Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Annoying Little Popup [RESOLVED]

Started by Eneoecu , Aug 27 2005 03:06 PM

This topic is locked

#1
Eneoecu

Posted 27 August 2005 - 03:06 PM

Member

Member
91 posts

I have this annoying little pop up that comes up on my screen about every twenty or so mins, sometimes goes for longer than that. I've never been able to find out what it is, or what causes it. I do all the spyware and anti virus programs, but it still comes back.

I've tried all the programs that are listed in your "You must read this first" post, and it's still there.

When it comes up, it doesn't matter what I'm doing, it always minimizes my program. Like for example, if I'm playing a game, when the pop up comes it minimizes the game. It will pop up for a one second and go away. It's like a program is being started, but never starts. :tazz:

It's sorta hard to explain...but hopefully someone else has had this same problem.

Logfile of HijackThis v1.99.1
Scan saved at 5:07:39 PM, on 8/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\progra~1\valve\steam\steam.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Sandy Bridgers\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecu.edu/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - blank (file missing)
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTStartup] "C:\PROGRA~1\Creative\SPLASH~1\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: KeyAccess.lnk = C:\WINDOWS\keyacc32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....012/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com...did/BoardID.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15012/CTPID.cab
O20 - AppInit_DLLs: KATRACK.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Edited by Eneoecu, 27 August 2005 - 03:08 PM.

#2
rambro

Posted 02 September 2005 - 09:59 AM

Member 1K

Member
1,383 posts

Dear Eneoecu, :tazz:

Welcome to the Geeks to Go forums.

We are currently studying your log.

#3
rambro

Posted 02 September 2005 - 10:48 AM

Member 1K

Member
1,383 posts

Dear Eneoecu, :tazz:

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

Please download and run a Free Trial of Trojan Hunter at http://www.misec.net...rojanHunter.exe. Please restart your computer.

Please run the Housecall online virus scan located at: http://housecall.tre.../start_corp.asp. Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system. When the scan is finished, please restart your computer.

Then please run the Panda scan here: http://www.pandasoft...n_principal.htm. Delete any viruses found, and restart your computer.
*******************************

Download, install, update, configure and run a scan with Ad-Aware SE at the following link: http://rstones12.gee...areSE_setup.htm

Restart your computer.
*************************

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - blank (file missing)

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Restart your computer and post a new HiJackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps.

#4
Eneoecu

Posted 02 September 2005 - 01:12 PM

Member

Topic Starter
Member
91 posts

Thanks for the help Rambro! :tazz:

And I'll be sure to follow your instructions and post the highjack log back on here soon! Thanks again for the help!

#5
Eneoecu

Posted 03 September 2005 - 02:36 PM

Member

Topic Starter
Member
91 posts

First of all, I followed your instructions, and everything was clean execpt when I ran Panda. Two things came up that were not able to be repaired. Which none of my other programs have been able to find before!! :tazz:

Incident Status Location

Spyware:spyware/istbar No disinfected C:\PROGRAM FILES\COMMON FILES\Totem Shared
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe

That is straight from the log that was created. I wasn't able to connect to the lab and send it to them..but I'll try again later.

After all that, everything seems to be working the same as usual. The one thing I did notice was that, that popup, pops up while programs are starting up when Windows starts all the startup programs. After that, is when it pops up every 20 or so mins. None of the programs found any viruses except the one above, which is only a possable one. Hope this helps!

Thanks again for the help!

New hijack this log is below:

Logfile of HijackThis v1.99.1
Scan saved at 4:25:36 PM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\keyacc32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\progra~1\valve\steam\steam.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Sandy Bridgers\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecu.edu/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - blank (file missing)
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTStartup] "C:\PROGRA~1\Creative\SPLASH~1\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: KeyAccess.lnk = C:\WINDOWS\keyacc32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....012/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com...did/BoardID.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15012/CTPID.cab
O20 - AppInit_DLLs: KATRACK.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Edited by Eneoecu, 03 September 2005 - 02:37 PM.

#6
rambro

Posted 03 September 2005 - 07:31 PM

Member 1K

Member
1,383 posts

Dear Eneoecu, :tazz:

Download the trial version of Ewido Security Suite.
Install the Program.
Click on the "update" button on the left hand side of the window.
Click on "Start Update".
You should not run the program yet so Exit the program.

2. Reboot into Safe mode. To reboot in Safe mode:

Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

3. Run Ewido Security Suite:

Open Ewido Security Suite.
Click on the "scanner" button on the left hand side of the window.
Click on "Complete System Scan".
After the scan is completed, save the logfile from the scan.

4. Restart your computer normally to return to normal mode.
5. Prepare in your reply:

Please post a fresh HijackThis log.
Please post the Ewido Security Suite log.

******************

In addition, can you tell me, in detail, in what capacity do you use your computer. That is, is the computer in question:

Your personal computer.
A college/school computer.
A computer used in the work place.

