advertisment by adssite annoying pop ups analyse hijack log

alyoob · 01-04-2008, 11:23 PM

I have been experiencing pop ups from adssite and they have been annoying I have tryed everything to get rid of it can anyone help me. Here is my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:19 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1199309204\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops....gi3.0.84.2.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5593 bytes

**ceewi1** · 01-05-2008, 09:16 AM

Nothing obviously malicious in that log, but one item that should be removed.

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries:

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Please close all open windows except for HijackThis and choose Fix checked

Let's look a little deeper:

1. Please download this file - ComboFix to your desktop
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply together with a new HijackThis log. Is there any particular pattern to the popups? Are they advertising anything in particular?

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

alyoob · 01-05-2008, 04:42 PM

Here is the combofix file and another hijack log below

ComboFix 08-01-05.8 - HP_Owner 2008-01-05 8:21:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.64 [GMT -8:00]
Running from: C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\{58BE3~1
C:\WINDOWS\system32\v.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 08:33 . 2008-01-05 08:33 <DIR> d----c--- C:\095ced87e83065f49ae0
2008-01-05 08:29 . 2008-01-05 08:29 <DIR> d----c--- C:\WINDOWS\LastGood
2008-01-05 08:16 . 2008-01-05 08:16 <DIR> d----c--- C:\1ec2d66438cda6f2f120323c3338b8
2008-01-04 12:55 . 2007-09-24 23:31 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl
2008-01-04 09:11 . 2008-01-04 09:11 917,504 --a--c--- C:\WINDOWS\system32\FLASH.OCX
2008-01-04 08:24 . 2008-01-04 08:24 0 --a--c--- C:\WINDOWS\system32\CMMGR32.EXE
2008-01-04 08:24 . 2008-01-04 08:24 0 --a--c--- C:\WINDOWS\ORUN32.EXE
2008-01-02 15:37 . 2006-06-29 13:07 14,048 -----c--- C:\WINDOWS\system32\spmsg2.dll
2008-01-02 15:36 . 2008-01-02 15:36 <DIR> d----c--- C:\fbf5dd145e0f7bcc1f1b0070
2008-01-02 15:15 . 2006-11-12 22:02 288,768 -----c--- C:\WINDOWS\system32\rhttpaa.dll
2008-01-02 15:15 . 2006-11-12 22:02 116,736 -----c--- C:\WINDOWS\system32\aaclient.dll
2008-01-02 15:15 . 2006-11-12 22:02 36,352 -----c--- C:\WINDOWS\system32\tsgqec.dll
2008-01-02 13:41 . 2006-05-05 01:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-01-02 13:30 . 2008-01-02 13:30 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Sereniti
2007-12-30 22:50 . 2007-12-30 22:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-30 22:50 . 2008-01-04 08:08 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AVG7
2007-12-30 22:50 . 2007-12-30 23:01 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-30 22:45 . 2008-01-01 16:09 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-30 22:28 . 2007-12-30 22:29 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Yahoo!
2007-12-30 14:38 . 2007-12-30 14:38 <DIR> d----c--- C:\WINDOWS\system32\LogFiles
2007-12-30 14:38 . 2007-12-30 14:39 <DIR> d----c--- C:\WINDOWS\system32\drivers\UMDF
2007-12-30 14:27 . 2007-12-30 14:27 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-30 09:48 . 2007-12-30 09:48 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Motive
2007-12-30 09:43 . 2007-12-30 11:37 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-12-30 09:23 . 2007-12-30 09:23 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SUPERAntiSpyware.com
2007-12-29 18:36 . 2004-10-21 17:59 <DIR> d----c--- C:\Documents and Settings\Administrator.YOUR-03667082DE.002\WINDOWS
2007-12-29 18:36 . 2004-10-22 13:12 <DIR> d----c--- C:\Documents and Settings\Administrator.YOUR-03667082DE.002\Application Data\Symantec
2007-12-29 18:36 . 2004-10-21 18:52 <DIR> d----c--- C:\Documents and Settings\Administrator.YOUR-03667082DE.002\Application Data\Sonic
2007-12-29 18:36 . 2004-10-21 18:52 <DIR> d----c--- C:\Documents and Settings\Administrator.YOUR-03667082DE.002\Application Data\SampleView
2007-12-29 18:36 . 2004-10-21 17:58 <DIR> d----c--- C:\Documents and Settings\Administrator.YOUR-03667082DE.002\Application Data\Apple Computer
