Problems with pops ups

  • Thread starter Thread starter Redwolf
  • Start date Start date
R

Redwolf

Guest
Greetings,

I have been having a terrible time with pop ups apeparing whether I'm in IE7
or Mozilla. I have run hijackthis but don't klnow where to go from here.
Below is the log and I wold appreciate any help you can give me. Thank you
:) Anne

Logfile of HijackThis v1.99.1
Scan saved at 1:55:39 PM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.kqed.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Symantec Intrusion Prevention -
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} -
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file
missing)
O2 - BHO: {49d36403-4326-c0ba-7394-78ce4a812919} -
{919218a4-ec87-4937-ab0c-623430463d94} - C:\WINDOWS\system32\nbwgmx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {E03B518B-3328-4F9D-949D-9BF824607BA8} -
C:\WINDOWS\system32\efcASjJa.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [3c427025] rundll32.exe "C:\WINDOWS\system32\vogjqinc.dll",b
O4 - HKLM\..\Run: [BM3f7143b9] Rundll32.exe
"C:\WINDOWS\system32\qmbbhcqx.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Printer Monitor] C:\WINDOWS\system32\webprinter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel
FW\Desktop\DesktopWeather.exe"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common
Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no
file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) -
http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743657453
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -
C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll
(file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file
missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file
missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h
ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common
Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -
C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common
Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
Re: Problems with pops ups

You need to post the log to a website where security specialists can advise
you. Try one of these:

http://aumha.net/viewforum.php?f=30
http://forums.spybot.info/forumdisplay.php?f=22
http://castlecops.com/forum67.html .
--
Regards

Ron Badour
MS MVP
Windows Desktop Experience


"Redwolf" <Redwolf@discussions.microsoft.com> wrote in message
news:286DFE76-D816-4C87-887B-8098B5D55E91@microsoft.com...
> Greetings,
>
> I have been having a terrible time with pop ups apeparing whether I'm in
> IE7
> or Mozilla. I have run hijackthis but don't klnow where to go from here.
> Below is the log and I wold appreciate any help you can give me. Thank
> you
> :) Anne
>
> Logfile of HijackThis v1.99.1
> Scan saved at 1:55:39 PM, on 7/13/2008
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.6000.16674)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
> C:\WINDOWS\System32\nvsvc32.exe
> C:\WINDOWS\system32\PnkBstrA.exe
> C:\WINDOWS\system32\PnkBstrB.exe
> C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Viewpoint\Common\ViewpointService.exe
> C:\Program Files\Canon\CAL\CALMAIN.exe
> C:\WINDOWS\BCMSMMSG.exe
> C:\WINDOWS\system32\dla\tfswctrl.exe
> C:\WINDOWS\System32\DSentry.exe
> C:\Program Files\Dell\Media Experience\PCMService.exe
> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> C:\WINDOWS\system32\rundll32.exe
> C:\WINDOWS\system32\Rundll32.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Windows Media Player\WMPNSCFG.exe
> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Hijackthis\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.kqed.org/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://go.microsoft.com/fwlink/?LinkId=54896
> O2 - BHO: Symantec Intrusion Prevention -
> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
> C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
> O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} -
> C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file
> missing)
> O2 - BHO: {49d36403-4326-c0ba-7394-78ce4a812919} -
> {919218a4-ec87-4937-ab0c-623430463d94} - C:\WINDOWS\system32\nbwgmx.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> c:\program files\google\googletoolbar1.dll
> O2 - BHO: Google Toolbar Notifier BHO -
> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
> Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
> O2 - BHO: (no name) - {E03B518B-3328-4F9D-949D-9BF824607BA8} -
> C:\WINDOWS\system32\efcASjJa.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program
> files\google\googletoolbar1.dll
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\System32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
> O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
> Experience\PCMService.exe"
> O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> Files\Sonic\Update Manager\sgtray.exe" /r
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
> -atboottime
> O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
> Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton
> AntiVirus\osCheck.exe"
> O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
> Files\iTunes\iTunesHelper.exe"
> O4 - HKLM\..\Run: [3c427025] rundll32.exe
> "C:\WINDOWS\system32\vogjqinc.dll",b
> O4 - HKLM\..\Run: [BM3f7143b9] Rundll32.exe
> "C:\WINDOWS\system32\qmbbhcqx.dll",s
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [Printer Monitor] C:\WINDOWS\system32\webprinter.exe
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
> Player\WMPNSCFG.exe
> O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel
> FW\Desktop\DesktopWeather.exe"
> O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common
> Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\WINDOWS\System32\msjava.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
> O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} -
> (no
> file)
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
> C:\WINDOWS\System32\Shdocvw.dll
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
> Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O11 - Options group: [INTERNATIONAL] International*
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
> Advantage
> Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
> O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
> scanner) -
> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
> O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player
> Engine) -
> http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
> Class) -
> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743657453
> O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
> https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
> O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -
> C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll
> O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
> mscoree.dll
> (file missing)
> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
> O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
> C:\WINDOWS\system32\WPDShServiceObj.dll
> O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
> C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
> O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
> O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
> C:\Program Files\Canon\CAL\CALMAIN.exe
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -
> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
> (file
> missing)
> O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -
> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
> (file
> missing)
> O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
> owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h
> ccCommon (file missing)
> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
> 32\IDriverT.exe
> O23 - Service: LiveUpdate - Symantec Corporation - C:\Program
> Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
> O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common
> Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
> O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
> C:\Program Files\Intel\NCS\Sync\NetSvc.exe
> O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
> C:\WINDOWS\System32\nvsvc32.exe
> O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
> O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
> O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common
> Files\Intuit\QuickBooks\QBCFMonitorService.exe
> O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -
> C:\Program Files\Common
> Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
> O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common
> Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
> C:\Program Files\Viewpoint\Common\ViewpointService.exe
>
>
 
