Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Problem with Project1 and popups
   
BullGuard Antivirus Forum > Virus > Alerts & New Threats > Problem with Project1 and popups  
Forum Quick Jump
 
New Topic Post reply to : Problem with Project1 and popups Printable version of : Problem with Project1 and popups
[ << Previous Thread | Next Thread >> ]

AngelTash
New Member


Date Joined Sep 2006
Total Posts : 5
  		   Posted 9-12-2006 1:39 (GMT +1)    Quote: Problem with Project1 and popupsAlert an admin about: Problem with Project1 and popups
Could someone please help me get my computer back?  Here is my hijackthis log:
 
Logfile of HijackThis v1.99.1
Scan saved at 8:37:32 PM, on 9/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\System32\nsx2AF.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SvF.exe] C:\documents and settings\owner\local settings\temp\SvF.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IQZW.exe] C:\documents and settings\owner\local settings\temp\IQZW.exe
O4 - HKLM\..\Run: [dhu0v37J.exe] C:\documents and settings\owner\local settings\temp\dhu0v37J.exe
O4 - HKLM\..\Run: [QEmws.exe] C:\documents and settings\owner\local settings\temp\QEmws.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [ms04042223382] C:\WINDOWS\ms04042223382.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\pwinqpex.exe GEN001
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [sbe] C:\WINDOWS\System32\sbe.exe
O4 - HKCU\..\Run: [Axrvu] C:\WINDOWS\System32\r?ndll32.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe"  -startminimize
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\opdsregl.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\pwinqpex.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132373660421
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 9-12-2006 4:24 (GMT +1)    Quote: Problem with Project1 and popupsAlert an admin about: Problem with Project1 and popups
Hi AngelTash


Please follow this guide, starting from - Preparation:


Post hijacthis log here

Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

AngelTash
New Member


Date Joined Sep 2006
Total Posts : 5
  		   Posted 9-24-2006 11:52 (GMT +1)    Quote: Problem with Project1 and popupsAlert an admin about: Problem with Project1 and popups
Ok... I have done all of the cleanup steps in the list.  Here is my new HijackThis log:
 
Logfile of HijackThis v1.99.1
Scan saved at 6:47:40 PM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Antivirus\ISafe.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Antivirus\VetMsg.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust
Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Firewall\ca.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Kodak\Kodak EasyShare
software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software
Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Owner\My
Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://my.myway.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
//www.yahoo.com
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSL encrypt -
{746455FE-D059-47e7-AF0E-140E03F5A447} -
C:\WINDOWS\System32\nsh19.dll
O3 - Toolbar: HP View -
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program
Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) -
{BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv]
c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program
Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program
Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517
F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05]
C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
/keeploaded /nodetect
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program
Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SvF.exe] C:\documents and
settings\owner\local settings\temp\SvF.exe
O4 - HKLM\..\Run: [mmtask] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IQZW.exe] C:\documents and
settings\owner\local settings\temp\IQZW.exe
O4 - HKLM\..\Run: [dhu0v37J.exe] C:\documents and
settings\owner\local settings\temp\dhu0v37J.exe
O4 - HKLM\..\Run: [QEmws.exe] C:\documents and
settings\owner\local settings\temp\QEmws.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program
Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust
EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust
EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ
Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program
Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido
anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray]
C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe"
"http://iesettingsupdate"
O4 - HKCU\..\Run: [BackupNotify] C:\Program
Files\Hewlett-Packard\Digital
Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe
nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [sbe] C:\WINDOWS\System32\sbe.exe
O4 - HKCU\..\Run: [Axrvu]
C:\WINDOWS\System32\r?ndll32.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program
Files\Registry Cleaner Trial\Regclean.exe" 
-startminimize
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: America Online Tray Icon.lnk =
C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program
Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk =
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk =
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk =
C:\Program Files\Kodak\Kodak EasyShare
software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk =
C:\Program Files\Kodak\KODAK Software
Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk =
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel
- res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -
file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS -
file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program
Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program
Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) -
{85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online
Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) - C:\Program
Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
,0,0,83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
(BDSCANONLINE Control) -
b
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
n/x86/client/wuweb_site.cab?1132373660421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
/en/x86/client/muweb_site.cab?1158551780781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
b
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
ader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}
(a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
0,0,20/mcgdmgr.cab
O18 - Protocol: msnim -
{828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui -
C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program
Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates
International, Inc. - C:\Program Files\CA\eTrust EZ
Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard -
Anti-Malware Development a.s. - C:\Program Files\ewido
anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software
(KodakCCS) - Eastman Kodak Company -
C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) -
Unknown owner - C:\Program
Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer
Associates International, Inc. - C:\Program
Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone
Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service
(WANMiniportService) - America Online, Inc. -
C:\WINDOWS\wanmpsvc.exe
 

Common sense is not common.