2007-12-29 08:44 . 2007-12-29 08:44 <DIR> d-------- C:\Program Files\interMute
2007-12-29 08:44 . 2007-12-29 08:47 2,154 --a--c--- C:\WINDOWS\system32\ssmute.ini
2007-12-28 21:03 . 2004-08-04 00:56 159,232 --a--c--- C:\WINDOWS\system32\ptpusd.dll
2007-12-28 21:03 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-28 21:03 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-28 21:03 . 2001-08-17 22:36 5,632 --a--c--- C:\WINDOWS\system32\ptpusb.dll
2007-12-28 21:01 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-28 21:01 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-28 21:01 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-28 21:01 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-28 20:28 . 2006-06-12 18:06 662,288 --a--c--- C:\WINDOWS\system32\MSComCt2.ocx
2007-12-28 20:28 . 2006-06-12 18:06 416,528 --a--c--- C:\WINDOWS\system32\Comct332.ocx
2007-12-28 20:28 . 2006-06-12 18:06 124,688 --a--c--- C:\WINDOWS\system32\MSWinSck.ocx
2007-12-28 20:04 . 2006-06-12 18:06 132,880 --a--c--- C:\WINDOWS\system32\MSINET.OCX
2007-12-28 19:53 . 2007-12-28 19:53 138,752 --a--c--- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-12-28 19:52 . 2008-01-04 08:09 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Spyware Terminator
2007-12-27 14:46 . 2007-12-27 14:46 <DIR> d---sc--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\UserData
2007-12-27 12:38 . 2007-12-27 12:38 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AdobeUM
2007-12-27 06:55 . 2007-02-28 01:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-12-27 06:55 . 2007-02-28 01:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-12-27 06:55 . 2007-02-28 00:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-12-27 06:55 . 2007-02-28 00:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-12-26 21:09 . 2006-10-16 16:10 23,856 --a--c--- C:\WINDOWS\system32\spupdsvc.exe
2007-12-26 20:39 . 2007-12-26 20:39 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\CopyTransPhoto
2007-12-26 19:53 . 2007-12-26 19:53 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\CopyTrans
2007-12-26 19:21 . 2007-12-26 19:21 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SyncGuardian
2007-12-26 19:21 . 2007-12-26 19:21 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\iLibs
2007-12-26 19:21 . 2007-12-26 19:21 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\iCloner
2007-12-26 18:33 . 2007-12-26 18:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-26 18:18 . 2007-12-26 18:18 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Talkback
2007-12-26 17:24 . 2007-12-26 17:24 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Template
2007-12-26 17:24 . 2007-12-31 10:52 4,662 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\wklnhst.dat
2007-12-26 17:19 . 2007-12-26 17:19 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Viewpoint
2007-12-26 17:18 . 2007-12-26 17:18 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL
2007-12-26 17:18 . 2003-01-10 13:13 33,588 -ra--c--- C:\WINDOWS\system32\drivers\wanatw4.sys
2007-12-26 17:18 . 2007-04-13 09:30 25,136 -ra--c--- C:\WINDOWS\system32\drivers\ATWPKT2.SYS
2007-12-26 17:17 . 2007-12-26 17:03 213 -rahsc--- C:\BOOT.BAK
2007-12-26 17:14 . 2004-10-21 17:59 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\WINDOWS
2007-12-26 17:14 . 2004-10-22 13:12 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Symantec
2007-12-26 17:14 . 2004-10-21 18:52 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Sonic
2007-12-26 17:14 . 2004-10-21 18:52 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SampleView
2007-12-26 17:14 . 2004-10-21 17:58 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Apple Computer
2007-12-26 17:14 . 2004-08-04 04:00 221,184 --a--c--- C:\WINDOWS\system32\wmpns.dll
2007-12-26 17:14 . 2007-12-26 17:14 1,865 -rahsc--- C:\WINDOWS\system32\drivers\103C_HP_CPC_PP164AA-ABA a810n_YC_0Pavi_QMXM503_E51NAheBLU3_47_ISalmon_SASU STek Computer INC._V1.04_B3.04_T041029_WXH2_L409_M384_J160_7AMD_ 8Athlon 64_92.41_#060605_N10390900_Z11C1048C_G10396330.MRK
2007-12-26 17:11 . 2004-10-21 17:59 <DIR> d----c--- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2007-12-26 17:10 . 2003-09-10 23:36 21,060 -----c--- C:\WINDOWS\system32\drivers\iviaspi.sys
2007-12-26 17:10 . 2003-09-19 01:47 10,368 -----c--- C:\WINDOWS\system32\drivers\pfc.sys