If the computer is a used for college or for a business, does the college/school or the business have its own IT department?

#7
Eneoecu

Posted 05 September 2005 - 02:36 PM

Member

Topic Starter
Member
91 posts

Ok I'll try that and post again. And to answer your question, it is a personal computer, but I also use it for college and I do some at home work on it as well. I run programs like AutoCAD and Inventor on it. I also use it do do a lot of gaming, as well as writing papers and such, using Word..ect. And yes the college does have it's own IT department. It's beging to sound like this is a problem that will have to be taken to the IT department (I'm guessing :tazz:

), if your bag of tricks don't work.

#8
Eneoecu

Posted 05 September 2005 - 08:04 PM

Member

Topic Starter
Member
91 posts

Logfile of HijackThis v1.99.1
Scan saved at 10:03:40 PM, on 9/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\keyacc32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\progra~1\valve\steam\steam.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sandy Bridgers\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecu.edu/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTStartup] "C:\PROGRA~1\Creative\SPLASH~1\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: KeyAccess.lnk = C:\WINDOWS\keyacc32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....012/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com...did/BoardID.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15012/CTPID.cab
O20 - AppInit_DLLs: KATRACK.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:56:24 PM, 9/5/2005
+ Report-Checksum: 16FCFC8F

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Sandy Bridgers\Application Data\Mozilla\Firefox\Profiles\00f7ypnh.Sandy\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Sandy Bridgers\Cookies\sandy bridgers@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup

::Report End

#9
rambro

Posted 05 September 2005 - 08:45 PM

Member 1K

Member
1,383 posts

Dear Eneoecu, :tazz:

After performing the last post, how is your computer system running, are you still experiencing the same problems that you mentioned in your original post? Let me know how your computer is performing in detail.

rambro

Edited by rambro, 05 September 2005 - 08:59 PM.

#10
Eneoecu

Posted 05 September 2005 - 09:04 PM

Member

Topic Starter
Member
91 posts

The ewido software found a bunch of stuff and got rid of it all. But the pop up still "pops up", during start up and while I'm on the computer. The computer never ran slow because of it, and still doesn't. But like I said, it minimizes my programs, like in a game , when the whole screen it taken up by the game. When the pop up come on, the game minimizes. Although, I can say that it doesn't always minimize the program, it still pops up. But it just seems to load during start up, that is the first time I see it everytime I turn the computer on. It always first shows up when the start up programs are being loaded. When I started up in safe mode, it never showed up.

#11
Eneoecu

Posted 05 September 2005 - 09:11 PM

Member

Topic Starter
Member
91 posts

You know, I also just noticed that not all of my regular startup programs loaded on top of all that. :tazz:

#12
rambro

Posted 05 September 2005 - 09:19 PM

Member 1K

Member
1,383 posts

Dear Eneoecu, :tazz:

The reason why I ask you in what capacity you used your computer in, was because I came across the following line in your HijackThis log:

O20 - AppInit_DLLs: KATRACK.DLL

Doing some research on the "KATRACK.DLL" file led me to this web site: http://www.sassafras.com/.

Take a look at that web site and tell me in detail if you use the K2 - KeyAuditor/KeyServer" software from Sassafras Software.

#13
Eneoecu

Posted 05 September 2005 - 09:28 PM

Member

Topic Starter
Member
91 posts

You know what, I had to take my computer to the IT Department to get AutoCAD installed. When I got it back, there were a few new programs installed on it. The K2-KeyAuditor/KeyServer was one of them. So I'm guessing, that they installed it so that when I turn the computer on, it checks for a valid reg key for Autocad. And let me guess, that what the pop up is.

Now, by that same note, I don't use that program, but I'm not sure if it does check for a valid key everytime during start up or not. So do I still need it?

And on a side note: all the regular start up programs came back after a restart.

#14
rambro

Posted 05 September 2005 - 09:48 PM

Member 1K

Member
1,383 posts

Dear Eneoecu, :tazz:

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

Dear Eneoecu, did you start experiencing the problems you mentioned in your original post after you got your computer back from the IT department (let me know in detail)? In the meantime let us fix the line in the HijackThis application and let me know if this helps with the problems you are experiencing. If this does not work, I will give you instructions on how to restore the line that you fixed in this post.

Restart your computer.

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

O20 - AppInit_DLLs: KATRACK.DLL

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Restart your computer and post a new HiJackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps.

Let me know, if you are still experiencing the problem that you were having in your original post.

#15
Eneoecu

Posted 06 September 2005 - 04:04 PM

Member

Topic Starter
Member
91 posts

When I tried to fix that file, I got an error message:

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: KATRACK.DLL)
Error #5 - Invalid procedure call or argument

Please email me at [email protected], reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

The file did not get deleted.