RE: Problems with pops ups

Hi - I have the same problem but have discovered something very strange is
happening to my PC for a few days - see my question below for full
explanation: Cookie settings alter on own! - Andrew

"Redwolf" wrote:

> Greetings,
>
> I have been having a terrible time with pop ups apeparing whether I'm in IE7
> or Mozilla. I have run hijackthis but don't klnow where to go from here.
> Below is the log and I wold appreciate any help you can give me. Thank you
> :) Anne
>
> Logfile of HijackThis v1.99.1
> Scan saved at 1:55:39 PM, on 7/13/2008
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.6000.16674)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
> C:\WINDOWS\System32\nvsvc32.exe
> C:\WINDOWS\system32\PnkBstrA.exe
> C:\WINDOWS\system32\PnkBstrB.exe
> C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Viewpoint\Common\ViewpointService.exe
> C:\Program Files\Canon\CAL\CALMAIN.exe
> C:\WINDOWS\BCMSMMSG.exe
> C:\WINDOWS\system32\dla\tfswctrl.exe
> C:\WINDOWS\System32\DSentry.exe
> C:\Program Files\Dell\Media Experience\PCMService.exe
> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> C:\WINDOWS\system32\rundll32.exe
> C:\WINDOWS\system32\Rundll32.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Windows Media Player\WMPNSCFG.exe
> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Hijackthis\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.kqed.org/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://go.microsoft.com/fwlink/?LinkId=54896
> O2 - BHO: Symantec Intrusion Prevention -
> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
> C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
> O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} -
> C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file
> missing)
> O2 - BHO: {49d36403-4326-c0ba-7394-78ce4a812919} -
> {919218a4-ec87-4937-ab0c-623430463d94} - C:\WINDOWS\system32\nbwgmx.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> c:\program files\google\googletoolbar1.dll
> O2 - BHO: Google Toolbar Notifier BHO -
> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
> Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
> O2 - BHO: (no name) - {E03B518B-3328-4F9D-949D-9BF824607BA8} -
> C:\WINDOWS\system32\efcASjJa.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> files\google\googletoolbar1.dll
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\System32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
> O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
> Experience\PCMService.exe"
> O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> Files\Sonic\Update Manager\sgtray.exe" /r
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
> -atboottime
> O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
> Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
> O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
> O4 - HKLM\..\Run: [3c427025] rundll32.exe "C:\WINDOWS\system32\vogjqinc.dll",b
> O4 - HKLM\..\Run: [BM3f7143b9] Rundll32.exe
> "C:\WINDOWS\system32\qmbbhcqx.dll",s
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [Printer Monitor] C:\WINDOWS\system32\webprinter.exe
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
> O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
> Player\WMPNSCFG.exe
> O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel
> FW\Desktop\DesktopWeather.exe"
> O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common
> Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\WINDOWS\System32\msjava.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
> O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no
> file)
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
> C:\WINDOWS\System32\Shdocvw.dll
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
> Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O11 - Options group: [INTERNATIONAL] International*
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
> O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
> scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
> O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) -
> http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
> Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743657453
> O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
> https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
> O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -
> C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll
> O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll
> (file missing)
> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
> O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
> C:\WINDOWS\system32\WPDShServiceObj.dll
> O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
> C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
> O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
> O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
> C:\Program Files\Canon\CAL\CALMAIN.exe
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -
> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file
> missing)
> O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -
> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file
> missing)
> O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
> owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h
> ccCommon (file missing)
> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
> 32\IDriverT.exe
> O23 - Service: LiveUpdate - Symantec Corporation - C:\Program
> Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
> O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common
> Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
> O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
> C:\Program Files\Intel\NCS\Sync\NetSvc.exe
> O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
> C:\WINDOWS\System32\nvsvc32.exe
> O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
> O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
> O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common
> Files\Intuit\QuickBooks\QBCFMonitorService.exe
> O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -
> C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
> O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common
> Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
> C:\Program Files\Viewpoint\Common\ViewpointService.exe
>
>
 
RE: Problems with pops ups

Please do not steal someone elses post, post your own question.

