There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot bsod computer connection cpu crash css dell desktop dma driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware hijackthis hjt install internet internet explorer itunes keyboard laptop macro malware monitor motherboard network networking outlook outlook 2003 outlook 2007 outlook express pio problem problems router seo server slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp winxp wireless
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Keep getting popup windows- can't remove!!


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Page 1 of 2 1 2 >
 
Thread Tools
mmm_beer's Avatar
Computer Specs
Junior Member with 17 posts.
  
Join Date: Jun 2008
Experience: Intermediate
26-Jun-2008, 05:12 PM #1
Keep getting popup windows- can't remove!!
If anyone can please help me, I'd appreciate it very much! I have tried 5 or 6 different virus scans and cannot get rid of this stupid virus. Whenever I'm in IE, a new tab opens that goes to either em.pc-on-internet.com or fp.pc-on-internet.com. I have seen several posts for removing it but they always say they need logs of this and that so I started a new thread. I'll get you whatever logs you need, I'm just going insane! Please and thank you!!
sjpritch25's Avatar
Computer Specs
Distinguished Member with 6,781 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
27-Jun-2008, 10:41 AM #2
Welcome to TSG

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Close all other windows except HijackThis.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.

Do NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
__________________
My Blog
Microsoft Valuable Professional Consumer--Security 2007-2009
If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
Concerned about Browser Security!!! Consider Mozilla Firefox 3.0 and NoScript
Operating System Ubuntu Hardy Heron 8.04
mmm_beer's Avatar
Computer Specs
Junior Member with 17 posts.
  
Join Date: Jun 2008
Experience: Intermediate
30-Jun-2008, 02:57 PM #3
Log file
Here is the log file it created. Let me know what to do next and I'll get right on it. I really appreciate your help!! Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:56 AM, on 6/30/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\Drivers\Palm\Module Retargetable Folder\TetherApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Aaron\AppData\Local\owscayc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Wireless Sync\Client\Monitor.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe
C:\PROGRA~1\VERIZO~1\VZACCE~1\Drivers\Palm\MODULE~1\PALMON~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Wireless Sync\Client\Monitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\System32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [PalmTether] "C:\Program Files\Verizon Wireless\VZAccess Manager\Drivers\Palm\Module Retargetable Folder\TetherApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [owscayc] c:\users\aaron\appdata\local\owscayc.exe owscayc
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office Outlook 2007.lnk = ?
O4 - Global Startup: PC Monitor.lnk = C:\Program Files\Wireless Sync\Client\Monitor.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {10DE6CF7-3E36-445B-985D-07603082B36B} (FormLoader.Loader) - https://forms.orefonline.com/OLF/Run...oader_RMLS.CAB
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.kw.com/listings/includes/ImageUploader4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11958 bytes
sjpritch25's Avatar
Computer Specs
Distinguished Member with 6,781 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
30-Jun-2008, 11:27 PM #4
Please download ATF Cleaner by Atribune.

This program is for XP, Windows 2000, and Vista
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click
  • No at the prompt.

If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.
__________________
My Blog
Microsoft Valuable Professional Consumer--Security 2007-2009
If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
Concerned about Browser Security!!! Consider Mozilla Firefox 3.0 and NoScript
Operating System Ubuntu Hardy Heron 8.04
mmm_beer's Avatar
Computer Specs
Junior Member with 17 posts.
  
Join Date: Jun 2008
Experience: Intermediate
01-Jul-2008, 01:59 PM #5
New log file
Well I did exactly as you said and have my new log file posted below. It only found 3 items and all seemed to have something to do with the weather channel toolbar (it didn't make me restart my computer). I haven't noticed any new windows popping up yet. Does this mean I can't use the Weather Channel tool anymore? Thanks again and let me know if there is anything more I need to do.

