0

Hey guys, im having a bit of trouble with pop ups. I have the google toolbar with the pop up blocker but that seems to do nothing and i have scanned for spyware using Ad-aware. I have a HJT log if anyone would please have a look.

Thanks, Wil

4
Contributors
13
Replies
14
Views
11 Years
Discussion Span
Last Post by D3m3nt3d
0

Alrite, great. Could ya please post the HJT log? That would be incredible.

Also, what probably wouldnt hurt is to download Ewido anti-malware. This works significantly better then most other spyware cleaners. The link for this is inside my signature I believe ( http://www.ewido.net/en/ ). After downloading, be sure to run an update, and then scan the entire computer. After running Ewido, please rescan with HJT and post a new log.

So in short, download and run Ewido, and then after that, post a new post.

Thanks.

0

Here is my HJT log after scanning with ewido anti-malware...


Logfile of HijackThis v1.99.1
Scan saved at 14:27:10, on 05/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\securitysuite.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\DOCUME~1\Willis\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127383312421
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

0

Heh, no, I don't see anything wrong with the log. Tayspern's incredible at this...and 2 times faster then me :cheesy:

But ya, seriously, are ya still having symptoms?

Thanks.

0

Are you still experiencing any problems?

Your Java is out of date and is a vulnerability as well.

Go here ---> Sun Java

Then make sure you uninstall the older version thru Add/Remove Programs....

0

Im afraid i am still getting pop ups. Is there anything else i can try?

0

They are regular pop ups for things like online casinos and finance companys and they tend to appear on most sites that i visit.

Here is the WinPfind log...

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 2    Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX!                 22/08/2004 16:04:56         69120      C:\WINDOWS\daemon.dll

Checking %System% folder...
SAHAgent             18/10/2005 14:10:00         35         C:\WINDOWS\SYSTEM32\2ctd7894.ini
SAHAgent             18/10/2005 14:10:00         35         C:\WINDOWS\SYSTEM32\71mt2jhk.ini
aspack               26/05/2005 15:34:52         2297552    C:\WINDOWS\SYSTEM32\d3dx9_26.dll
PEC2                 04/08/2004 12:00:00         41397      C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2                 26/01/2006 18:36:02         574976     C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2           26/01/2006 18:36:02         574976     C:\WINDOWS\SYSTEM32\DivX.dll
SAHAgent             18/10/2005 15:01:18         2932       C:\WINDOWS\SYSTEM32\h52en2o2.ini
PECompact2           08/02/2006 05:23:40         4513120    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               08/02/2006 05:23:40         4513120    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               04/08/2004 12:00:00         708096     C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor             04/08/2004 12:00:00         657920     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              04/08/2004 12:00:00         1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX!                 20/01/2006 08:15:26         752608     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG!                 20/01/2006 08:15:26         752608     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2                 20/01/2006 08:15:26         752608     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack               20/01/2006 08:15:26         752608     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech                24/04/2003 08:19:00         1295336    C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1  [url]www.qoologic.com[/url]
127.0.0.1  [url]www.urllogic.com[/url]


