4/2004 7:00:00 AM		 187904	 
C:\WINDOWS\SYSTEM32\MAIN.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 618496	 
C:\WINDOWS\SYSTEM32\MMSYS.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 35840	  
C:\WINDOWS\SYSTEM32\NCPA.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 25600	  
C:\WINDOWS\SYSTEM32\NETSETUP.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 257024	 
C:\WINDOWS\SYSTEM32\NUSRMGR.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 32768	  
C:\WINDOWS\SYSTEM32\ODBCCP32.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 114688	 
C:\WINDOWS\SYSTEM32\POWERCFG.CPL (Microsoft Corporation)
					 3/2/2004 1:39:06 PM		 77824	  
C:\WINDOWS\SYSTEM32\PRApplet.cpl (Intel(R) Corporation)
					 12/16/2004 9:33:16 PM	   24576	  
C:\WINDOWS\SYSTEM32\prefscpl.cpl (RealNetworks, Inc.)
					 8/4/2004 7:00:00 AM		 298496	 
C:\WINDOWS\SYSTEM32\SYSDM.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 28160	  
C:\WINDOWS\SYSTEM32\TELEPHON.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 94208	  
C:\WINDOWS\SYSTEM32\TIMEDATE.CPL (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 148480	 
C:\WINDOWS\SYSTEM32\WSCUI.CPL (Microsoft Corporation)
					 5/26/2005 4:16:30 AM		174360	 
C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 68608	  
C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 549888	 
C:\WINDOWS\SYSTEM32\DLLCACHE\appwiz.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 110592	 
C:\WINDOWS\SYSTEM32\DLLCACHE\bthprops.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 135168	 
C:\WINDOWS\SYSTEM32\DLLCACHE\desk.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 80384	  
C:\WINDOWS\SYSTEM32\DLLCACHE\firewall.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 155136	 
C:\WINDOWS\SYSTEM32\DLLCACHE\hdwwiz.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 358400	 
C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 129536	 
C:\WINDOWS\SYSTEM32\DLLCACHE\intl.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 380416	 
C:\WINDOWS\SYSTEM32\DLLCACHE\irprops.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 68608	  
C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 187904	 
C:\WINDOWS\SYSTEM32\DLLCACHE\main.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 618496	 
C:\WINDOWS\SYSTEM32\DLLCACHE\mmsys.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 35840	  
C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 25600	  
C:\WINDOWS\SYSTEM32\DLLCACHE\netsetup.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 257024	 
C:\WINDOWS\SYSTEM32\DLLCACHE\nusrmgr.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 32768	  
C:\WINDOWS\SYSTEM32\DLLCACHE\odbccp32.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 114688	 
C:\WINDOWS\SYSTEM32\DLLCACHE\powercfg.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 155648	 
C:\WINDOWS\SYSTEM32\DLLCACHE\sapi.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 298496	 
C:\WINDOWS\SYSTEM32\DLLCACHE\sysdm.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 28160	  
C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 94208	  
C:\WINDOWS\SYSTEM32\DLLCACHE\timedate.cpl (Microsoft Corporation)
					 8/4/2004 7:00:00 AM		 148480	 
C:\WINDOWS\SYSTEM32\DLLCACHE\wscui.cpl (Microsoft Corporation)
					 5/26/2005 4:16:30 AM		174360	 
C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - 
CodeBase = 
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_03 - 
CodeBase = 
http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - Java Plug-in 1.4.2 - CodeBase 
= 
http://java.sun.com/products/plugin/autodl/jinstall-1_4_2-windows-i586.cab
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - Java Plug-in 1.5.0_03 - 
CodeBase = 
http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} -  - CodeBase = 
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 Checking Selected Startup Folders 


Checking files in %ALLUSERSPROFILE%\Startup folder...
					 8/10/2004 3:04:12 PM	 HS 84		 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI ()
					 10/9/2006 9:12:34 PM		1518	   
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick 
Pick.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
					 8/10/2004 2:57:42 PM	 HS 62		 
C:\Documents and Settings\All Users\Application Data\DESKTOP.INI ()

Checking files in %USERPROFILE%\Startup folder...
					 8/10/2004 3:04:12 PM	 HS 84		 
C:\Documents and Settings\lorena  batel\Start Menu\Programs\Startup\DESKTOP.INI ()

Checking files in %USERPROFILE%\Application Data folder...
					 8/10/2004 2:57:42 PM	 HS 62		 
C:\Documents and Settings\lorena  batel\Application Data\DESKTOP.INI ()
					 11/26/2005 6:32:46 PM	   12358	  
C:\Documents and Settings\lorena  batel\Application Data\PFP120JCM.{PB ()
					 11/26/2005 6:32:46 PM	   61678	  
C:\Documents and Settings\lorena  batel\Application Data\PFP120JPR.{PB ()
					 9/15/2005 1:44:46 AM	 H  79713	  
C:\Documents and Settings\lorena  batel\Application Data\ptads.bin ()

 Checking Selected Registry Keys 


>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
  \\Start Page - about:blank
  \\Search Page - 
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  \\Default_Search_URL - 
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  \\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
  \\Start Page - http://cleveland.cox.net/
  \\Search Page - 
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  \\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
  \\CustomizeSearch - 
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
  \\SearchAssistant - 
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook 
= %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser 
Helper Objects]

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
  \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = 
%SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
  \{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = 
C:\WINDOWS\system32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
  \{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = 
%SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
  \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = 
%SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
  \\{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security = 
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll 
(Symantec Corporation)
  \\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = 
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll 
(Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
  \ShellBrowser\\{339BB23F-A864-48C0-A59F-29EA915965EC} -  =  ()
  \ShellBrowser\\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -  =  ()
  \ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = 
%SystemRoot%\system32\browseui.dll (Microsoft Corporation)
  \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = 
%SystemRoot%\system32\browseui.dll (Microsoft Corporation)
  \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = 
%SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
  \WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Norton Internet 
Security = C:\Program Files\Common Files\Symantec 
Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
  \WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = 
c:\program files\google\googletoolbar2.dll (Google Inc.)
  \WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Toolbar 
=  ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
  \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = 
  \\NEXTID - 8198
  \\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - 8193 = 
  \\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8194 = 
  \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8195 = 
  \\{d9288080-1baa-4bc4-9cf8-a92d743db949} - 8197 = 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell 
Extensions\Approved]
  \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL 
Extension = deskpan.dll ()
  \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file 
compression =  ()
  \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu =  
()
  \\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = 
C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
  \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu =  
()
  \\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow =  
()
  \\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts =  ()
  \\{1D2680C9-0E2A-469d-B787-065558BC7D43} - Fusion Cache =  ()
  \\{DEE12703-6333-4D4E-8F34-738C4DCC2E04} - RecordNow! SendToExt = 
C:\Program Files\Sonic\RecordNow!\shlext.dll ()
  \\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = 
C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
  \\{A7898F79-085E-469B-9CEF-19703B5D1EA7} -  =  ()
  \\{D6C8B468-07AC-4B32-8F37-DAEB6E4DAB5E} -  =  ()
  \\{DB06B0B5-903F-418A-B247-96E70A2A720D} -  =  ()
  \\{502B7AC5-0CA8-4D96-983D-95F9B14750D4} -  =  ()
  \\{50C8A107-4ABD-4EFF-971E-FF0AF85F8C7C} -  =  ()
  \\{EA127832-2EF8-4AE0-8FAD-3B45A5773471} -  =  ()
  \\{6FA7E49F-33D1-4C84-8284-814AB26603CF} -  =  ()
  \\{0D1D0DDD-A1CA-4294-96ED-E818A4E5D7B2} -  =  ()
  \\{14B02837-4C94-4EA9-AD15-3D8BFD1E3E27} -  =  ()
  \\{65576929-8497-48DD-A4D0-7648ECD62D38} -  =  ()
  \\{6F0F6B44-9F7B-4457-80EE-433403303CA3} -  =  ()
  \\{F887ACEC-76B3-41E8-953F-AFBAF23A2D74} -  =  ()
  \\{C9150876-4596-46F0-90BB-BCCC9F087275} -  =  ()
  \\{DA514C76-54AC-400E-AF65-6052120DD6C6} -  =  ()
  \\{351B1CE7-D7DF-415F-ABE1-313FEB2B9788} -  =  ()
  \\{03DD07C2-675B-452B-AF1B-7B560935E3A6} -  =  ()
  \\{77A9B69F-9121-43A8-9918-B8720A8DF17A} -  =  ()
  \\{F859FF45-5F36-49FC-A6B8-A2C82E41AA9B} -  =  ()
  \\{7C6A487D-A50D-4C9D-98DD-53B9DBFCAB7F} -  =  ()
  \\{9E1D61EC-FFE0-4A22-BDF3-C3FB0A91AFA6} -  =  ()
  \\{F4BA609F-7B5A-435B-9C57-63533C07D64D} -  =  ()
  \\{F43FA78A-7412-4354-B47E-F77A3CB2505A} -  =  ()
  \\{D8212083-B0E9-4ACD-893E-763EB2D71B17} -  =  ()
  \\{467625D3-F0CA-4689-8FE6-1329A4289BA0} -  =  ()
  \\{00440CFE-A5E7-43AC-A7ED-507E1CE95F1C} -  =  ()
  \\{CA4E8B50-512F-4B2C-981B-A95895E8E9BF} -  =  ()
  \\{F145731F-AF4F-439B-B5DC-393CC36654C6} -  =  ()
  \\{36B30EA0-3EA3-46F3-8D4C-1D4F614566FA} -  =  ()
  \\{75AF7D0E-5BB9-49FF-B0D0-DC2937312243} -  =  ()
  \\{A34DBF72-0651-4F36-A9A2-B873DD7E3DB4} -  =  ()
  \\{71159F46-3038-4696-A0C2-F95864959FCE} -  =  ()
  \\{096D18BF-B898-446E-8C50-83974844DD0B} -  =  ()
  \\{EEFACCE7-DC5C-4311-97FE-AA239B8EE617} -  =  ()
  \\{2FA2F650-30AE-4B05-9866-98160322C1AD} -  =  ()
  \\{D8727ECC-9A0D-4F9E-B518-8776653C465E} -  =  ()
  \\{8CA4CE85-6F3F-49B0-86A6-AEC9E49AE7C1} -  =  ()
  \\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program 
Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
  \\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = 
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)
  \\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = 
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)
  \\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = 
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)
  \\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = 
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell 
Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
  \gttgqgkm - {20f1bf6b-abab-4e0b-a640-6ce4a35b9cde} =  ()
  \Symantec.Norton.Antivirus.IEContextMenu - 
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton 
AntiVirus\NavShExt.dll (Symantec Corporation)
  \WinZip - {E0D79304-84BE-11CE-9641-444553540000} = 
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
  \WinZip - {E0D79304-84BE-11CE-9641-444553540000} = 
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
  \Symantec.Norton.Antivirus.IEContextMenu - 
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton 
AntiVirus\NavShExt.dll (Symantec Corporation)
  \WinZip - {E0D79304-84BE-11CE-9641-444553540000} = 
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe 
(Symantec Corporation)
  RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe 
(RealNetworks, Inc.)
  MMTray - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe 
(Musicmatch, Inc.)
  mmtask - C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe 
(Musicmatch Inc.)
  ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe 
(Symantec Corporation)
  ATIPTA - C:\Program Files\ATI Technologies\ATI Control 
Panel\atiptaxx.exe (ATI Technologies, Inc.)
  SunJavaUpdateSched - C:\Program 
Files\Java\jre1.5.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
  iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple 
Computer, Inc.)
  QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple 
Computer, Inc.)
  cyavmq - c:\windows\system32\cyavmq.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell 
Folders\\Common Startup]
  C:\Documents and Settings\All Users\Start 
Menu\Programs\Startup\DESKTOP.INI ()
  C:\Documents and Settings\All Users\Start 
Menu\Programs\Startup\WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip 
Computing LP)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell 
Folders\\Startup]
  C:\Documents and Settings\lorena  batel\Start 
Menu\Programs\Startup\DESKTOP.INI ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared 
Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared 
Tools\MSConfig\startupreg\MyWebSearch Email Plugin
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	mwsoemon
	hkey	HKCU
	command	C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
	inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
	system.ini	0
	win.ini	0
	bootini	0
	services	0
	startup	2


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet 
Settings\User Agent\Post Platform]
  \\{E0E534DE-BF92-7E68-54A3-B2E0C54B574D} -  =  ()

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image 
File Execution Options]
  \Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = 
%SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
  \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = 
%SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
  \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = 
%SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
  \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = 
C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

  \application/x-msdownload -  ()

>>> Selected AddOn's <<<


 Scan Complete 


BC AdBot (Login to Remove)

 


#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:03:29 AM

Posted 12 October 2006 - 07:24 PM

Have you looked at the startup menu (msconfig) to see if you could disable the program running the popups?

I also suggest that you try the Microsoft on-line scan.

Windows One Care Free Scan

Go to Windows Live Onecare Free Scan
It will say "Get a free PC safety scan"
http://safety.live.com/site/en-us/default.htm

Make sure you click "Full Service Scan" in the middle of the page and
not the "Try It Now Free" on the right side.

Allow it to download an Active X component.
Choose "Complete Scan" in the window that opens
Click "Next"
Do not click on anything else that offers you a free trial or to sign up if you live in the US.

Allow it to scan - it may take quite a while, maybe two hours or so depending on how big your hard drive is and how fragmented your registry and drive are.

Additionally, if you would like to have your HJT log examined and analyzed you are welcome to post it in our Hijack This Logs and Analysis forum here:
http://www.bleepingcomputer.com/forums/posthjtlog.html

#3 cmmatic

cmmatic
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 17 October 2006 - 05:34 AM

Well, I tried to do the Windows scan. It downloads the Active X component, and all seems to be going well, until it starts actually scanning the computer...then a window comes up saying "Internet Explorer needs to close, would you like to send an error report?" and then it closes the IE window.

What now? :thumbsup:

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:29 AM

Posted 17 October 2006 - 03:32 PM

Sounds like you're infected. Try running antivirus and antispyware scans (both online and with free programs like AVG, AdAware, SpyBot, etc).

Then, consider posting a HiJackThis log in this forum: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Please read all the information before posting your log.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users