Malwarebytes' Anti-Malware 1.19
Database version: 912
Windows 6.0.6000
10:46:25 AM 7/1/2008
mbam-log-7-1-2008 (10-46-25).txt
Scan type: Quick Scan
Objects scanned: 38932
Time elapsed: 4 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weat her Services (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
mmm_beer's Avatar
Computer Specs
Junior Member with 17 posts.
  
Join Date: Jun 2008
Experience: Intermediate
01-Jul-2008, 02:53 PM #6
Still happening
Just a quick updat that I did start getting the popups again. Just let me know what else I should do.

Thanks again!
sjpritch25's Avatar
Computer Specs
Distinguished Member with 6,781 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
02-Jul-2008, 12:19 AM #7
Can you explain the popups a little more. Maybe even get a screen shot. Thanks.
mmm_beer's Avatar
Computer Specs
Junior Member with 17 posts.
  
Join Date: Jun 2008
Experience: Intermediate
02-Jul-2008, 02:18 PM #8
Detailed problem
Yeah- what happens is about once every 4 or 5 times that I go to a different website (or another page within the same webite) a new tab opens in IE that goes to either em.pc-on-internet.com or fp.pc-on-internet.com. Sometimes it stays on that page, other times it is immediately directed to another page. But it is always an advertisement of some kind- ITT Tech, virus scanners, etc. Occasionally it just goes to a page that no longer exists. When it happens my computer seem to slow waaaaay down (like right now!). Also, I don't know if it's related or not, but the keys on my keyboard don't always work then too, ie, when I type, it skips about 1 out of every 6 or 7 keys I type, and I have to go back and retype the missing letters. It's been very frustrating. Right after I did the things you told me to, everything seemed to be working for 5 or 10 minutes with no slowness, page openings, or skipping keys. But then finally it happened again and is driving me nuts.

Thanks again. I'd be happy to try anything else.
mmm_beer's Avatar
Computer Specs
Junior Member with 17 posts.
  
Join Date: Jun 2008
Experience: Intermediate
02-Jul-2008, 02:21 PM #9
Actual website
It just happened again- this is the website it went to if it helps:

http://em.pc-on-internet.com/eas?cu=...ums=N000US00Z0

Thanks again
mmm_beer's Avatar
Computer Specs
Junior Member with 17 posts.
  
Join Date: Jun 2008
Experience: Intermediate
02-Jul-2008, 02:27 PM #10
And again at:

http://fp.pc-on-internet.com/sws/046...312e3230362e31

This time I didn't even go to a different page- it just popped up. I think the post is cutting out some of the website address. It is:
http://fp.pc-on-internet.com/sws/046/?al=1 &nums=N000US00Z0-FDNwWoxAKc&login= 672125&mediaid_prefix=005&asked_billing id=2&time=312e3230362e31 (except I put in some space between parts of the address so that it will hopefully display the whole thing)
mmm_beer's Avatar
Computer Specs
Junior Member with 17 posts.
  
Join Date: Jun 2008
Experience: Intermediate
02-Jul-2008, 05:43 PM #11
FYI- I used the ATF Cleaner again and I've stopped gettng the popups for the time being. Also, my computer is running faster and the typing issue is very minor. I also ran the Anti-Malware program again (both a quick scan and full scan) but it didn't find anything. I have a feeling it will be back again very soon, but I just wanted to let you know the ATF Cleaner seems to be getting rid of something each time. It cleared out about 18mb of junk this last time.
sjpritch25's Avatar
Computer Specs
Distinguished Member with 6,781 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
02-Jul-2008, 09:25 PM #12
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Go to Start ---> Run ---> Type "%userprofile%\Desktop\dss.exe" /config and press Enter.
  3. Check the following additional scans:
    1. Drivers
    2. Services
    3. Process Modules
  4. Click Ok and follow the prompts.
  5. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  6. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  7. Please attach extra.txt to your post.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
__________________
My Blog
Microsoft Valuable Professional Consumer--Security 2007-2009
If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
Concerned about Browser Security!!! Consider Mozilla Firefox 3.0 and NoScript
Operating System Ubuntu Hardy Heron 8.04
mmm_beer's Avatar
Computer Specs
Junior Member with 17 posts.
  