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
                     19/02/2006 13:24:56       S 2048       C:\WINDOWS\bootstat.dat
                     06/03/2006 15:50:02      H  24         C:\WINDOWS\ppguK
                     22/02/2006 10:16:24      H  54156      C:\WINDOWS\QTFont.qfn
                     13/01/2006 12:34:32       S 7898       C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat
                     13/01/2006 19:28:32       S 10925      C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB913446.cat
                     06/03/2006 12:22:30      H  1024       C:\WINDOWS\system32\config\default.LOG
                     06/03/2006 12:23:04      H  1024       C:\WINDOWS\system32\config\SAM.LOG
                     06/03/2006 12:22:16      H  1024       C:\WINDOWS\system32\config\SECURITY.LOG
                     06/03/2006 15:47:28      H  1024       C:\WINDOWS\system32\config\software.LOG
                     06/03/2006 15:47:28      H  1024       C:\WINDOWS\system32\config\system.LOG
                     16/02/2006 15:12:24      H  1024       C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
                     19/02/2006 13:24:58      H  6          C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation          04/08/2004 12:00:00         68608      C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation          04/08/2004 12:00:00         549888     C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation          04/08/2004 12:00:00         110592     C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation          04/08/2004 12:00:00         135168     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          04/08/2004 12:00:00         80384      C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation          04/08/2004 12:00:00         155136     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          04/08/2004 12:00:00         358400     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          04/08/2004 12:00:00         129536     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          04/08/2004 12:00:00         380416     C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation          04/08/2004 12:00:00         68608      C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc.         26/08/2005 18:14:42         49265      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          04/08/2004 12:00:00         187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          04/08/2004 12:00:00         618496     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          04/08/2004 12:00:00         35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          04/08/2004 12:00:00         25600      C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation          04/08/2004 12:00:00         257024     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation          04/08/2004 12:00:00         32768      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation          04/08/2004 12:00:00         114688     C:\WINDOWS\SYSTEM32\powercfg.cpl
                               24/03/2003 16:43:32         401408     C:\WINDOWS\SYSTEM32\slcpappl.cpl
Microsoft Corporation          04/08/2004 12:00:00         298496     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          04/08/2004 12:00:00         28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          04/08/2004 12:00:00         94208      C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation          04/08/2004 12:00:00         148480     C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation          26/05/2005 03:16:30         174360     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          04/08/2004 12:00:00         68608      C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation          04/08/2004 12:00:00         549888     C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation          04/08/2004 12:00:00         135168     C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation          04/08/2004 12:00:00         80384      C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation          04/08/2004 12:00:00         155136     C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation          04/08/2004 12:00:00         358400     C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation          04/08/2004 12:00:00         129536     C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation          04/08/2004 12:00:00         68608      C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation          04/08/2004 12:00:00         187904     C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation          04/08/2004 12:00:00         618496     C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation          04/08/2004 12:00:00         35840      C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation          04/08/2004 12:00:00         25600      C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation          04/08/2004 12:00:00         257024     C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation          04/08/2004 12:00:00         32768      C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation          04/08/2004 12:00:00         114688     C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation          04/08/2004 12:00:00         155648     C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation          04/08/2004 12:00:00         298496     C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation          04/08/2004 12:00:00         28160      C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation          04/08/2004 12:00:00         94208      C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation          04/08/2004 12:00:00         148480     C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation          26/05/2005 03:16:30         174360     C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
                     19/10/2005 11:47:28         1757       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
                     12/09/2005 11:50:54      HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
                     17/06/2005 14:55:30         1783       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
                     12/09/2005 22:17:34         1725       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
                     12/09/2005 11:42:34      HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
                     18/10/2005 13:33:50         988        C:\Documents and Settings\Willis\Start Menu\Programs\Startup\Adobe Gamma.lnk
                     17/06/2005 14:11:30      HS 84         C:\Documents and Settings\Willis\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
                     07/10/2005 23:05:26         1552       C:\Documents and Settings\Willis\Application Data\AdobeDLM.log
                     17/06/2005 15:00:04      HS 62         C:\Documents and Settings\Willis\Application Data\desktop.ini
                     07/10/2005 23:05:26         0          C:\Documents and Settings\Willis\Application Data\dm.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    SV1  = 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
    {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}   = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
    {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}   = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin   = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
    {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}   = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
    {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}   = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
     = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
     = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
     = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
     = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
     = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
    Google Toolbar Helper = c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}   = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    {2318C2B1-4965-11d4-9B18-009027A5CD4F}   = &Google  : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    MenuText     = Sun Java Console : C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google    : c:\program files\google\googletoolbar1.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google    : c:\program files\google\googletoolbar1.dll
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    {B4B3001E-0F56-4E51-8250-BDE11547EC55} =    : 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    SunJavaUpdateSched  C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    ATIModeChange   Ati2mdxx.exe
    ATIPTA  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
    AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    AVG7_EMC    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    iTunesHelper    "C:\Program Files\iTunes\iTunesHelper.exe"
    QuickTime Task  "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL   Installed = 1
    MAPI    Installed = 1
    MSFS    Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    MSMSGS  "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} = 


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption  
    legalnoticetext 
    shutdownwithoutlogon    1
    undockwithoutlogon  1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoDriveTypeAutoRun  145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    PostBootReminder                {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn                          {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
    SysTray                         {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit    = C:\WINDOWS\system32\userinit.exe,
    Shell       = Explorer.exe
    System      = 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
     = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
     = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
     = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
     = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
     = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
     = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
     = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
     = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
     = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
     = WRLogonNTF.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
     = wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs

Edited by mike_2000_17: Fixed formatting

0

Download PocketKillbox from here:
http://files2.majorgeeks.com/files//admin/killbox.exe

Open PocketKillbox
-Check the Delete on Reboot option
-Copy and Paste the following one at a time into the box
-Click the Red X to confirm deletion
-When prompted to reboot choose NO until you are finished entering all the files

C:\WINDOWS\SYSTEM32\2ctd7894.ini
C:\WINDOWS\SYSTEM32\71mt2jhk.ini
C:\WINDOWS\SYSTEM32\h52en2o2.ini
C:\WINDOWS\ppguK

After they are all entered, allow your PC to reboot. If it doesnt reboot automatically, reboot it manually.

Let me know if the problem still persists

0

After reboot i am still experiencing occasional pop ups but not as many as before.

0

Can you please take note of what some of the popups say and let me know?

Also - I see you used to have Spysweeper, did you uninstall it because your trial period was over?

0

Pop ups for: Jamster Ringtones, Cassava 888.com Online Casino, Beech Finance and Freedom Finance and other loan companies. These seem to be the main offenders.

Yes, spy sweeper trial had expired which is why i uninstalled it.

0

Few more scans for me - sometimes Apropos is known for popups when nothing else shows...

Blacklight
http://www.f-secure.com/blacklight/try.shtml
-- Once you’ve installed it, Click Scan
-- DO NOT have it Fix or Rename anything yet
-- A Log should pop up – Please save that submit it for me

Aproposfix
http://swandog46.geekstogo.com/aproposfix.exe
-Reboot to Safe Mode
-Double click "aproposfix.exe" and unzip it to the desktop.
-Open the aproposfix folder on your desktop and run "RunThis.bat.
-Follow the prompts

Reboot and see if the popups continue...

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.