[blissroots]

I've been having a problem with pop-ups appearing even when i'm not on the internet. We have DSL. I have Ad-Aware and Spybot S&D downloaded. Each time I run Spybot and check for problems I get the same program coming up. It's called Hyperlinker. I did some research and I couldn't find anything to help me fix the problem. Please

Here's my Hijack Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:50:16 AM, on 12/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\csrvs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\adtech2006.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pgws.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\igps.exe
C:\Program Files\ROSS\ROSS.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R3 - Default URLSearchHook is missing
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: (no name) - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - (no file)
O4 - HKLM\..\Run: [<°‡@¡±§Tlçÿ[Ì…*ègËC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gfjssdmx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [<°‡@V÷h$vùõš/‚²‘ÆC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gfjssdmx.exe
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gfjssdmx.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006.exe
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.newcovsoft.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...tzip/RdxIE2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\voblock.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Secure HTTP (Service Secured) - Unknown owner - C:\WINDOWS\csrvs.exe

Edited by blissroots, 06 December 2005 - 09:51 AM.

[Advertisements]

Blissroots,

Welcome to G2G forums, let's get you clenaed up
First we need to move HJT into its own folder
Create a new folder on your desktop... right click somewhere in the empty area of your desktop and choose New>Folder. Give it a simple name like HJT or something easy to remember.

Then either move the current HJT file into that directory or go to to the folder you just created and download HJT from here:
http://www.merijn.or...ackthis_sfx.exe

You are running Microsoft AntiSpyware, which is good, but it needs to be disabled to prevent it from interfering with fixes:

Disable Microsoft AntiSpyware
Open Microsoft AntiSpyware.
Click on Options, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck "Enable the Microsoft AntiSpyware Security Agents on startup (recommended)".
Under Real-time spyware threat protection uncheck "Enable real-time spyware threat protection (recommended)".
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.
You can re-enable Microsoft AntiSpyware after your system has been cleaned.

Go to add/remove programs in your control panel and uninstall this if there:
ISTsvc
ISTbar

Please run full scans with Ad-Aware SE and Spybot-S&D as follows:
(If you already have Ad-Aware SE 1.06 and Spybot 1.4 installed, you can skip the installation steps. If you don't, please uninstall your old versions and install the new ones from the links below.)

Full Ad-Aware Scan
Please download Ad-Aware SE) and install it. If you already have Ad-Aware SE, please configure it as indicated below. (Note that Ad-Aware SE is free for non-commercial, non-governmental, and non-educational use.) If you have a previous version of Ad-Aware, please install Build 1.06r1.

1) Run the Webupdate feature. (Click on the Globe icon, Click connect, Click OK, Click Finish.)

2) Set up the Configurations (Gear wheel at the top) as follows:

• General Button > Safety & Settings: Check (Green) all three.
• Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

3) To start the scan, Click > "Scan Now"

• Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
• Select "Search for low-risk threats"
• Select "Perform full system scan"
• Click Next

4) When the scan has completed, select Next.

• In the Scanning Results window, select the "Scan Summary" tab.
• Check all objects found in the Critical Objects tab that you wish to remove
• Click Next, Click OK.
• Restart the computer

Spybot Full Scan
Next, please download Spybot-S&D from here:
http://www.majorgeek...ad.php?det=2471
Install Spybot-S&D and run it. Select "Search for updates" and then select all available updates. Click on the drop-down box in the top center to choose a download location nearest to you. Then click "Download updates". When all updates have downloaded, close Spybot-S&D, and then run it again. Click on "Check for problems". When the scan has finished, select any entries listed in red and click "Fix selected problems". Then please restart your computer again.

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! This Fix must NOT be run in safe mode for it to work.

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

Also post another HJT log.

I am looking forward to cleaning you up

LTP

Edited by lovethepirk, 10 December 2005 - 09:15 PM.

[lovethepirk]

Blissroots,

Welcome to G2G forums, let's get you clenaed up
First we need to move HJT into its own folder
Create a new folder on your desktop... right click somewhere in the empty area of your desktop and choose New>Folder. Give it a simple name like HJT or something easy to remember.

Then either move the current HJT file into that directory or go to to the folder you just created and download HJT from here:
http://www.merijn.or...ackthis_sfx.exe

You are running Microsoft AntiSpyware, which is good, but it needs to be disabled to prevent it from interfering with fixes:

Disable Microsoft AntiSpyware
Open Microsoft AntiSpyware.
Click on Options, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck "Enable the Microsoft AntiSpyware Security Agents on startup (recommended)".
Under Real-time spyware threat protection uncheck "Enable real-time spyware threat protection (recommended)".
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.
You can re-enable Microsoft AntiSpyware after your system has been cleaned.

Go to add/remove programs in your control panel and uninstall this if there:
ISTsvc
ISTbar

Please run full scans with Ad-Aware SE and Spybot-S&D as follows:
(If you already have Ad-Aware SE 1.06 and Spybot 1.4 installed, you can skip the installation steps. If you don't, please uninstall your old versions and install the new ones from the links below.)

Full Ad-Aware Scan
Please download Ad-Aware SE) and install it. If you already have Ad-Aware SE, please configure it as indicated below. (Note that Ad-Aware SE is free for non-commercial, non-governmental, and non-educational use.) If you have a previous version of Ad-Aware, please install Build 1.06r1.

1) Run the Webupdate feature. (Click on the Globe icon, Click connect, Click OK, Click Finish.)

2) Set up the Configurations (Gear wheel at the top) as follows:

• General Button > Safety & Settings: Check (Green) all three.
• Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

3) To start the scan, Click > "Scan Now"

• Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
• Select "Search for low-risk threats"
• Select "Perform full system scan"
• Click Next

4) When the scan has completed, select Next.

• In the Scanning Results window, select the "Scan Summary" tab.
• Check all objects found in the Critical Objects tab that you wish to remove
• Click Next, Click OK.
• Restart the computer

Spybot Full Scan
Next, please download Spybot-S&D from here:
http://www.majorgeek...ad.php?det=2471
Install Spybot-S&D and run it. Select "Search for updates" and then select all available updates. Click on the drop-down box in the top center to choose a download location nearest to you. Then click "Download updates". When all updates have downloaded, close Spybot-S&D, and then run it again. Click on "Check for problems". When the scan has finished, select any entries listed in red and click "Fix selected problems". Then please restart your computer again.

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! This Fix must NOT be run in safe mode for it to work.

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

Also post another HJT log.

I am looking forward to cleaning you up

LTP

Edited by lovethepirk, 10 December 2005 - 09:15 PM.

[lovethepirk]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.