"Andrew" wrote:

> Hi - I have the same problem but have discovered something very strange is
> happening to my PC for a few days - see my question below for full
> explanation: Cookie settings alter on own! - Andrew
>
> "Redwolf" wrote:
>
> > Greetings,
> >
> > I have been having a terrible time with pop ups apeparing whether I'm in IE7
> > or Mozilla. I have run hijackthis but don't klnow where to go from here.
> > Below is the log and I wold appreciate any help you can give me. Thank you
> > :) Anne
> >
> > Logfile of HijackThis v1.99.1
> > Scan saved at 1:55:39 PM, on 7/13/2008
> > Platform: Windows XP SP2 (WinNT 5.01.2600)
> > MSIE: Internet Explorer v7.00 (7.00.6000.16674)
> >
> > Running processes:
> > C:\WINDOWS\System32\smss.exe
> > C:\WINDOWS\system32\winlogon.exe
> > C:\WINDOWS\system32\services.exe
> > C:\WINDOWS\system32\lsass.exe
> > C:\WINDOWS\system32\svchost.exe
> > C:\WINDOWS\System32\svchost.exe
> > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> > C:\WINDOWS\Explorer.EXE
> > C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
> > C:\WINDOWS\system32\spoolsv.exe
> > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
> > C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> > C:\WINDOWS\System32\svchost.exe
> > C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
> > C:\WINDOWS\System32\nvsvc32.exe
> > C:\WINDOWS\system32\PnkBstrA.exe
> > C:\WINDOWS\system32\PnkBstrB.exe
> > C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
> > C:\WINDOWS\System32\svchost.exe
> > C:\Program Files\Viewpoint\Common\ViewpointService.exe
> > C:\Program Files\Canon\CAL\CALMAIN.exe
> > C:\WINDOWS\BCMSMMSG.exe
> > C:\WINDOWS\system32\dla\tfswctrl.exe
> > C:\WINDOWS\System32\DSentry.exe
> > C:\Program Files\Dell\Media Experience\PCMService.exe
> > C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
> > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> > C:\WINDOWS\system32\rundll32.exe
> > C:\WINDOWS\system32\Rundll32.exe
> > C:\WINDOWS\system32\ctfmon.exe
> > C:\Program Files\Windows Media Player\WMPNSCFG.exe
> > C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
> > C:\Program Files\Internet Explorer\iexplore.exe
> > C:\Program Files\Hijackthis\HijackThis.exe
> >
> > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> > http://www.kqed.org/
> > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> > http://go.microsoft.com/fwlink/?LinkId=69157
> > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> > http://go.microsoft.com/fwlink/?LinkId=54896
> > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> > http://go.microsoft.com/fwlink/?LinkId=54896
> > O2 - BHO: Symantec Intrusion Prevention -
> > {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
> > C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
> > O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} -
> > C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file
> > missing)
> > O2 - BHO: {49d36403-4326-c0ba-7394-78ce4a812919} -
> > {919218a4-ec87-4937-ab0c-623430463d94} - C:\WINDOWS\system32\nbwgmx.dll
> > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> > c:\program files\google\googletoolbar1.dll
> > O2 - BHO: Google Toolbar Notifier BHO -
> > {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
> > Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
> > O2 - BHO: (no name) - {E03B518B-3328-4F9D-949D-9BF824607BA8} -
> > C:\WINDOWS\system32\efcASjJa.dll
> > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> > files\google\googletoolbar1.dll
> > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> > C:\WINDOWS\System32\NvCpl.dll,NvStartup
> > O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
> > O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
> > O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
> > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
> > Experience\PCMService.exe"
> > O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> > Files\Sonic\Update Manager\sgtray.exe" /r
> > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
> > -atboottime
> > O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
> > Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
> > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> > Shared\ccApp.exe"
> > O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
> > O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
> > O4 - HKLM\..\Run: [3c427025] rundll32.exe "C:\WINDOWS\system32\vogjqinc.dll",b
> > O4 - HKLM\..\Run: [BM3f7143b9] Rundll32.exe
> > "C:\WINDOWS\system32\qmbbhcqx.dll",s
> > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> > O4 - HKCU\..\Run: [Printer Monitor] C:\WINDOWS\system32\webprinter.exe
> > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
> > O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
> > Player\WMPNSCFG.exe
> > O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel
> > FW\Desktop\DesktopWeather.exe"
> > O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common
> > Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
> > O8 - Extra context menu item: E&xport to Microsoft Excel -
> > res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
> > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> > C:\WINDOWS\System32\msjava.dll
> > O9 - Extra 'Tools' menuitem: Sun Java Console -
> > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
> > O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no
> > file)
> > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
> > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
> > C:\WINDOWS\System32\Shdocvw.dll
> > O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> > %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> > {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
> > Diagnostic\xpnetdiag.exe (file missing)
> > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> > C:\Program Files\Messenger\msmsgs.exe
> > O9 - Extra 'Tools' menuitem: Windows Messenger -
> > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> > O11 - Options group: [INTERNATIONAL] International*
> > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> > Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
> > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
> > scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
> > O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) -
> > http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
> > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
> > Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
> > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
> > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743657453
> > O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
> > https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
> > O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -
> > C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll
> > O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll
> > (file missing)
> > O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
> > O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
> > C:\WINDOWS\system32\WPDShServiceObj.dll
> > O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
> > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
> > O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
> > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
> > O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
> > C:\Program Files\Canon\CAL\CALMAIN.exe
> > O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -
> > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file
> > missing)
> > O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -
> > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file
> > missing)
> > O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
> > owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h
> > ccCommon (file missing)
> > O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> > Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> > Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
> > 32\IDriverT.exe
> > O23 - Service: LiveUpdate - Symantec Corporation - C:\Program
> > Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
> > O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common
> > Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
> > O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
> > C:\Program Files\Intel\NCS\Sync\NetSvc.exe
> > O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
> > C:\WINDOWS\System32\nvsvc32.exe
> > O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
> > O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
> > O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common
> > Files\Intuit\QuickBooks\QBCFMonitorService.exe
> > O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -
> > C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
> > O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common
> > Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> > O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
> > C:\Program Files\Viewpoint\Common\ViewpointService.exe
> >
> >
 