2007-12-26 17:09 . 2004-04-16 11:24 61,440 --a--c--- C:\WINDOWS\system32\ISUSPM.cpl
2007-12-26 17:07 . 2004-09-27 14:09 204,800 --a--c--- C:\WINDOWS\system32\IVIresizeW7.dll
2007-12-26 17:07 . 2004-09-27 14:09 200,704 --a--c--- C:\WINDOWS\system32\IVIresizeA6.dll
2007-12-26 17:07 . 2004-09-27 14:09 192,512 --a--c--- C:\WINDOWS\system32\IVIresizeP6.dll
2007-12-26 17:07 . 2004-09-27 14:09 192,512 --a--c--- C:\WINDOWS\system32\IVIresizeM6.dll
2007-12-26 17:07 . 2004-09-27 14:09 188,416 --a--c--- C:\WINDOWS\system32\IVIresizePX.dll
2007-12-26 17:07 . 2004-09-27 14:09 20,480 --a--c--- C:\WINDOWS\system32\IVIresize.dll
2007-12-26 17:05 . 2007-12-26 17:05 <DIR> d-------- C:\Program Files\SiS VGA Utilities V3.63
2007-12-26 15:59 . 2007-12-26 17:05 <DIR> d----c--- C:\WINDOWS\system32\trayres
2007-12-26 15:59 . 2004-09-24 02:47 331,776 --a--c--- C:\WINDOWS\system32\sistray.exe
2007-12-26 15:59 . 2007-12-26 17:05 190,524 --a--c--- C:\WINDOWS\system32\VGAunistlog.ini
2007-12-26 15:59 . 2004-09-24 08:44 184,320 -----c--- C:\WINDOWS\system32\SiSApCom.dll
2007-12-26 15:59 . 2004-09-24 08:49 110,592 -----c--- C:\WINDOWS\system32\TVMode.dll
2007-12-26 15:59 . 2004-08-03 23:10 61,056 --a--c--- C:\WINDOWS\system32\drivers\ohci1394.sys
2007-12-26 15:59 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\drivers\1394bus.sys
2007-12-26 15:59 . 2004-09-24 08:49 49,152 --a--c--- C:\WINDOWS\system32\SiSPower.dll
2007-12-26 15:59 . 2001-08-17 13:46 6,400 --a--c--- C:\WINDOWS\system32\drivers\enum1394.sys
2007-12-26 09:53 . 2008-01-04 14:50 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-12-26 09:06 . 2007-12-26 09:06 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-26 09:05 . 2007-12-26 09:06 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Nokia
2007-12-26 09:04 . 2007-12-26 09:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-26 09:04 . 2007-12-26 09:06 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\PC Suite
2007-12-26 09:02 . 2007-12-26 09:02 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 05:17 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 19:43 233472]
"SiSPower"="SiSPower.dll" [2004-09-24 08:49 49152 C:\WINDOWS\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 16:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-30 14:26 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"wextract_cleanup0"="C:\WINDOWS\system32\advpack.d ll" [2004-08-04 04:00 99840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-30 22:50 219136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a--c--- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a--c--- 2005-07-12 05:17 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2007-12-31 18:25 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
--a------ 2007-12-30 22:50 219136 C:\PROGRA~1\Grisoft\AVG7\avgw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-04-12 13:23 42032 C:\Program Files\Common Files\AOL\1199309204\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a--c--- 2004-06-07 17:42 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 17:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 15:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-08-20 21:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 20:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2003-12-17 23:31 118784 C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a--c--- 2007-11-04 12:21 2832384 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2006-10-18 11:36 1294336 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 07:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a--c--- 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-28 19:53]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 02:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 00:21:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-04 23:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 08:34:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\idndl.dll 26112 bytes executable
C:\WINDOWS\system32\normaliz.dll 23552 bytes executable
C:\WINDOWS\system32\normidna.nls 59342 bytes
C:\WINDOWS\system32\normnfc.nls 45794 bytes
C:\WINDOWS\system32\normnfd.nls 39284 bytes
C:\WINDOWS\system32\normnfkc.nls 66384 bytes
C:\WINDOWS\system32\normnfkd.nls 60294 bytes

scan completed successfully
hidden files: 7

************************************************** ************************
.
Completion time: 2008-01-05 8:36:36
ComboFix-quarantined-files.txt 2008-01-05 16:35:49
.
2007-12-27 05:09:38 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:05 AM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1199309204\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops....gi3.0.84.2.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6280 bytes

**ceewi1** · 01-06-2008, 10:05 AM

Please download AVG Anti-Spyware from HERE and save that file to your desktop.

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon Update.
- Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
Once in the Settings screen click on Recommended actions and then select Quarantine.
Under Reports
- Select Do not automatically generate reports
- Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process.
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware

I'd also like to see an uninstall list:

Please run HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Please copy and paste the contents of that notepad into a reply in this topic.

Please post both the AVG Antispyware report and the uninstall list.

alyoob · 01-06-2008, 04:37 PM

Here are the text file reports you asked for

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:34:32 AM 1/6/2008

+ Scan result:

C:\Documents and Settings\HP_Owner.YOUR-03667082DE\My Documents\Alfred stuff\important aol folder\DTAC.EXE -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP11\A0005942.exe -> Not-A-Virus.Adware.NewWeb : Cleaned with backup (quarantined).

::Report end

Ad-Aware 2007
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AVG 7.5
AVG Anti-Spyware 7.5
Blubster 2.6.9
ESET Online Scanner
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.2.3
HP Image Zone Plus 4.2.3
HP Organize
HP Photosmart Cameras 4.0
HP PSC & OfficeJet 4.0
HP PSC 1600 series
HP Software Update
HPIZ423
IntelliMover Data Transfer Demo
InterVideo DiscLabel
InterVideo WinDVD Creator
InterVideo WinDVD Player
iTunes
Java(TM) 6 Update 3
KBD
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser
muvee autoProducer 3.5 magicMoments - HPD
PC-Doctor for Windows
Photosmart 320,370,7400,8100,8400 Series
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealPlayer
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
SiS VGA Utilities
Sonic Express Labeler
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
SpywareBlaster v3.5.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Updates from HP
Viewpoint Media Player
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

**ceewi1** · 01-07-2008, 10:15 AM

OK, that's a little unfortunate. This adware usually has an uninstaller, but it appears that it's been removed by an antispyware program that hasn't dealt with the actual infection. Looks like we'll have to do it the hard way, which involves reinstalling Firefox and purging all it's files.

Please download the installer for Mozilla Firefox from http://en.www.mozilla.com/en/, but do not run it yet.

Please print these instructions, or copy them to a Notepad document as you will need to close your web browser for part of this fix.

Please uninstall Mozilla Firefox:
Please click on Start -> Control Panel -> Add or Remove Programs. If Mozilla Firefox appears, click on it and click Remove.

Please set Windows to show hidden files:

From any folder, select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please delete the following folders:
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Mozilla\Firefox
C:\Program Files\Mozilla Firefox

If there are any other user profiles on your computer, please also delete the following folder, replacing [User Name] with the actual user name for each.
C:\Documents and Settings\[User Name]\Application Data\Mozilla\Firefox

Please reboot your PC.

Please run the Firefox installer you downloaded earlier and reinstall Firefox.

Please download Registry Search and doubleclick to start it. Enter adssite in the edit and click OK. Notepad will be opened with text in it (the file will be saved in the program's folder as well).

Please post the contents of that notepad document. Are the popups still present?

alyoob · 01-08-2008, 04:17 AM

Here is what you requested

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 1/7/2008 8:16:18 PM for strings:
; 'adssite'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_CURRENT_USER\Software\Microsoft\adssite]

; End Of The Log...

**ceewi1** · 01-08-2008, 04:47 AM

Please run Notepad and paste the contents of the codebox into a new file. Please do not include the word Code:

Code:

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\adssite]

Save the file to the desktop as fix.reg and make sure the Save as Type field says All Files. Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Are you still getting any adssite popups?

alyoob · 01-08-2008, 04:54 AM

Some websites that i go to generate the pop up. I am not sure if there is still pop ups from adssite. I made a search in my registry and i found adssite in it any idea what to do about it.

**ceewi1** · 01-08-2008, 06:52 AM

Delete any registry entries mentioning adssite. Reboot and do another search and see if they are still there.

Were there any problems deleting the Firefox folders?

01-04-2008, 11:23 PM	#1 (permalink)
alyoob Silver Member Join Date: Sep 2005 Age: 21 Posts: 106	advertisment by adssite annoying pop ups analyse hijack log I have been experiencing pop ups from adssite and they have been annoying I have tryed everything to get rid of it can anyone help me. Here is my hijack log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:42:19 PM, on 1/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\AOL\1199309204\ee\aolsoftware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops....gi3.0.84.2.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 5593 bytes

01-05-2008, 09:16 AM	#2 (permalink)
ceewi1 Moderator Join Date: Dec 2005 Location: Melbourne, Australia Age: 21 Posts: 5,097	Nothing obviously malicious in that log, but one item that should be removed. Please run HijackThis and choose Do a system scan only. Place a check next to the following entries: O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE Please close all open windows except for HijackThis and choose Fix checked Let's look a little deeper: 1. Please download this file - ComboFix to your desktop 2. Double click ComboFix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply together with a new HijackThis log. Is there any particular pattern to the popups? Are they advertising anything in particular? Note: Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall __________________ CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: XFX 7900GT RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 1TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. Useful PSU Guides

01-06-2008, 10:05 AM	#4 (permalink)
ceewi1 Moderator Join Date: Dec 2005 Location: Melbourne, Australia Age: 21 Posts: 5,097	Please download AVG Anti-Spyware from HERE and save that file to your desktop. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files. On the main screen select the icon Update. Next select the Start Update button, the update will start and a progress bar will show the updates being installed. Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab. Once in the Settings screen click on Recommended actions and then select Quarantine. Under Reports Select Do not automatically generate reports Un-Select Only if threats were found Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: If you have any infections you will prompted, then select Apply all actions Next select the Reports icon at the top. Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). Close AVG Anti-Spyware I'd also like to see an uninstall list: Please run HijackThis Click on the Config button Click on the Misc Tools button Click on the Open Uninstall Manager button. You will see a list with the programs installed in your computer. Click on save list button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Please copy and paste the contents of that notepad into a reply in this topic. Please post both the AVG Antispyware report and the uninstall list. __________________ CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: XFX 7900GT RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 1TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. Useful PSU Guides

01-07-2008, 10:15 AM	#6 (permalink)
ceewi1 Moderator Join Date: Dec 2005 Location: Melbourne, Australia Age: 21 Posts: 5,097	OK, that's a little unfortunate. This adware usually has an uninstaller, but it appears that it's been removed by an antispyware program that hasn't dealt with the actual infection. Looks like we'll have to do it the hard way, which involves reinstalling Firefox and purging all it's files. Please download the installer for Mozilla Firefox from http://en.www.mozilla.com/en/, but do not run it yet. Please print these instructions, or copy them to a Notepad document as you will need to close your web browser for part of this fix. Please uninstall Mozilla Firefox: Please click on Start -> Control Panel -> Add or Remove Programs. If Mozilla Firefox appears, click on it and click Remove. Please set Windows to show hidden files: From any folder, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Please delete the following folders: C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Mozilla\Firefox C:\Program Files\Mozilla Firefox If there are any other user profiles on your computer, please also delete the following folder, replacing [User Name] with the actual user name for each. C:\Documents and Settings\[User Name]\Application Data\Mozilla\Firefox Please reboot your PC. Please run the Firefox installer you downloaded earlier and reinstall Firefox. Please download Registry Search and doubleclick to start it. Enter adssite in the edit and click OK. Notepad will be opened with text in it (the file will be saved in the program's folder as well). Please post the contents of that notepad document. Are the popups still present? __________________ CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: XFX 7900GT RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 1TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. Useful PSU Guides

01-08-2008, 04:47 AM	#8 (permalink)
ceewi1 Moderator Join Date: Dec 2005 Location: Melbourne, Australia Age: 21 Posts: 5,097	Please run Notepad and paste the contents of the codebox into a new file. Please do not include the word Code: Code: REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\adssite] Save the file to the desktop as fix.reg and make sure the Save as Type field says All Files. Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry. Are you still getting any adssite popups? __________________ CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: XFX 7900GT RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 1TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. Useful PSU Guides

01-06-2008, 04:37 PM	#5 (permalink)
alyoob Silver Member Join Date: Sep 2005 Age: 21 Posts: 106	Here are the text file reports you asked for --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 8:34:32 AM 1/6/2008 + Scan result: C:\Documents and Settings\HP_Owner.YOUR-03667082DE\My Documents\Alfred stuff\important aol folder\DTAC.EXE -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP11\A0005942.exe -> Not-A-Virus.Adware.NewWeb : Cleaned with backup (quarantined). ::Report end Ad-Aware 2007 Adobe Acrobat - Reader 6.0.2 Update Adobe Flash Player ActiveX Adobe Reader 6.0.1 Agere Systems PCI Soft Modem AOL Uninstaller (Choose which Products to Remove) Apple Mobile Device Support Apple Software Update AVG 7.5 AVG Anti-Spyware 7.5 Blubster 2.6.9 ESET Online Scanner Help and Support Additions High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Deskjet Preloaded Printer Drivers HP Image Zone 4.2.3 HP Image Zone Plus 4.2.3 HP Organize HP Photosmart Cameras 4.0 HP PSC & OfficeJet 4.0 HP PSC 1600 series HP Software Update HPIZ423 IntelliMover Data Transfer Demo InterVideo DiscLabel InterVideo WinDVD Creator InterVideo WinDVD Player iTunes Java(TM) 6 Update 3 KBD Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser muvee autoProducer 3.5 magicMoments - HPD PC-Doctor for Windows Photosmart 320,370,7400,8100,8400 Series PS2 Python 2.2 combined Win32 extensions Python 2.2.1 QuickTime RealPlayer Rhapsody Player Engine Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB944653) SiS VGA Utilities Sonic Express Labeler Sonic RecordNow! Sonic Update Manager Spybot - Search & Destroy SpywareBlaster v3.5.1 Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925876) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Updates from HP Viewpoint Media Player Windows Defender Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Yahoo! Browser Services Yahoo! Install Manager Yahoo! Messenger Yahoo! Toolbar

01-08-2008, 04:17 AM	#7 (permalink)
alyoob Silver Member Join Date: Sep 2005 Age: 21 Posts: 106	Here is what you requested Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 1/7/2008 8:16:18 PM for strings: ; 'adssite' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_CURRENT_USER\Software\Microsoft\adssite] ; End Of The Log...

01-08-2008, 04:54 AM	#9 (permalink)
alyoob Silver Member Join Date: Sep 2005 Age: 21 Posts: 106	Some websites that i go to generate the pop up. I am not sure if there is still pop ups from adssite. I made a search in my registry and i found adssite in it any idea what to do about it. Last edited by alyoob; 01-08-2008 at 05:00 AM.

01-08-2008, 06:52 AM	#10 (permalink)
ceewi1 Moderator Join Date: Dec 2005 Location: Melbourne, Australia Age: 21 Posts: 5,097	Delete any registry entries mentioning adssite. Reboot and do another search and see if they are still there. Were there any problems deleting the Firefox folders? __________________ CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: XFX 7900GT RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 1TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. Useful PSU Guides

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Pop Ups!!!!!!!!!!!!!	GIGA MAN	Computer Security	9	07-17-2006 07:23 AM
pop ups after spyware scans, Hijack this log included.	celsdogg	Computer Security	5	04-02-2006 05:09 PM
hijack this log,, my computer has a black screen pop up and go away...	laar	Computer Security	1	01-28-2006 08:40 PM
Annoying Pop Ups	Daz @ home	Computer Security	9	04-12-2005 03:28 PM