advertisment by adssite annoying pop ups analyse hijack log

alyoob

alyoob

Member
I have been experiencing pop ups from adssite and they have been annoying I have tryed everything to get rid of it can anyone help me. Here is my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:19 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1199309204\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5593 bytes
 
Nothing obviously malicious in that log, but one item that should be removed.

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries:
  • O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
Please close all open windows except for HijackThis and choose Fix checked

Let's look a little deeper:

1. Please download this file - ComboFix to your desktop
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply together with a new HijackThis log. Is there any particular pattern to the popups? Are they advertising anything in particular?

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall
 
Here is the combofix file and another hijack log below


ComboFix 08-01-05.8 - HP_Owner 2008-01-05 8:21:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.64 [GMT -8:00]
Running from: C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\{58BE3~1
C:\WINDOWS\system32\v.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 08:33 . 2008-01-05 08:33 <DIR> d----c--- C:\095ced87e83065f49ae0
2008-01-05 08:29 . 2008-01-05 08:29 <DIR> d----c--- C:\WINDOWS\LastGood
2008-01-05 08:16 . 2008-01-05 08:16 <DIR> d----c--- C:\1ec2d66438cda6f2f120323c3338b8
2008-01-04 12:55 . 2007-09-24 23:31 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl
2008-01-04 09:11 . 2008-01-04 09:11 917,504 --a--c--- C:\WINDOWS\system32\FLASH.OCX
2008-01-04 08:24 . 2008-01-04 08:24 0 --a--c--- C:\WINDOWS\system32\CMMGR32.EXE
2008-01-04 08:24 . 2008-01-04 08:24 0 --a--c--- C:\WINDOWS\ORUN32.EXE
2008-01-02 15:37 . 2006-06-29 13:07 14,048 -----c--- C:\WINDOWS\system32\spmsg2.dll
2008-01-02 15:36 . 2008-01-02 15:36 <DIR> d----c--- C:\fbf5dd145e0f7bcc1f1b0070
2008-01-02 15:15 . 2006-11-12 22:02 288,768 -----c--- C:\WINDOWS\system32\rhttpaa.dll
2008-01-02 15:15 . 2006-11-12 22:02 116,736 -----c--- C:\WINDOWS\system32\aaclient.dll
2008-01-02 15:15 . 2006-11-12 22:02 36,352 -----c--- C:\WINDOWS\system32\tsgqec.dll
2008-01-02 13:41 . 2006-05-05 01:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-01-02 13:30 . 2008-01-02 13:30 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Sereniti
2007-12-30 22:50 . 2007-12-30 22:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-30 22:50 . 2008-01-04 08:08 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AVG7
2007-12-30 22:50 . 2007-12-30 23:01 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-30 22:45 . 2008-01-01 16:09 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-30 22:28 . 2007-12-30 22:29 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Yahoo!
2007-12-30 14:38 . 2007-12-30 14:38 <DIR> d----c--- C:\WINDOWS\system32\LogFiles
2007-12-30 14:38 . 2007-12-30 14:39 <DIR> d----c--- C:\WINDOWS\system32\drivers\UMDF
2007-12-30 14:27 . 2007-12-30 14:27 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-30 09:48 . 2007-12-30 09:48 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Motive
2007-12-30 09:43 . 2007-12-30 11:37 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-12-30 09:23 . 2007-12-30 09:23 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SUPERAntiSpyware.com
2007-12-29 18:36 . 2004-10-21 17:59 <DIR> d----c--- C:\Documents and Settings\Administrator.YOUR-03667082DE.002\WINDOWS
2007-12-29 18:36 . 2004-10-22 13:12 <DIR> d----c--- C:\Documents and Settings\Administrator.YOUR-03667082DE.002\Application Data\Symantec
2007-12-29 18:36 . 2004-10-21 18:52 <DIR> d----c--- C:\Documents and Settings\Administrator.YOUR-03667082DE.002\Application Data\Sonic
2007-12-29 18:36 . 2004-10-21 18:52 <DIR> d----c--- C:\Documents and Settings\Administrator.YOUR-03667082DE.002\Application Data\SampleView
2007-12-29 18:36 . 2004-10-21 17:58 <DIR> d----c--- C:\Documents and Settings\Administrator.YOUR-03667082DE.002\Application Data\Apple Computer
2007-12-29 08:44 . 2007-12-29 08:44 <DIR> d-------- C:\Program Files\interMute
2007-12-29 08:44 . 2007-12-29 08:47 2,154 --a--c--- C:\WINDOWS\system32\ssmute.ini
2007-12-28 21:03 . 2004-08-04 00:56 159,232 --a--c--- C:\WINDOWS\system32\ptpusd.dll
2007-12-28 21:03 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-28 21:03 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-28 21:03 . 2001-08-17 22:36 5,632 --a--c--- C:\WINDOWS\system32\ptpusb.dll
2007-12-28 21:01 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-28 21:01 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-28 21:01 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-28 21:01 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-28 20:28 . 2006-06-12 18:06 662,288 --a--c--- C:\WINDOWS\system32\MSComCt2.ocx
2007-12-28 20:28 . 2006-06-12 18:06 416,528 --a--c--- C:\WINDOWS\system32\Comct332.ocx
2007-12-28 20:28 . 2006-06-12 18:06 124,688 --a--c--- C:\WINDOWS\system32\MSWinSck.ocx
2007-12-28 20:04 . 2006-06-12 18:06 132,880 --a--c--- C:\WINDOWS\system32\MSINET.OCX
2007-12-28 19:53 . 2007-12-28 19:53 138,752 --a--c--- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-12-28 19:52 . 2008-01-04 08:09 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Spyware Terminator
2007-12-27 14:46 . 2007-12-27 14:46 <DIR> d---sc--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\UserData
2007-12-27 12:38 . 2007-12-27 12:38 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AdobeUM
2007-12-27 06:55 . 2007-02-28 01:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-12-27 06:55 . 2007-02-28 01:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-12-27 06:55 . 2007-02-28 00:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-12-27 06:55 . 2007-02-28 00:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-12-26 21:09 . 2006-10-16 16:10 23,856 --a--c--- C:\WINDOWS\system32\spupdsvc.exe
2007-12-26 20:39 . 2007-12-26 20:39 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\CopyTransPhoto
2007-12-26 19:53 . 2007-12-26 19:53 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\CopyTrans
2007-12-26 19:21 . 2007-12-26 19:21 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SyncGuardian
2007-12-26 19:21 . 2007-12-26 19:21 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\iLibs
2007-12-26 19:21 . 2007-12-26 19:21 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\iCloner
2007-12-26 18:33 . 2007-12-26 18:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-26 18:18 . 2007-12-26 18:18 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Talkback
2007-12-26 17:24 . 2007-12-26 17:24 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Template
2007-12-26 17:24 . 2007-12-31 10:52 4,662 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\wklnhst.dat
2007-12-26 17:19 . 2007-12-26 17:19 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Viewpoint
2007-12-26 17:18 . 2007-12-26 17:18 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL
2007-12-26 17:18 . 2003-01-10 13:13 33,588 -ra--c--- C:\WINDOWS\system32\drivers\wanatw4.sys
2007-12-26 17:18 . 2007-04-13 09:30 25,136 -ra--c--- C:\WINDOWS\system32\drivers\ATWPKT2.SYS
2007-12-26 17:17 . 2007-12-26 17:03 213 -rahsc--- C:\BOOT.BAK
2007-12-26 17:14 . 2004-10-21 17:59 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\WINDOWS
2007-12-26 17:14 . 2004-10-22 13:12 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Symantec
2007-12-26 17:14 . 2004-10-21 18:52 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Sonic
2007-12-26 17:14 . 2004-10-21 18:52 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SampleView
2007-12-26 17:14 . 2004-10-21 17:58 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Apple Computer
2007-12-26 17:14 . 2004-08-04 04:00 221,184 --a--c--- C:\WINDOWS\system32\wmpns.dll
2007-12-26 17:14 . 2007-12-26 17:14 1,865 -rahsc--- C:\WINDOWS\system32\drivers\103C_HP_CPC_PP164AA-ABA a810n_YC_0Pavi_QMXM503_E51NAheBLU3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.04_T041029_WXH2_L409_M384_J160_7AMD_8Athlon 64_92.41_#060605_N10390900_Z11C1048C_G10396330.MRK
2007-12-26 17:11 . 2004-10-21 17:59 <DIR> d----c--- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2007-12-26 17:10 . 2003-09-10 23:36 21,060 -----c--- C:\WINDOWS\system32\drivers\iviaspi.sys
2007-12-26 17:10 . 2003-09-19 01:47 10,368 -----c--- C:\WINDOWS\system32\drivers\pfc.sys
2007-12-26 17:09 . 2004-04-16 11:24 61,440 --a--c--- C:\WINDOWS\system32\ISUSPM.cpl
2007-12-26 17:07 . 2004-09-27 14:09 204,800 --a--c--- C:\WINDOWS\system32\IVIresizeW7.dll
2007-12-26 17:07 . 2004-09-27 14:09 200,704 --a--c--- C:\WINDOWS\system32\IVIresizeA6.dll
2007-12-26 17:07 . 2004-09-27 14:09 192,512 --a--c--- C:\WINDOWS\system32\IVIresizeP6.dll
2007-12-26 17:07 . 2004-09-27 14:09 192,512 --a--c--- C:\WINDOWS\system32\IVIresizeM6.dll
2007-12-26 17:07 . 2004-09-27 14:09 188,416 --a--c--- C:\WINDOWS\system32\IVIresizePX.dll
2007-12-26 17:07 . 2004-09-27 14:09 20,480 --a--c--- C:\WINDOWS\system32\IVIresize.dll
2007-12-26 17:05 . 2007-12-26 17:05 <DIR> d-------- C:\Program Files\SiS VGA Utilities V3.63
2007-12-26 15:59 . 2007-12-26 17:05 <DIR> d----c--- C:\WINDOWS\system32\trayres
2007-12-26 15:59 . 2004-09-24 02:47 331,776 --a--c--- C:\WINDOWS\system32\sistray.exe
2007-12-26 15:59 . 2007-12-26 17:05 190,524 --a--c--- C:\WINDOWS\system32\VGAunistlog.ini
2007-12-26 15:59 . 2004-09-24 08:44 184,320 -----c--- C:\WINDOWS\system32\SiSApCom.dll
2007-12-26 15:59 . 2004-09-24 08:49 110,592 -----c--- C:\WINDOWS\system32\TVMode.dll
2007-12-26 15:59 . 2004-08-03 23:10 61,056 --a--c--- C:\WINDOWS\system32\drivers\ohci1394.sys
2007-12-26 15:59 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\drivers\1394bus.sys
2007-12-26 15:59 . 2004-09-24 08:49 49,152 --a--c--- C:\WINDOWS\system32\SiSPower.dll
2007-12-26 15:59 . 2001-08-17 13:46 6,400 --a--c--- C:\WINDOWS\system32\drivers\enum1394.sys
2007-12-26 09:53 . 2008-01-04 14:50 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-12-26 09:06 . 2007-12-26 09:06 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-26 09:05 . 2007-12-26 09:06 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Nokia
2007-12-26 09:04 . 2007-12-26 09:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-26 09:04 . 2007-12-26 09:06 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\PC Suite
2007-12-26 09:02 . 2007-12-26 09:02 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 05:17 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 19:43 233472]
"SiSPower"="SiSPower.dll" [2004-09-24 08:49 49152 C:\WINDOWS\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 16:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-30 14:26 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"="C:\WINDOWS\system32\advpack.dll" [2004-08-04 04:00 99840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-30 22:50 219136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a--c--- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a--c--- 2005-07-12 05:17 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2007-12-31 18:25 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
--a------ 2007-12-30 22:50 219136 C:\PROGRA~1\Grisoft\AVG7\avgw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-04-12 13:23 42032 C:\Program Files\Common Files\AOL\1199309204\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a--c--- 2004-06-07 17:42 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 17:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 15:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-08-20 21:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 20:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2003-12-17 23:31 118784 C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a--c--- 2007-11-04 12:21 2832384 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2006-10-18 11:36 1294336 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 07:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a--c--- 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-28 19:53]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 02:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 00:21:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-04 23:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 08:34:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\idndl.dll 26112 bytes executable
C:\WINDOWS\system32\normaliz.dll 23552 bytes executable
C:\WINDOWS\system32\normidna.nls 59342 bytes
C:\WINDOWS\system32\normnfc.nls 45794 bytes
C:\WINDOWS\system32\normnfd.nls 39284 bytes
C:\WINDOWS\system32\normnfkc.nls 66384 bytes
C:\WINDOWS\system32\normnfkd.nls 60294 bytes

scan completed successfully
hidden files: 7

**************************************************************************
.
Completion time: 2008-01-05 8:36:36
ComboFix-quarantined-files.txt 2008-01-05 16:35:49
.
2007-12-27 05:09:38 --- E O F ---









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:05 AM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1199309204\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6280 bytes
 
Please download AVG Anti-Spyware from HERE and save that file to your desktop.
  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon Update.
    • Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
  5. Once in the Settings screen click on Recommended actions and then select Quarantine.
  6. Under Reports
    • Select Do not automatically generate reports
    • Un-Select Only if threats were found
  7. Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process.
  8. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  9. If you have any infections you will prompted, then select Apply all actions
  10. Next select the Reports icon at the top.
  11. Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  12. Close AVG Anti-Spyware

I'd also like to see an uninstall list:
  • Please run HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Please copy and paste the contents of that notepad into a reply in this topic.

Please post both the AVG Antispyware report and the uninstall list.
 
Here are the text file reports you asked for

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:34:32 AM 1/6/2008

+ Scan result:



C:\Documents and Settings\HP_Owner.YOUR-03667082DE\My Documents\Alfred stuff\important aol folder\DTAC.EXE -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP11\A0005942.exe -> Not-A-Virus.Adware.NewWeb : Cleaned with backup (quarantined).


::Report end



Ad-Aware 2007
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AVG 7.5
AVG Anti-Spyware 7.5
Blubster 2.6.9
ESET Online Scanner
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.2.3
HP Image Zone Plus 4.2.3
HP Organize
HP Photosmart Cameras 4.0
HP PSC & OfficeJet 4.0
HP PSC 1600 series
HP Software Update
HPIZ423
IntelliMover Data Transfer Demo
InterVideo DiscLabel
InterVideo WinDVD Creator
InterVideo WinDVD Player
iTunes
Java(TM) 6 Update 3
KBD
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser
muvee autoProducer 3.5 magicMoments - HPD
PC-Doctor for Windows
Photosmart 320,370,7400,8100,8400 Series
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealPlayer
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
SiS VGA Utilities
Sonic Express Labeler
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
SpywareBlaster v3.5.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Updates from HP
Viewpoint Media Player
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar
 
OK, that's a little unfortunate. This adware usually has an uninstaller, but it appears that it's been removed by an antispyware program that hasn't dealt with the actual infection. Looks like we'll have to do it the hard way, which involves reinstalling Firefox and purging all it's files.

Please download the installer for Mozilla Firefox from http://en.www.mozilla.com/en/, but do not run it yet.

Please print these instructions, or copy them to a Notepad document as you will need to close your web browser for part of this fix.

Please uninstall Mozilla Firefox:
Please click on Start -> Control Panel -> Add or Remove Programs. If Mozilla Firefox appears, click on it and click Remove.

Please set Windows to show hidden files:
  • From any folder, select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Please delete the following folders:
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Mozilla\Firefox
C:\Program Files\Mozilla Firefox

If there are any other user profiles on your computer, please also delete the following folder, replacing [User Name] with the actual user name for each.
C:\Documents and Settings\[User Name]\Application Data\Mozilla\Firefox

Please reboot your PC.

Please run the Firefox installer you downloaded earlier and reinstall Firefox.

Please download Registry Search and doubleclick to start it. Enter adssite in the edit and click OK. Notepad will be opened with text in it (the file will be saved in the program's folder as well).

Please post the contents of that notepad document. Are the popups still present?
 
Here is what you requested

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 1/7/2008 8:16:18 PM for strings:
; 'adssite'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_CURRENT_USER\Software\Microsoft\adssite]

; End Of The Log...
 
Please run Notepad and paste the contents of the codebox into a new file. Please do not include the word Code:
Code: 
REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\adssite]

Save the file to the desktop as fix.reg and make sure the Save as Type field says All Files. Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Are you still getting any adssite popups?
 
Some websites that i go to generate the pop up. I am not sure if there is still pop ups from adssite. I made a search in my registry and i found adssite in it any idea what to do about it.
 
Last edited:
Delete any registry entries mentioning adssite. Reboot and do another search and see if they are still there.

Were there any problems deleting the Firefox folders?
 
There was no problem deleteing the Firefox folders. It seems that there are no pop ups from adssite ads anymore. Thank you for you help and if I have anymore problems with adssite ads I will make sure to post again.
 
Last edited:
Glad to help.

Below I have included some ideas on how to prevent future infections.

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the Critical Updates for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Some good free firewalls are ZoneAlarm, Kerio, or Outpost. All of these will provide a far greater level of protection than the firewall built into Windows.
A tutorial on understanding and using firewalls may be found here.

I notice you are running Spybot, which is good. You might want to consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad which provides protections against malicious websites.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
 
You must log in or register to reply here.
Back
Top