RE: Problems with pops ups

Silly person Sgopussy - surely you are aware that this site does not ALLOW
what you suggest I have done! As I also am having sereous pop-up problems, I
simply directed Redwolf to my problem without rewriting it OK?
But if you insist - here it is again for Redwolf to contemplate and check
this is no happening to his PC also: My cookie settings via, Control Panel,
Internet Options and Privacy Tab are
permanently on Accept All Cookies – no matter what I set it at it always
returns to this lowest level of security. I have tried setting it on my
normal setting of Medium High, clicking Apply and OK, but on returning it is
always on this lower setting. The same occurs on Internet Explorer’s Internet
Options via Tools. Could malware have altered a setting that prevents my
Medium High security?
Signd in: Andrew
"sgopussy" wrote:

> Please do not steal someone elses post, post your own question.
>
> "Andrew" wrote:
>
> > Hi - I have the same problem but have discovered something very strange is
> > happening to my PC for a few days - see my question below for full
> > explanation: Cookie settings alter on own! - Andrew
> >
> > "Redwolf" wrote:
> >
> > > Greetings,
> > >
> > > I have been having a terrible time with pop ups apeparing whether I'm in IE7
> > > or Mozilla. I have run hijackthis but don't klnow where to go from here.
> > > Below is the log and I wold appreciate any help you can give me. Thank you
> > > :) Anne
> > >
> > > Logfile of HijackThis v1.99.1
> > > Scan saved at 1:55:39 PM, on 7/13/2008
> > > Platform: Windows XP SP2 (WinNT 5.01.2600)
> > > MSIE: Internet Explorer v7.00 (7.00.6000.16674)
> > >
> > > Running processes:
> > > C:\WINDOWS\System32\smss.exe
> > > C:\WINDOWS\system32\winlogon.exe
> > > C:\WINDOWS\system32\services.exe
> > > C:\WINDOWS\system32\lsass.exe
> > > C:\WINDOWS\system32\svchost.exe
> > > C:\WINDOWS\System32\svchost.exe
> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> > > C:\WINDOWS\Explorer.EXE
> > > C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> > > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
> > > C:\WINDOWS\system32\spoolsv.exe
> > > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
> > > C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> > > C:\WINDOWS\System32\svchost.exe
> > > C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
> > > C:\WINDOWS\System32\nvsvc32.exe
> > > C:\WINDOWS\system32\PnkBstrA.exe
> > > C:\WINDOWS\system32\PnkBstrB.exe
> > > C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
> > > C:\WINDOWS\System32\svchost.exe
> > > C:\Program Files\Viewpoint\Common\ViewpointService.exe
> > > C:\Program Files\Canon\CAL\CALMAIN.exe
> > > C:\WINDOWS\BCMSMMSG.exe
> > > C:\WINDOWS\system32\dla\tfswctrl.exe
> > > C:\WINDOWS\System32\DSentry.exe
> > > C:\Program Files\Dell\Media Experience\PCMService.exe
> > > C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> > > C:\WINDOWS\system32\rundll32.exe
> > > C:\WINDOWS\system32\Rundll32.exe
> > > C:\WINDOWS\system32\ctfmon.exe
> > > C:\Program Files\Windows Media Player\WMPNSCFG.exe
> > > C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
> > > C:\Program Files\Internet Explorer\iexplore.exe
> > > C:\Program Files\Hijackthis\HijackThis.exe
> > >
> > > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> > > http://www.kqed.org/
> > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> > > http://go.microsoft.com/fwlink/?LinkId=69157
> > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> > > http://go.microsoft.com/fwlink/?LinkId=54896
> > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> > > http://go.microsoft.com/fwlink/?LinkId=54896
> > > O2 - BHO: Symantec Intrusion Prevention -
> > > {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
> > > C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
> > > O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} -
> > > C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file
> > > missing)
> > > O2 - BHO: {49d36403-4326-c0ba-7394-78ce4a812919} -
> > > {919218a4-ec87-4937-ab0c-623430463d94} - C:\WINDOWS\system32\nbwgmx.dll
> > > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> > > c:\program files\google\googletoolbar1.dll
> > > O2 - BHO: Google Toolbar Notifier BHO -
> > > {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
> > > Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
> > > O2 - BHO: (no name) - {E03B518B-3328-4F9D-949D-9BF824607BA8} -
> > > C:\WINDOWS\system32\efcASjJa.dll
> > > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> > > files\google\googletoolbar1.dll
> > > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> > > C:\WINDOWS\System32\NvCpl.dll,NvStartup
> > > O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
> > > O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
> > > O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
> > > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
> > > Experience\PCMService.exe"
> > > O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> > > Files\Sonic\Update Manager\sgtray.exe" /r
> > > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
> > > -atboottime
> > > O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
> > > Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
> > > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> > > Shared\ccApp.exe"
> > > O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
> > > O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
> > > O4 - HKLM\..\Run: [3c427025] rundll32.exe "C:\WINDOWS\system32\vogjqinc.dll",b
> > > O4 - HKLM\..\Run: [BM3f7143b9] Rundll32.exe
> > > "C:\WINDOWS\system32\qmbbhcqx.dll",s
> > > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> > > O4 - HKCU\..\Run: [Printer Monitor] C:\WINDOWS\system32\webprinter.exe
> > > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
> > > O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
> > > Player\WMPNSCFG.exe
> > > O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel
> > > FW\Desktop\DesktopWeather.exe"
> > > O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common
> > > Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
> > > O8 - Extra context menu item: E&xport to Microsoft Excel -
> > > res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
> > > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> > > C:\WINDOWS\System32\msjava.dll
> > > O9 - Extra 'Tools' menuitem: Sun Java Console -
> > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
> > > O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no
> > > file)
> > > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> > > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
> > > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
> > > C:\WINDOWS\System32\Shdocvw.dll
> > > O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> > > %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> > > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> > > {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
> > > Diagnostic\xpnetdiag.exe (file missing)
> > > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> > > C:\Program Files\Messenger\msmsgs.exe
> > > O9 - Extra 'Tools' menuitem: Windows Messenger -
> > > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> > > O11 - Options group: [INTERNATIONAL] International*
> > > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> > > Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
> > > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
> > > scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
> > > O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) -
> > > http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
> > > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
> > > Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
> > > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
> > > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743657453
> > > O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
> > > https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
> > > O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -
> > > C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll
> > > O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll
> > > (file missing)
> > > O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
> > > O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
> > > C:\WINDOWS\system32\WPDShServiceObj.dll
> > > O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
> > > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
> > > O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
> > > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
> > > O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
> > > C:\Program Files\Canon\CAL\CALMAIN.exe
> > > O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -
> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file
> > > missing)
> > > O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -
> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file
> > > missing)
> > > O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
> > > owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h
> > > ccCommon (file missing)
> > > O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> > > Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> > > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> > > Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
> > > 32\IDriverT.exe
> > > O23 - Service: LiveUpdate - Symantec Corporation - C:\Program
> > > Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
> > > O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common
> > > Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
> > > O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
> > > C:\Program Files\Intel\NCS\Sync\NetSvc.exe
> > > O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
> > > C:\WINDOWS\System32\nvsvc32.exe
> > > O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
> > > O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
> > > O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common
> > > Files\Intuit\QuickBooks\QBCFMonitorService.exe
> > > O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -
> > > C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
> > > O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common
> > > Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> > > O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
> > > C:\Program Files\Viewpoint\Common\ViewpointService.exe
> > >
> > >
 
Re: Problems with pops ups

Of course it could, and you almost certainly have been infected. But that
doesn't mean your issue and Redwolf's are in the least bit related, other
than you both probably have malware infections. The question is what kind?
Your attitude suggests that if Redwolf had a fever and you did too, that you
probably have the same infection, even though there's nothing else that's
remotely the same about the rest of your symptoms. Would you want the doctor
to treat your infection the same as Redwolf's, or wouldn't you rather he
diagnose *your* infection.

Thus far, there isn't the slightest known similarity between your infection
and Redwolf's. Please stick to your own thread and diagnose your own
problem. All you do here is confuse the issue.

