Logfile of HijackThis v1.99.1 Scan saved at 4:09:50 PM, on 7/8/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\pctspk.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-cn\msnappau.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\System32\?ecurity\chkntfs.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\taskmgr.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file) O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-cn\msnappau.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe" O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Ihs] C:\WINDOWS\System32\?ecurity\chkntfs.exe O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://cor.mlxchange.com/Control/Specfile.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://nwla.mlxchange.com/Control/MultiSelectComboBox.cab O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://nwla.mlxchange.com/Control/MLXClientUtils.cab O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://cor.mlxchange.com/Control/LiteGrid.cab O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://nwla.mlxchange.com/Control/IRCSharc.cab O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} (Cerebus Class) - http://nwla.mlxchange.com/Control/WebDog.cab O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://cor.mlxchange.com/Control/AspCustomCtrls.cab O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\g4402ehmgh4a2.dll O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
i've also recently done an ewido scan, but the popups are still occuring. regardless, here's that log in case it'd be helpful.
--------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 1:16:11 PM, 7/8/2005 + Report-Checksum: F430D73C + Scan result: HKLM\SOFTWARE\3721 -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\3721\CES -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\3721\CES\Modules -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\AutoLive.Live -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\AutoLive.Live\CLSID -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\AutoLive.Live\CurVer -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\CesMain.Main -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\CesMain.Main\CLSID -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\CesMain.Main\CurVer -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\CesWeb.Web -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\CesWeb.Web\CLSID -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\CesWeb.Web\CurVer -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4EDBBAEA-F509-49F6-94D1-ECEC4BE5B686} -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6231D512-E4A4-4DF2-BE62-5B8F0EE348EF} -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{ABEC6103-F6AC-43A3-834F-FB03FBA339A2} -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{0BD10A76-90DB-498E-9BCB-B262A125CE13} -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{25DE7220-A4D0-484B-A68A-3D4A6EBAF504} -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E} -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{0C618DCF-CFBD-448E-8BA0-C49A2CDFA2A7} -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{3EE88A1F-B8CC-45B9-B2AF-6CFB9D19218E} -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1} -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Classes\UnawareObj.UnawareObj -> Spyware.FlashTrack : Cleaned with backup HKLM\SOFTWARE\Classes\UnawareObj.UnawareObj\CurVer -> Spyware.FlashTrack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EDBBAEA-F509-49F6-94D1-ECEC4BE5B686} -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{4EDBBAEA-F509-49F6-94D1-ECEC4BE5B686} -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\tmp\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\administrator@blues treak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\administrator@edge. ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\administrator@quest ionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][2].txt -> Spyware.Cookie.Specificpop : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][2].txt -> Spyware.Cookie.X10 : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Bpath : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][2].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][2].txt -> Spyware.Cookie.Counted : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.180solutions : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@bluemountain[2].txt -> Spyware.Cookie.Bluemountain : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@commission-junction[1].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@gator[2].txt -> Spyware.Cookie.Gator : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@hotlog[1].txt -> Spyware.Cookie.Hotlog : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@track-star[1].txt -> Spyware.Cookie.Track-star : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang ye@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Realtracker : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Bluemountain : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\gang ye\Cookies\gang [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Documents and Settings\All Users\Application Data\AOL Downloads\setup90\comps\coach\aolcinst.exe/data\player\aolnysev.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup C:\Program Files\Common Files\Java\flacpy.exe -> Spyware.FlashEnhancer.a : Cleaned with backup C:\Program Files\Ftk\ftk.dll -> Spyware.FlashEnhancer : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\AxFilter.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CnsMinAF.cab/AxFilter.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CnsMinSV.cab/CnsMinSV.dll -> Spyware.CnsMin : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CnsMinSV.cab/AutoLive.dll/Helper.dll -> Spyware.CnsMin : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CnsMinSV.cab/AutoLive.dll/Helper.dll -> Spyware.CnsMin : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CnsMinSV.cab/AutoLive.dll -> Heuristic.Win32.Hijacker2 : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CnsMinSV.dll -> Spyware.CnsMin : Cleaned with backup C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup C:\WINDOWS\SYSTEM32\i6jqlg1516.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\SYSTEM32\lvp2097oe.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\SYSTEM32\NSSDEXTS.DLL -> Spyware.Look2Me : Cleaned with backup