Back to Top
 

AngelTash
New Member


Date Joined Sep 2006
Total Posts : 5
  		   Posted 10-8-2006 3:12 (GMT +1)    Quote: Problem with Project1 and popupsAlert an admin about: Problem with Project1 and popups
Per Touch's request, here is my new HijackThis log:
 
Logfile of HijackThis v1.99.1
Scan saved at 10:07:16 PM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Antivirus\ISafe.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Antivirus\VetMsg.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust
Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Antivirus\CAVRID.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ
Firewall\ca.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare
software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software
Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\My
Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://my.myway.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://my.myway.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
//www.yahoo.com
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSL encrypt -
{746455FE-D059-47e7-AF0E-140E03F5A447} -
C:\WINDOWS\system32\nsv2EC.dll
O2 - BHO: AD Rotator -
{EEC590D8-0A3C-4464-BB20-25A4747992F9} -
C:\WINDOWS\system32\adrotate.dll
O3 - Toolbar: HP View -
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program
Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) -
{BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv]
c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program
Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program
Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517
F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05]
C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
/keeploaded /nodetect
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program
Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SvF.exe] C:\documents and
settings\owner\local settings\temp\SvF.exe
O4 - HKLM\..\Run: [mmtask] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IQZW.exe] C:\documents and
settings\owner\local settings\temp\IQZW.exe
O4 - HKLM\..\Run: [dhu0v37J.exe] C:\documents and
settings\owner\local settings\temp\dhu0v37J.exe
O4 - HKLM\..\Run: [QEmws.exe] C:\documents and
settings\owner\local settings\temp\QEmws.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program
Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust
EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust
EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ
Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program
Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray]
C:\WINDOWS\System32\igfxtray.exe
O4 - HKCU\..\Run: [BackupNotify] C:\Program
Files\Hewlett-Packard\Digital
Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe
nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [sbe] C:\WINDOWS\System32\sbe.exe
O4 - HKCU\..\Run: [Axrvu]
C:\WINDOWS\System32\r?ndll32.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program
Files\Registry Cleaner Trial\Regclean.exe" 
-startminimize
O4 - HKCU\..\Run: [Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online Tray Icon.lnk =
C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program
Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk =
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk =
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk =
C:\Program Files\Kodak\Kodak EasyShare
software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk =
C:\Program Files\Kodak\KODAK Software
Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk =
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel
- res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -
file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS -
file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program
Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program
Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) -
{85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online
Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) - C:\Program
Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
,0,0,83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
(BDSCANONLINE Control) -
b
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
n/x86/client/wuweb_site.cab?1132373660421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
/en/x86/client/muweb_site.cab?1158551780781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
b
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
ader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}
(a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
0,0,20/mcgdmgr.cab
O18 - Protocol: msnim -
{828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui -
C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program
Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates
International, Inc. - C:\Program Files\CA\eTrust EZ
Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard -
Anti-Malware Development a.s. - C:\Program Files\ewido
anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software
(KodakCCS) - Eastman Kodak Company -
C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) -
Unknown owner - C:\Program
Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer
Associates International, Inc. - C:\Program
Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone
Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service
(WANMiniportService) - America Online, Inc. -
C:\WINDOWS\wanmpsvc.exe
 

Common sense is not common.

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-8-2006 4:47 (GMT +1)    Quote: Problem with Project1 and popupsAlert an admin about: Problem with Project1 and popups
 Please download free  Trial of Superantispyware
http://www.superantispyware.com/superantispywarefreevspro.html
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program
 

 
 
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
 
 
Download this scanner – mwav exe http://www.spywareinfo.dk/download/mwav.exe



You may want to print this or save it to notepad as we will go to safe mode.
   
 
 
 
Reboot into Safe  Mode   by tapping F8 after the BIOS has loaded.
The Windows Advanced Options Menu appears.
Ensure that the Safe mode option is selected.
Press Enter. The computer then begins to start in Safe mode.


 
 
 
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
 
 

 
 
 
Run the mwav scanner:
Put a checkmark in:
Memory, Startup folders, drive, Registry, System folders and Services.
And:
All local drives og Scan all files
Push: Scan Button
This scan can take quite a while to run with many applications installed.
 
 
 
 
 
 
 
Start Superantispyware/rightclick on the black/yellow bug in tray.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next
it will scan now. When scan have finished, put a checkmark with  all items it found. Next, after cleaning, let it Reboot
 
 
Next go to Start- Search and scrolldown using the scroll bar on the right. Go down to More advanced options and click.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
And Find:
superantispyware log
 
 
Post this log along with fresh hijackthis log and tell how things are running
 
 
Please turn wordwrap off in notepad
 

Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

AngelTash
New Member


Date Joined Sep 2006
Total Posts : 5
  		   Posted 10-10-2006 4:57 (GMT +1)    Quote: Problem with Project1 and popupsAlert an admin about: Problem with Project1 and popups
New logs after cleanup:
 
