Jump to content

Annoying Popup

zergkilla

By zergkilla
in Tech and Computers

 Share

Recommended Posts

zergkilla

zergkilla

Posted
Posted

Well this is a minor, but annoying problem that keeps occuring on my computer. A advertisement window from various companies. Here is my HiJackThis Log.

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 8:19:27 PM, on 2/7/2006

 

 

 

Platform: Windows XP SP1 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\COMMON~1\aol\ACS\acsd[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\cisvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\drivers\KodakCCS[Caution: ExecutableFile]

 

 

 

c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\ScsiAccess[Caution: ExecutableFile]

 

 

 

c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\cidaemon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\wuauclt[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Melanie\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.investors.com/

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

 

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

 

 

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

 

 

 

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [CARPService] carpserv[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

 

 

 

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask[Caution: ExecutableFile]"

 

 

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background

 

 

 

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Digital Line Detect.lnk = ?

 

 

 

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

 

 

 

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

 

 

 

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

 

 

 

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

 

 

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000

 

 

 

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

 

 

 

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

 

 

 

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS[Caution: ExecutableFile]

 

 

 

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

 

 

 

O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - ]http://fdl.msn.com/public/investor/v13/invinstl[Caution: ExecutableFile]

 

 

 

O16 - DPF: {78FAE917-35E2-4A6B-9B40-000AD226482B} (MSN Money Ticker) - http://moneycentral.msn.com/cabs/ticker.cab

 

 

 

O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx

 

 

 

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab

 

 

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b33902.cab

 

 

 

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab

 

 

 

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

 

 

 

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

 

 

 

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd[Caution: ExecutableFile]

 

 

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]

 

 

 

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS[Caution: ExecutableFile]

 

 

 

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]

 

 

 

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]

 

 

 

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess[Caution: ExecutableFile]

 

 

 

 

 

 

 

Can anyone please help me rid of this?

Link to comment
Share on other sites
Mementh

Mementh

Posted
Posted

your explorer is out of date (? update?) (windows update)

 

 

 

O4 - Global Startup: Digital Line Detect.lnk = ?

 

 

 

can be removed not needed

 

 

 

 

 

 

 

O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx

 

 

 

thats probabbly your culprate

 

 

 

 

 

 

 

check the second one and you shoudl be ok.. reboot and rescan.. if it comes up again you may need to download a spyware scanner

mementh.jpeg

The following statement is true. The previous statement is false. 60% of all statistics are made up 90% of the time

andrew i love you & want you to have my babys!!! <3:

Finally, I get to save the Earth with deadly lasers instead of deadly slide shows!

Link to comment
Share on other sites
Albosky

Albosky

Posted
Posted

Personally I would suggest running a copy of Spybot S&D , AdAware , or smething similar first , the file he mentioned above seems to be tied into viewing investment graphs through MSMoney(which is installed on your system)

 

 

 

 

 

 

 

I also suggest that when you finish off this problem , you look into installing Service pack 2 for WinXP

I like to fart silently but deadly in movie theaters
Ard Choille says (11:41 PM):

I wouldn't dare tell you what to do m'dear

Link to comment
Share on other sites
ValaraZ

ValaraZ

Posted
Posted
C:\Documents and Settings\Melanie\Local Settings\Temp\Temporary Directory 1 for PossibleKeylogger\HijackThis.e3e (CAUTION - executable file)

 

 

 

 

 

 

 

:? that one makes me suspicious and you should be too if any program is running from a temp file.

Whoever appeals to the law against his fellow man is either

a fool or a coward.

 

Whoever cannot take care of himself without that law

is both.

 

For a wounded man shall say to his assailant:

"If I live, I will kill you, If I Die, you are forgiven."

 

Such is the Rule of Honor.

Link to comment
Share on other sites
Vape

Vape

Posted
Posted

The folder is named that because Melanie decided to name it that, clearly because she's suspicious of hijackthis, which is quite warranted as the download page doesn't exactly fill you with confidence.

 

 

 

 

 

 

 

Melanie: Before you fix anything with hijackthis, please put it in a proper folder (eg. C:\Program Files\Hijackthis\Hijackthis[Caution: ExecutableFile]) - if you don't do this, then hijackthis won't be able to back stuff up, and thus you won't be able to fix stuff if you screw up.

3sigs7zc.png

 

Where the bloody hell are you?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept