Hi, i keep getting internet explorer pop ups, i have pop up blocker installed, and still they keep coming up, some of the pop ups are like streaming videos, which drastically slows down the machine, if i am playing games ect., and sometimes i get the pop up saying that i should download spyware tools ect., and i noticed since this problem started happening, my machine takes longer to boot up, any help would be appreciated
Hi Haomaru, First, let’s do a little Pre-Cleaning and Post some Logs so we can see what’s going on… Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet. Please download and install SUPERAntiSpyware Free • Double-click SUPERAntiSypware.exe and use the default settings for installation. • An icon will be created on your desktop. Double-click that icon to launch the program. • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)[/i] • Under the "Configuration and Preferences", click the Preferences... button. • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked. • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. • Click the "Close" button to leave the control center screen and exit the program. • Do not run a scan just yet. Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Double-click ATF-Cleaner.exe to run the program. • Under Main "Select Files to Delete" choose: Select All. • Click the Empty Selected button. • If you use Firefox browser click Firefox at the top and choose: Select All • Click the Empty Selected button. If you would like to keep your saved passwords, please click No at the prompt. • If you use Opera browser click Opera at the top and choose: Select All • Click the Empty Selected button. If you would like to keep your saved passwords, please click No at the prompt. • Click Exit on the Main menu to close the program. Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator". Scan with SUPERAntiSpyware as follows: • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer. • On the left, make sure you check C:\Fixed Drive. • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next". • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". • Make sure everything has a checkmark next to it and click "Next". • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. • If asked if you want to reboot, click "Yes" and reboot normally. • To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. • Click Close to exit the program. Reboot to Normal Mode Download and Run HijackThis Download HJTInstall.exe to your Desktop. • Doubleclick HJTInstall.exe to install it. • By default it will install to C:\Program Files\Trend Micro\HijackThis . • Click on Install. • It will create a HijackThis icon on the desktop. • Once installed, it will launch Hijackthis. • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. • Copy/Paste the log to your next reply please. Make an uninstall list using HijackThis To access the Uninstall Manager you would do the following: 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply. Please post the HijackThis log, SUPERAntiSpyware Log and Uninstall list in your next reply. 2OG
Thanks for the reply 2old, are are the logs Super Anti Spyware Log SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/25/2008 at 08:27 PM Application Version : 4.15.1000 Core Rules Database Version : 3490 Trace Rules Database Version: 1481 Scan type : Complete Scan Total Scan Time : 01:05:09 Memory items scanned : 167 Memory threats detected : 0 Registry items scanned : 5758 Registry threats detected : 14 File items scanned : 63167 File threats detected : 101 Adware.Tracking Cookie C:\Documents and Settings\Fishers\Cookies\fishers@realmedia[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@ads.pointroll[1].txt C:\Documents and Settings\Fishers\Cookies\fishers@media.adrevolver[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@tribalfusion[1].txt C:\Documents and Settings\Fishers\Cookies\fishers@network.realmedia[1].txt C:\Documents and Settings\Fishers\Cookies\fishers@adopt.specificclick[1].txt C:\Documents and Settings\Fishers\Cookies\fishers@mediaplex[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@advertising[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@www.burstnet[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@www.burstbeacon[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@casalemedia[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@dynamic.media.adrevolver[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@bs.serving-sys[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@atdmt[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@questionmarket[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@imrworldwide[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@ads.monster[1].txt C:\Documents and Settings\Fishers\Cookies\fishers@serving-sys[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@fastclick[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@adbrite[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@adrevolver[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@doubleclick[1].txt C:\Documents and Settings\Fishers\Cookies\fishers@revsci[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@mytf2.hlstatsx[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@media6degrees[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@trafficmp[1].txt C:\Documents and Settings\Fishers\Cookies\fishers@medtrackalert[1].txt C:\Documents and Settings\Fishers\Cookies\fishers@ad2.doublepimp[1].txt C:\Documents and Settings\Fishers\Cookies\fishers@insightexpressai[1].txt C:\Documents and Settings\Fishers\Cookies\fishers@adopt.euroclick[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@ads.revsci[1].txt C:\Documents and Settings\Fishers\Cookies\fishers@www.googleadservices[1].txt C:\Documents and Settings\Fishers\Cookies\fishers@indiads[1].txt C:\Documents and Settings\Fishers\Cookies\fishers@specificclick[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@apmebf[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@media.adrevolver[1].txt C:\Documents and Settings\Fishers\Cookies\fishers@bluestreak[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@zedo[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@burstnet[2].txt C:\Documents and Settings\Fishers\Cookies\fishers@videoegg.adbureau[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@ad.yieldmanager[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@adbrite[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@adecn[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@adlegend[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@adnetserver[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@adopt.euroclick[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@adopt.specificclick[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@adrevolver[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@adrevolver[3].txt D:\Documents and Settings\Fishers\Cookies\fishers@ads.addynamix[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@ads.clicksor[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@ads.revsci[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@ads.vlaze[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@adserver.easyad[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@adultfriendfinder[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@advertising[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@affiliate.wordtracker[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@atdmt[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@azjmp[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@bluestreak[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@burstnet[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@cache.trafficmp[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@casalemedia[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@consumergain[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@da-tracking[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@dealtime[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@doubleclick[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@dynamic.media.adrevolver[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@hornymatches[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@linksynergy[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@media.adrevolver[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@media.adrevolver[3].txt D:\Documents and Settings\Fishers\Cookies\fishers@media6degrees[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@myroitracking[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@precisionclick[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@realmedia[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@serve.clickbooth[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@servedby.adxpower[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@servedby.adxpower[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@specificclick[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@stat.dealtime[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@statcounter[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@trafficmp[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@tremor.adbureau[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@tribalfusion[2].txt D:\Documents and Settings\Fishers\Cookies\fishers@www.burstbeacon[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@www.burstnet[1].txt D:\Documents and Settings\Fishers\Cookies\fishers@zedo[2].txt Adware.ClickSpring/Outer Info Network HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion Trojan.DNSChanger-Codec HKU\S-1-5-21-1004336348-1965331169-725345543-1003\Software\GetModule HKU\S-1-5-21-1004336348-1965331169-725345543-1003\Software\GetPack HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck#UninstallString Adware.AdSponsor/ISM C:\Program Files\GetModule\dicik.gz C:\Program Files\GetModule\GetModule19.exe C:\Program Files\GetModule\kwdik.gz C:\Program Files\GetModule\pckik.dat C:\Program Files\GetModule C:\Program Files\GetPack\dictame.gz C:\Program Files\GetPack\GetPack19.exe C:\Program Files\GetPack\trgtame.gz C:\Program Files\GetPack C:\Program Files\iCheck\iCheck.exe C:\Program Files\iCheck\Uninstall.exe C:\Program Files\iCheck Adware.ClickSpring/Yazzle C:\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE Hijackthis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:04:18 PM, on 6/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: tspchefk - {f820d4ed-de89-4bca-a40b-83cabddc91d3} - C:\Documents and Settings\All Users\Application Data\tspchefk.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7750 bytes Uninstall List Adobe Flash Player ActiveX Alive 3GP Video Converter (version 1.8.3.6) Any Video Converter Professional 2.5.9 BChanger FlashGet 1.9.6.1073 HijackThis 2.0.2 Hotfix for Windows XP (KB915865) Java(TM) 6 Update 6 Kaspersky Anti-Virus 2009 Kaspersky Anti-Virus 2009 LimeWire PRO 4.18.2 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable MSVC80_x86 MSXML 6.0 Parser Nero 8 neroxml Nokia Connectivity Cable Driver Nokia Flashing Cable Driver Nokia PC Suite Nokia PC Suite Nokia Software Updater NSS (remove only) NVIDIA Drivers PC Connectivity Solution QuickTime Sound Blaster Live! Web 2K/XP Steam SUPERAntiSpyware Free Edition VCRedistSetup VideoLAN VLC media player 0.8.6f Windows Driver Package - Nokia Modem (03/05/2008 3.7) Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) Windows Internet Explorer 7 Windows Live Messenger Windows Media Format Runtime WinRAR archiver Yahoo! ¤u¨ã¦C Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger
Hey Haomaru, Do you still have POP-UPS??? Let me know. Meantime do this: Goto > Start > control panel > Add/remove programs and uninstall -> BChanger Fix These lines in HijackThis: If they are still there O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) If you know this one, leave it, if not, Fix it. O21 - SSODL: tspchefk - {f820d4ed-de89-4bca-a40b-83cabddc91d3} - C:\Documents and Settings\All Users\Application Data\tspchefk.dll Use the Search in Windows Explorer and delete the following files/folders, if they exist: C:\Program Files\BChanger\bchanger.dll C:\Documents and Settings\All Users\Application Data\tspchefk.dll Post a fresh HJT Log and let me know what’s happening.. 2OG
Thanks again O2, well i was able to fix via these files via HJT O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O21 - SSODL: tspchefk - {f820d4ed-de89-4bca-a40b-83cabddc91d3} - C:\Documents and Settings\All Users\Application Data\tspchefk.dll But was unable to delete these C:\Program Files\BChanger\bchanger.dll C:\Documents and Settings\All Users\Application Data\tspchefk.dll i got access denied error msg. New HJT Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:16:27 AM, on 6/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7218 bytes
Hey Haomaru, Well your Log is as Clean as an Old Maid’s Parlor. You may be able to delete those files in Safe Mode. I don’t think they will give you any problems but give it a try. Holler if anything turns up. 2OG
