1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pop Up Hell...plz help

Discussion in 'Virus & Other Malware Removal' started by leeortz, Oct 6, 2008.

Thread Status:
Not open for further replies.
  1. leeortz

    leeortz Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    2
    It has taken me about 10 minutes just to post this.

    I get one pop up after another.

    Here are items spybot found:

    FastClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
    ABetterInternet: Autorun settings (BM0b8ae2e1) (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM0b8ae2e1
    Command Service: Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService
    Command Service: Library (File, fixed)
    C:\WINDOWS\system32\atmtd.dll._
    Command Service: Library (File, fixed)
    C:\WINDOWS\system32\atmtd.dll
    Command Service: Settings (Registry key, fixing failed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService
    Command Service: Settings (Registry key, fixing failed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
    Command Service: Settings (Registry key, fixing failed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
    Command Service: Settings (Registry key, fixing failed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
    Command Service: Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
    Command Service: Settings (Registry key, fixing failed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
    Command Service: Settings (Registry key, fixing failed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
    Command Service: Settings (Registry key, fixing failed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService\Security
    Smitfraud-C.: Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E}
    Smitfraud-C.CoreService: Data (File, fixed)
    C:\WINDOWS\system32\drivers\core.cache.dsk
    webHancer: User settings (Registry key, fixing failed)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}
    webHancer: User settings (Registry key, fixing failed)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}
    --- Spybot - Search && Destroy version: 1.3 ---
    2007-08-22 Includes\Cookies.sbi
    2007-07-25 Includes\Dialer.sbi
    2007-08-22 Includes\DialerC.sbi
    2007-07-11 Includes\Hijackers.sbi
    2007-08-22 Includes\HijackersC.sbi
    2007-07-25 Includes\Keyloggers.sbi
    2007-08-22 Includes\KeyloggersC.sbi
    2004-11-29 Includes\LSP.sbi
    2007-08-01 Includes\Malware.sbi
    2007-08-22 Includes\MalwareC.sbi
    2007-08-22 Includes\PUPS.sbi
    2007-08-22 Includes\PUPSC.sbi
    2007-08-22 Includes\Revision.sbi
    2007-05-30 Includes\Security.sbi
    2007-08-22 Includes\SecurityC.sbi
    2007-08-01 Includes\Spybots.sbi
    2007-08-22 Includes\SpybotsC.sbi
    2007-08-21 Includes\Tracks.uti
    2007-08-01 Includes\Trojans.sbi
    2007-08-22 Includes\TrojansC.sbi
    2007-06-06 Plugins\TCPIPAddress.dll


    Hijack this reads this:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:39:20 PM, on 10/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe
    C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    C:\WINDOWS\RGltZW5zaW9u\command.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\AcroTray.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\AcroTray.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe
    O4 - HKLM\..\Run: [Airlink101 WLAN Monitor] C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] I
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BM0b8ae2e1] Rundll32.exe "C:\WINDOWS\system32\jkodeflm.dll",s
    O4 - HKLM\..\Run: [08b9d17d] rundll32.exe "C:\WINDOWS\system32\tbggkkga.dll",b
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6234] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3707] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: ztbhus.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGltZW5zaW9u\command.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe


    Can anyone help me?

    I am sort of new to this stuff. I have sluggish performace and pop ups everywhere.

    Thanks!

    Leo​
     
  2. leeortz

    leeortz Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    2
    thanks!
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi Welcome to TSG!!

    Please update your version of HJT.
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.


    Please visit this webpage for instructions for downloading and running ComboFix.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/756769

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice