[Sublimelyoblivious]

I have already posted two blank posts so this time I am trying attachments......

We have outer info popups, back door trojans, dialers, data miners, ad ware....pretty much everything.
First I ran ASO reg opt. and deleted over 900 errors. Then adaware found 348 progs. and avg almost 200 threats.


HELP!!!!!!!
Logfile of HijackThis v1.99.1
Scan saved at 1:28:51 PM, on 6/17/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Maxtor\OneTouch\Utils\MaxSync.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Turtle Beach\Turtle Beach USB MIDI 1x1\TBUM11.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: 0 - {2E267CB2-6501-4752-0F95-98A0AA2F0F8B} - (no file)
O2 - BHO: (no name) - {55A5C810-562D-4CEF-AB96-89431CAAB81E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B2711C3C-80A1-D82D-D90C-8BADDD932291} - (no file)
O2 - BHO: (no name) - {D653B771-3173-4CE3-A727-079B092CC08E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Turtle Beach USB MIDI 1x1] C:\Program Files\Turtle Beach\Turtle Beach USB MIDI 1x1\TBUM11.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {08882277-D04C-4A9D-845A-A28FE8CD0773} (xpreload.xpreloader) - ms-its:mhtml:file://c:\\nores.mht!http://adxgate.net/z...::/xpreload.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1180644942306
O16 - DPF: {AE1D8021-2183-4257-87F4-46BCCB3FF0E9} (poolsvload.poolsvloader) - ms-its:mhtml:file://c:\\nores.mht!http://adpoolnet.net.../poolsvload.cab
O20 - Winlogon Notify: awvsr - C:\WINDOWS\
O20 - Winlogon Notify: oppon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

Attached Files

•  adaware_log.TXT   32.2KB   121 downloads
•  combofixlog.txt   9.4KB   102 downloads
•  uninstall_list.txt   1.33KB   97 downloads

[Advertisements]

This should have worked the first time but I guess something as strait forward as posting on a forum can be made difficult by someone like me.
All pertinent info was given through the last post so I will describe the rest.

My brother in law bought the previously logged laptop at a pawn shop. It came with all the problems mentioned plus a few I am sure he contributed to after using it.
I started by installing AVG Anti-virus, ASO registry optimizer, and Ad Aware. I already mentioned the results. After scanning and rescannning and removing the threats, there were still pop-ups.
I was not even aware that you could have IE Pop ups offline, now I know.
I then looked up information on the Geeks to Go website (the best website online) and found an informative How-to post and tried to follow the instructions to the best of my ability. (as I said I had already run programs I thought to be helpful). Th pop ups are gone and aside from the start up slowing down (I also adjusted the suggested settings for the host program) the computer seems to be tip top. I also installed AVG-AS and aside from not getting a report all final tests came up clean.

If someone would be willing to look at my log files I would appreciate it. I ran HiJack This after all other adjustments, so that log should show his computer's current condition.

If more info is needed I can have him bring his machine back and run a log again and (TRY) to post it.

If I have posted in the wrong place, or followed the wrong procedure, feel free to curse me under your breath and send me a note about my stupidity and I will try to learn from my feeble mistakes.

I AM NOT A GEEK.....I may strive to become one but I don't know much and learn most things online (scary!)
I do absolutely appreciate any help and response, and I will follow up with my post if it is not ignored because of my ignorance. my brother in law does, (hopefully, did ) have a legitimate problem and I would like to be assured that it is actually fixed.

Thank you

Edited by Sublimelyoblivious, 18 June 2007 - 12:20 PM.

[Sublimelyoblivious]

This should have worked the first time but I guess something as strait forward as posting on a forum can be made difficult by someone like me.
All pertinent info was given through the last post so I will describe the rest.

My brother in law bought the previously logged laptop at a pawn shop. It came with all the problems mentioned plus a few I am sure he contributed to after using it.
I started by installing AVG Anti-virus, ASO registry optimizer, and Ad Aware. I already mentioned the results. After scanning and rescannning and removing the threats, there were still pop-ups.
I was not even aware that you could have IE Pop ups offline, now I know.
I then looked up information on the Geeks to Go website (the best website online) and found an informative How-to post and tried to follow the instructions to the best of my ability. (as I said I had already run programs I thought to be helpful). Th pop ups are gone and aside from the start up slowing down (I also adjusted the suggested settings for the host program) the computer seems to be tip top. I also installed AVG-AS and aside from not getting a report all final tests came up clean.

If someone would be willing to look at my log files I would appreciate it. I ran HiJack This after all other adjustments, so that log should show his computer's current condition.

If more info is needed I can have him bring his machine back and run a log again and (TRY) to post it.

If I have posted in the wrong place, or followed the wrong procedure, feel free to curse me under your breath and send me a note about my stupidity and I will try to learn from my feeble mistakes.

I AM NOT A GEEK.....I may strive to become one but I don't know much and learn most things online (scary!)
I do absolutely appreciate any help and response, and I will follow up with my post if it is not ignored because of my ignorance. my brother in law does, (hopefully, did ) have a legitimate problem and I would like to be assured that it is actually fixed.

Thank you

Edited by Sublimelyoblivious, 18 June 2007 - 12:20 PM.