SUPERAntiSpyware Scan Log
Generated 10/09/2006 at 11:23 PM
Core Rules Database Version : 3100
Trace Rules Database Version: 1127
Memory threats detected   : 0
Registry threats detected : 37
File threats detected     : 10
Unclassified.Unknown Origin
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{746455FE-D059-47e7-AF0E-140E03F5A447}
 HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}
 HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}
 HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\InprocServer32
 HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\InprocServer32#ThreadingModel
 HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\ProgID
 HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\Programmable
 HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\TypeLib
 HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\VersionIndependentProgID
 C:\WINDOWS\system32\nsw39.dll
Adware.Tracking Cookie
 C:\Documents and Settings\Owner\Cookies\owner@http.edge.vru4[2].txt
 C:\Documents and Settings\Owner\Cookies\owner@Tmobile_RON_120x600[1].txt
 C:\Documents and Settings\Owner\Cookies\owner@Tmobile_RON_120x600_trk[1].txt
Adware.180solutions/ZangoSearch
 HKCR\SAIX.InstallerCaller
 HKCR\SAIX.InstallerCaller.1
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#.Owner
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#{DECEAAA2-370A-49BB-9362-68C3A58DDC62}
Registry Cleaner Trial
 HKU\S-1-5-21-3250938896-1350338293-327718070-1003\Software\SoftwareOnline.com
Trojan.Malware
 C:\asdf.txt
Adware.Mirar/NetNucleus
 C:\WINDOWS\Downloaded Program Files\WinATS.inf
Adware.ClickSpring/Yazzle
 HKLM\Software\Cowabanga
Adware.BitLocker
 HKCR\ONONE.Theimp
 HKCR\ONONE.Theimp\CLSID
 HKCR\ONONE.Theimp\CurVer
 HKCR\ONONE.Theimp.1
 HKCR\ONONE.Theimp.1\CLSID
Adware.AdRotator
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdRotator
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdRotator#DisplayName
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdRotator#UninstallString
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdRotator#NoModify
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdRotator#NoRepair
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdRotator#DisplayVersion
Browser Hijacker.Deskbar
 HKCR\DBTB00001.DeskbarEnabler
 HKCR\DBTB00001.DeskbarEnabler\CLSID
 HKCR\DBTB00001.DeskbarEnabler.1
 HKCR\DBTB00001.DeskbarEnabler.1\CLSID
Adware.Think-Adz
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Enhanced Ads by Think-Adz
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Enhanced Ads by Think-Adz#DisplayName
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Enhanced Ads by Think-Adz#UninstallString
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#DisplayName
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#UninstallString
Worm.Rbot Variant
 C:\WINDOWS\Eim03.exe
Adware.AdRotate-Uninstaller
 C:\WINDOWS\system32\adrot-uninst.exe
Adware.Unknown Origin
 C:\WINDOWS\system32\zxdnt3d.cfg
Trojan.Unknown Origin
 C:\WINDOWS\tempf.txt
 
And HijackThis:
 
 
Logfile of HijackThis v1.99.1
Scan saved at 11:55:33 PM, on 10/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spider.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AD Rotator - {EEC590D8-0A3C-4464-BB20-25A4747992F9} - C:\WINDOWS\system32\adrotate.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dhu0v37J.exe] C:\documents and settings\owner\local settings\temp\dhu0v37J.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Axrvu] C:\WINDOWS\System32\r?ndll32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132373660421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158551780781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
 

 

Common sense is not common.

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-10-2006 7:09 (GMT +1)    Quote: Problem with Project1 and popupsAlert an admin about: Problem with Project1 and popups
http://www.bleepingcomputer.com/tutorials/tutorial62.html
< < < < <Show hidden files
 
 
 
 You may want to print this or save it to notepad as we will go to safe mode.
   
 
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AD Rotator - {EEC590D8-0A3C-4464-BB20-25A4747992F9} - C:\WINDOWS\system32\adrotate.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [dhu0v37J.exe] C:\documents and settings\owner\local settings\temp\dhu0v37J.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EX
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKCU\..\Run: [Axrvu] C:\WINDOWS\System32\r?ndll32.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
 
 
Reboot into Safe  Mode   by tapping F8 after the BIOS has loaded.
The Windows Advanced Options Menu appears.
Ensure that the Safe mode option is selected.
Press Enter. The computer then begins to start in Safe mode.

Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
 
Delete:
Files –
C:\WINDOWS\system32\adrotate.dll
 
Reboot normally
 
 
Please download Combofix: http://download.bleepingcomputer.com/sUBs/combofix.exe
and save to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log and tell how things are running.


Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 
New Topic Post reply to : Problem with Project1 and popups Printable version of : Problem with Project1 and popups
 
Forum Information
Currently it is Saturday, November 21, 2009 8:51 PM (GMT +1)
There are a total of 73.034 posts in 17.116 threads.
In the last 3 days there were 13 new threads and 69 reply posts. View Active Threads
Who's Online
This forum has 30334 registered members. Please welcome our newest member, sushil.
46 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Constant scanning andskipped files? (3)21-11-2009 14:33:51 (Dickens)
Cannot install anti-virus softeware or do window updates... need help (17)21-11-2009 13:46:11 (superjesse)
Michael Vick jerseys (1)21-11-2009 09:42:37 (Dickens)
Arizona Cardinals Jerseys (1)21-11-2009 09:37:23 (Dickens)
How to remove this Malware/Virus (0)21-11-2009 06:54:16 (bozzack)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard