Pop Up Hell...plz help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

leeortz

Thread Starter
Joined
Oct 6, 2008
Messages
2
It has taken me about 10 minutes just to post this.

I get one pop up after another.

Here are items spybot found:

FastClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
ABetterInternet: Autorun settings (BM0b8ae2e1) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM0b8ae2e1
Command Service: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService
Command Service: Library (File, fixed)
C:\WINDOWS\system32\atmtd.dll._
Command Service: Library (File, fixed)
C:\WINDOWS\system32\atmtd.dll
Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService
Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
Command Service: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService\Security
Smitfraud-C.: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E}
Smitfraud-C.CoreService: Data (File, fixed)
C:\WINDOWS\system32\drivers\core.cache.dsk
webHancer: User settings (Registry key, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}
webHancer: User settings (Registry key, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}
--- Spybot - Search && Destroy version: 1.3 ---
2007-08-22 Includes\Cookies.sbi
2007-07-25 Includes\Dialer.sbi
2007-08-22 Includes\DialerC.sbi
2007-07-11 Includes\Hijackers.sbi
2007-08-22 Includes\HijackersC.sbi
2007-07-25 Includes\Keyloggers.sbi
2007-08-22 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2007-08-01 Includes\Malware.sbi
2007-08-22 Includes\MalwareC.sbi
2007-08-22 Includes\PUPS.sbi
2007-08-22 Includes\PUPSC.sbi
2007-08-22 Includes\Revision.sbi
2007-05-30 Includes\Security.sbi
2007-08-22 Includes\SecurityC.sbi
2007-08-01 Includes\Spybots.sbi
2007-08-22 Includes\SpybotsC.sbi
2007-08-21 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi
2007-08-22 Includes\TrojansC.sbi
2007-06-06 Plugins\TCPIPAddress.dll


Hijack this reads this:

Logfile of HijackThis v1.99.1
Scan saved at 6:39:20 PM, on 10/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\RGltZW5zaW9u\command.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\AcroTray.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [Airlink101 WLAN Monitor] C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] I
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM0b8ae2e1] Rundll32.exe "C:\WINDOWS\system32\jkodeflm.dll",s
O4 - HKLM\..\Run: [08b9d17d] rundll32.exe "C:\WINDOWS\system32\tbggkkga.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA6234] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3707] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: ztbhus.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGltZW5zaW9u\command.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe



Can anyone help me?

I am sort of new to this stuff. I have sluggish performace and pop ups everywhere.

Thanks!

Leo
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi Welcome to TSG!!

Please update your version of HJT.
Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.


Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top