Join Date: Jun 2008
Experience: Intermediate
03-Jul-2008, 04:14 AM #13
Well here's the new logs using DSS. I hope you see something that helps. Let me know what to do next and I'll give it a try. Thank you so much for all the time on this. The extra.txt is attached.

MAIN.TXT:

Deckard's System Scanner v20071014.68
Run by Aaron on 2008-07-02 23:07:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
14: 2008-07-02 05:34:44 UTC - RP179 - Windows Update
13: 2008-06-26 20:29:57 UTC - RP178 - Installed AVG Free 8.0
12: 2008-06-26 20:29:21 UTC - RP177 - Removed AVG Free 8.0
11: 2008-06-26 19:59:05 UTC - RP176 - Removed McAfee VirusScan Enterprise
10: 2008-06-26 19:53:58 UTC - RP175 - Removed McAfee VirusScan Enterprise

-- First Restore Point --
1: 2008-06-19 11:49:30 UTC - RP165 - Scheduled Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Aaron.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:41 PM, on 7/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\Drivers\Palm\Module Retargetable Folder\TetherApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Users\Aaron\AppData\Local\oscmaie.exe
C:\PROGRA~1\VERIZO~1\VZACCE~1\Drivers\Palm\MODULE~1\PALMON~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe
C:\Program Files\Wireless Sync\Client\Monitor.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Wireless Sync\Client\Monitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Aaron\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Aaron.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\System32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [PalmTether] "C:\Program Files\Verizon Wireless\VZAccess Manager\Drivers\Palm\Module Retargetable Folder\TetherApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [oscmaie] c:\users\aaron\appdata\local\oscmaie.exe oscmaie
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office Outlook 2007.lnk = ?
O4 - Global Startup: PC Monitor.lnk = C:\Program Files\Wireless Sync\Client\Monitor.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {10DE6CF7-3E36-445B-985D-07603082B36B} (FormLoader.Loader) - https://forms.orefonline.com/OLF/Run...oader_RMLS.CAB
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.kw.com/listings/includes/ImageUploader4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11951 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.

-- Process Modules -------------------------------------------------------------
C:\Windows\explorer.exe (pid 1624)
2006-11-03 16:46:24 126976 --a------ C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

-- Scheduled Tasks -------------------------------------------------------------
2008-07-02 22:15:12 258 --a------ C:\Windows\Tasks\Theft Loss Protection.job

-- Files created between 2008-06-02 and 2008-07-02 -----------------------------
2008-07-01 10:39:14 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-01 10:39:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-30 11:54:33 0 d-------- C:\Program Files\Trend Micro
2008-06-26 08:46:48 0 d-------- C:\Program Files\Lavasoft
2008-06-26 08:46:45 0 d-------- C:\Users\All Users\Lavasoft
2008-06-26 08:45:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 11:29:29 0 d--h----- C:\$AVG8.VAULT$
2008-06-24 10:14:04 0 d-------- C:\Users\All Users\avg8
2008-06-18 14:42:19 1495552 --a------ C:\Windows\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
2008-06-18 14:42:19 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-06-18 14:30:20 0 d-------- C:\Temp
2008-06-06 14:15:08 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-06 13:33:10 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-06 13:32:27 0 d-------- C:\Program Files\SUPERAntiSpyware

-- Find3M Report ---------------------------------------------------------------
2008-07-01 10:39:17 0 d-------- C:\Users\Aaron\AppData\Roaming\Malwarebytes
2008-06-26 13:31:22 836 --a------ C:\Windows\bthservsdp.dat
2008-06-26 13:02:13 0 d-------- C:\Program Files\Common Files
2008-06-24 09:44:37 0 d-------- C:\Users\Aaron\AppData\Roaming\SUPERAntiSpyware.com
2008-06-22 18:11:09 0 d-------- C:\Program Files\The Weather Channel FW
2008-06-17 17:52:05 0 d-------- C:\Users\Aaron\AppData\Roaming\Elluminate
2008-06-11 10:05:20 0 d-------- C:\Program Files\Windows Mail
2008-05-02 12:51:09 0 d-------- C:\Users\Aaron\AppData\Roaming\Adobe

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/09/2007 02:13 PM]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [05/24/2007 11:03 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/27/2007 05:35 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [09/07/2007 11:23 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 11:35 AM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [03/21/2007 12:33 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 10:37 AM]
"@"="" []
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [04/16/2007 03:10 PM]
"dscactivate"="c:\dell\dsca.exe" [07/30/2007 12:40 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [11/09/2007 06:58 AM]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdc.exe" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"AirCardEnabler"="" []
"WatcherHelper"="C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [03/28/2007 04:14 PM]
"PalmTether"="C:\Program Files\Verizon Wireless\VZAccess Manager\Drivers\Palm\Module Retargetable Folder\TetherApp.exe" [10/05/2007 02:17 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"HotSync"="C:\Program Files\PalmSource\Desktop\HotSync.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"Dell DataSafe Scheduler"="C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" [12/02/2007 05:30 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 05:34 AM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM]
"oscmaie"="c:\users\aaron\appdata\local\oscmaie.exe" [07/01/2008 04:24 PM]
C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 4:55:50 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/9/2007 6:37:52 AM]
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [1/3/2008 6:28:08 PM]
Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe [11/18/2007 11:34:43 PM]
PC Monitor.lnk - C:\Program Files\Wireless Sync\Client\Monitor.exe [11/7/2007 8:27:58 PM]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/20/2007 5:13:26 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawser vice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInf o]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSv c]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tablet InputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Truste dInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr .sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr x.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5 B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1 FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D4817 9BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE 5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\G]
AutoRun\command- G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{b7c68186-164b-11dd-849a-001dd9e4dce2}]
AutoRun\command- G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{c10b8644-10a5-11dd-9850-001dd9e4dce2}]
AutoRun\command- F:\wd_windows_tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8713 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-07-02 23:12:31 ------------
Attached Files
File Type: txt extra.txt (24.8 KB, 147 views)
sjpritch25's Avatar
Computer Specs
Distinguished Member with 6,781 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
03-Jul-2008, 09:18 AM #14
You have a file i would like you to get anaylzed. Please go to VirusTotal. On the very top of the Website, you will see a Browse button. Use that to search for this file

c:\users\aaron\appdata\local\oscmaie.exe
C:\Windows\system32\epoPGPsdk.dll

. Then Click on Send. This could take between 30 Second-a couple of minutes. When you get the Results, Open Notepad, please highlight the results, copy them to Notepad and save it as "Scan.txt". Save the text file "Scan.txt" to your desktop. Please include the file in your next post.
__________________
My Blog
Microsoft Valuable Professional Consumer--Security 2007-2009
If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
Concerned about Browser Security!!! Consider Mozilla Firefox 3.0 and NoScript
Operating System Ubuntu Hardy Heron 8.04
mmm_beer's Avatar
Computer Specs
Junior Member with 17 posts.
  
Join Date: Jun 2008
Experience: Intermediate
03-Jul-2008, 11:26 AM #15
I wasn't sure if you wanted both files you listed, so I went ahead and did each one. The first file (oscmaie.exe) is called Scan.txt and the second one (epoPGPsdk.dll) is called Scan 2.txt. The first says there are two viruses and the other say 0. Just let me know what to do with each. Thank you
Attached Files
File Type: txt Scan.txt (5.4 KB, 19 views)
File Type: txt Scan 2.txt (19.1 KB, 13 views)
Reply
Page 1 of 2 1 2 >

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are Off
Refbacks are Off