--
Gary S. Terhune
MS-MVP Shell/User
http://grystmill.com

"Andrew" <Andrew@discussions.microsoft.com> wrote in message
news:363141F3-4909-4202-B908-8E3DD5F3A9FB@microsoft.com...
> Silly person Sgopussy - surely you are aware that this site does not ALLOW
> what you suggest I have done! As I also am having sereous pop-up problems,
> I
> simply directed Redwolf to my problem without rewriting it OK?
> But if you insist - here it is again for Redwolf to contemplate and check
> this is no happening to his PC also: My cookie settings via, Control
> Panel,
> Internet Options and Privacy Tab are
> permanently on Accept All Cookies - no matter what I set it at it always
> returns to this lowest level of security. I have tried setting it on my
> normal setting of Medium High, clicking Apply and OK, but on returning it
> is
> always on this lower setting. The same occurs on Internet Explorer's
> Internet
> Options via Tools. Could malware have altered a setting that prevents my
> Medium High security?
> Signd in: Andrew
> "sgopussy" wrote:
>
>> Please do not steal someone elses post, post your own question.
>>
>> "Andrew" wrote:
>>
>> > Hi - I have the same problem but have discovered something very strange
>> > is
>> > happening to my PC for a few days - see my question below for full
>> > explanation: Cookie settings alter on own! - Andrew
>> >
>> > "Redwolf" wrote:
>> >
>> > > Greetings,
>> > >
>> > > I have been having a terrible time with pop ups apeparing whether I'm
>> > > in IE7
>> > > or Mozilla. I have run hijackthis but don't klnow where to go from
>> > > here.
>> > > Below is the log and I wold appreciate any help you can give me.
>> > > Thank you
>> > > :) Anne
>> > >
>> > > Logfile of HijackThis v1.99.1
>> > > Scan saved at 1:55:39 PM, on 7/13/2008
>> > > Platform: Windows XP SP2 (WinNT 5.01.2600)
>> > > MSIE: Internet Explorer v7.00 (7.00.6000.16674)
>> > >
>> > > Running processes:
>> > > C:\WINDOWS\System32\smss.exe
>> > > C:\WINDOWS\system32\winlogon.exe
>> > > C:\WINDOWS\system32\services.exe
>> > > C:\WINDOWS\system32\lsass.exe
>> > > C:\WINDOWS\system32\svchost.exe
>> > > C:\WINDOWS\System32\svchost.exe
>> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
>> > > C:\WINDOWS\Explorer.EXE
>> > > C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
>> > > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
>> > > C:\WINDOWS\system32\spoolsv.exe
>> > > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
>> > > C:\Program Files\Google\Common\Google
>> > > Updater\GoogleUpdaterService.exe
>> > > C:\WINDOWS\System32\svchost.exe
>> > > C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
>> > > C:\WINDOWS\System32\nvsvc32.exe
>> > > C:\WINDOWS\system32\PnkBstrA.exe
>> > > C:\WINDOWS\system32\PnkBstrB.exe
>> > > C:\Program Files\Common
>> > > Files\Intuit\QuickBooks\QBCFMonitorService.exe
>> > > C:\WINDOWS\System32\svchost.exe
>> > > C:\Program Files\Viewpoint\Common\ViewpointService.exe
>> > > C:\Program Files\Canon\CAL\CALMAIN.exe
>> > > C:\WINDOWS\BCMSMMSG.exe
>> > > C:\WINDOWS\system32\dla\tfswctrl.exe
>> > > C:\WINDOWS\System32\DSentry.exe
>> > > C:\Program Files\Dell\Media Experience\PCMService.exe
>> > > C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
>> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
>> > > C:\WINDOWS\system32\rundll32.exe
>> > > C:\WINDOWS\system32\Rundll32.exe
>> > > C:\WINDOWS\system32\ctfmon.exe
>> > > C:\Program Files\Windows Media Player\WMPNSCFG.exe
>> > > C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
>> > > C:\Program Files\Internet Explorer\iexplore.exe
>> > > C:\Program Files\Hijackthis\HijackThis.exe
>> > >
>> > > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
>> > > http://www.kqed.org/
>> > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
>> > > =
>> > > http://go.microsoft.com/fwlink/?LinkId=69157
>> > > R1 - HKLM\Software\Microsoft\Internet
>> > > Explorer\Main,Default_Search_URL =
>> > > http://go.microsoft.com/fwlink/?LinkId=54896
>> > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
>> > > http://go.microsoft.com/fwlink/?LinkId=54896
>> > > O2 - BHO: Symantec Intrusion Prevention -
>> > > {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
>> > > C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
>> > > O2 - BHO: IeCaptureBho Object -
>> > > {7c1ce531-09e9-4fc5-9803-1c2956615786} -
>> > > C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
>> > > (file
>> > > missing)
>> > > O2 - BHO: {49d36403-4326-c0ba-7394-78ce4a812919} -
>> > > {919218a4-ec87-4937-ab0c-623430463d94} -
>> > > C:\WINDOWS\system32\nbwgmx.dll
>> > > O2 - BHO: Google Toolbar Helper -
>> > > {AA58ED58-01DD-4d91-8333-CF10577473F7} -
>> > > c:\program files\google\googletoolbar1.dll
>> > > O2 - BHO: Google Toolbar Notifier BHO -
>> > > {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
>> > > Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
>> > > O2 - BHO: (no name) - {E03B518B-3328-4F9D-949D-9BF824607BA8} -
>> > > C:\WINDOWS\system32\efcASjJa.dll
>> > > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
>> > > c:\program
>> > > files\google\googletoolbar1.dll
>> > > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
>> > > C:\WINDOWS\System32\NvCpl.dll,NvStartup
>> > > O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
>> > > O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
>> > > O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
>> > > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
>> > > Experience\PCMService.exe"
>> > > O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
>> > > Files\Sonic\Update Manager\sgtray.exe" /r
>> > > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
>> > > Files\QuickTime\qttask.exe"
>> > > -atboottime
>> > > O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
>> > > Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
>> > > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
>> > > Shared\ccApp.exe"
>> > > O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton
>> > > AntiVirus\osCheck.exe"
>> > > O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
>> > > Files\iTunes\iTunesHelper.exe"
>> > > O4 - HKLM\..\Run: [3c427025] rundll32.exe
>> > > "C:\WINDOWS\system32\vogjqinc.dll",b
>> > > O4 - HKLM\..\Run: [BM3f7143b9] Rundll32.exe
>> > > "C:\WINDOWS\system32\qmbbhcqx.dll",s
>> > > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
>> > > O4 - HKCU\..\Run: [Printer Monitor]
>> > > C:\WINDOWS\system32\webprinter.exe
>> > > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
>> > > /background
>> > > O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
>> > > Player\WMPNSCFG.exe
>> > > O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel
>> > > FW\Desktop\DesktopWeather.exe"
>> > > O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program
>> > > Files\Common
>> > > Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
>> > > O8 - Extra context menu item: E&xport to Microsoft Excel -
>> > > res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
>> > > O9 - Extra button: (no name) -
>> > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
>> > > C:\WINDOWS\System32\msjava.dll
>> > > O9 - Extra 'Tools' menuitem: Sun Java Console -
>> > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
>> > > C:\WINDOWS\System32\msjava.dll
>> > > O9 - Extra button: (no name) -
>> > > {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no
>> > > file)
>> > > O9 - Extra button: Research -
>> > > {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
>> > > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
>> > > O9 - Extra button: Real.com -
>> > > {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
>> > > C:\WINDOWS\System32\Shdocvw.dll
>> > > O9 - Extra button: (no name) -
>> > > {e2e2dd38-d088-4134-82b7-f2ba38496583} -
>> > > %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
>> > > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
>> > > {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
>> > > Diagnostic\xpnetdiag.exe (file missing)
>> > > O9 - Extra button: Messenger -
>> > > {FB5F1910-F110-11d2-BB9E-00C04F795683} -
>> > > C:\Program Files\Messenger\msmsgs.exe
>> > > O9 - Extra 'Tools' menuitem: Windows Messenger -
>> > > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
>> > > Files\Messenger\msmsgs.exe
>> > > O11 - Options group: [INTERNATIONAL] International*
>> > > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
>> > > Advantage
>> > > Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
>> > > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
>> > > scanner) -
>> > > http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
>> > > O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player
>> > > Engine) -
>> > > http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
>> > > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
>> > > Utility
>> > > Class) -
>> > > http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
>> > > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl
>> > > Class) -
>> > > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743657453
>> > > O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
>> > > https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
>> > > O18 - Protocol: intu-help-qb1 -
>> > > {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -
>> > > C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll
>> > > O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
>> > > mscoree.dll
>> > > (file missing)
>> > > O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
>> > > O21 - SSODL: WPDShServiceObj -
>> > > {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
>> > > C:\WINDOWS\system32\WPDShServiceObj.dll
>> > > O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
>> > > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
>> > > O23 - Service: Automatic LiveUpdate Scheduler - Symantec
>> > > Corporation -
>> > > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
>> > > O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
>> > > C:\Program Files\Canon\CAL\CALMAIN.exe
>> > > O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -
>> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h
>> > > ccCommon (file
>> > > missing)
>> > > O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -
>> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h
>> > > ccCommon (file
>> > > missing)
>> > > O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -
>> > > Unknown
>> > > owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe"
>> > > /h
>> > > ccCommon (file missing)
>> > > O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
>> > > Files\Google\Common\Google Updater\GoogleUpdaterService.exe
>> > > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
>> > > Corporation - C:\Program Files\Common
>> > > Files\InstallShield\Driver\11\Intel
>> > > 32\IDriverT.exe
>> > > O23 - Service: LiveUpdate - Symantec Corporation - C:\Program
>> > > Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
>> > > O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program
>> > > Files\Common
>> > > Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
>> > > O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
>> > > C:\Program Files\Intel\NCS\Sync\NetSvc.exe
>> > > O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
>> > > Corporation -
>> > > C:\WINDOWS\System32\nvsvc32.exe
>> > > O23 - Service: PnkBstrA - Unknown owner -
>> > > C:\WINDOWS\system32\PnkBstrA.exe
>> > > O23 - Service: PnkBstrB - Unknown owner -
>> > > C:\WINDOWS\system32\PnkBstrB.exe
>> > > O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common
>> > > Files\Intuit\QuickBooks\QBCFMonitorService.exe
>> > > O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -
>> > > C:\Program Files\Common
>> > > Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
>> > > O23 - Service: Symantec Core LC - Unknown owner - C:\Program
>> > > Files\Common
>> > > Files\Symantec Shared\CCPD-LC\symlcsvc.exe
>> > > O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
>> > > C:\Program Files\Viewpoint\Common\ViewpointService.exe
>> > >
>> > >
 
RE: Problems with pops ups

it's not a suggestion, make your own post and keep to it, do not include your
own issues
with someone elses post.
The reaction of an insecure person is to resort to name calling when
confronted with their poor behaviour.

"Andrew" wrote:

> Silly person Sgopussy - surely you are aware that this site does not ALLOW
> what you suggest I have done! As I also am having sereous pop-up problems, I
> simply directed Redwolf to my problem without rewriting it OK?
> But if you insist - here it is again for Redwolf to contemplate and check
> this is no happening to his PC also: My cookie settings via, Control Panel,
> Internet Options and Privacy Tab are
> permanently on Accept All Cookies – no matter what I set it at it always
> returns to this lowest level of security. I have tried setting it on my
> normal setting of Medium High, clicking Apply and OK, but on returning it is
> always on this lower setting. The same occurs on Internet Explorer’s Internet
> Options via Tools. Could malware have altered a setting that prevents my
> Medium High security?
> Signd in: Andrew
> "sgopussy" wrote:
>
> > Please do not steal someone elses post, post your own question.
> >
> > "Andrew" wrote:
> >
> > > Hi - I have the same problem but have discovered something very strange is
> > > happening to my PC for a few days - see my question below for full
> > > explanation: Cookie settings alter on own! - Andrew
> > >
> > > "Redwolf" wrote:
> > >
> > > > Greetings,
> > > >
> > > > I have been having a terrible time with pop ups apeparing whether I'm in IE7
> > > > or Mozilla. I have run hijackthis but don't klnow where to go from here.
> > > > Below is the log and I wold appreciate any help you can give me. Thank you
> > > > :) Anne
> > > >
> > > > Logfile of HijackThis v1.99.1
> > > > Scan saved at 1:55:39 PM, on 7/13/2008
> > > > Platform: Windows XP SP2 (WinNT 5.01.2600)
> > > > MSIE: Internet Explorer v7.00 (7.00.6000.16674)
> > > >
> > > > Running processes:
> > > > C:\WINDOWS\System32\smss.exe
> > > > C:\WINDOWS\system32\winlogon.exe
> > > > C:\WINDOWS\system32\services.exe
> > > > C:\WINDOWS\system32\lsass.exe
> > > > C:\WINDOWS\system32\svchost.exe
> > > > C:\WINDOWS\System32\svchost.exe
> > > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> > > > C:\WINDOWS\Explorer.EXE
> > > > C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> > > > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
> > > > C:\WINDOWS\system32\spoolsv.exe
> > > > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
> > > > C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> > > > C:\WINDOWS\System32\svchost.exe
> > > > C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
> > > > C:\WINDOWS\System32\nvsvc32.exe
> > > > C:\WINDOWS\system32\PnkBstrA.exe
> > > > C:\WINDOWS\system32\PnkBstrB.exe
> > > > C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
> > > > C:\WINDOWS\System32\svchost.exe
> > > > C:\Program Files\Viewpoint\Common\ViewpointService.exe
> > > > C:\Program Files\Canon\CAL\CALMAIN.exe
> > > > C:\WINDOWS\BCMSMMSG.exe
> > > > C:\WINDOWS\system32\dla\tfswctrl.exe
> > > > C:\WINDOWS\System32\DSentry.exe
> > > > C:\Program Files\Dell\Media Experience\PCMService.exe
> > > > C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
> > > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> > > > C:\WINDOWS\system32\rundll32.exe
> > > > C:\WINDOWS\system32\Rundll32.exe
> > > > C:\WINDOWS\system32\ctfmon.exe
> > > > C:\Program Files\Windows Media Player\WMPNSCFG.exe
> > > > C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
> > > > C:\Program Files\Internet Explorer\iexplore.exe
> > > > C:\Program Files\Hijackthis\HijackThis.exe
> > > >
> > > > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> > > > http://www.kqed.org/
> > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> > > > http://go.microsoft.com/fwlink/?LinkId=69157
> > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> > > > http://go.microsoft.com/fwlink/?LinkId=54896
> > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> > > > http://go.microsoft.com/fwlink/?LinkId=54896
> > > > O2 - BHO: Symantec Intrusion Prevention -
> > > > {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
> > > > C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
> > > > O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} -
> > > > C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file
> > > > missing)
> > > > O2 - BHO: {49d36403-4326-c0ba-7394-78ce4a812919} -
> > > > {919218a4-ec87-4937-ab0c-623430463d94} - C:\WINDOWS\system32\nbwgmx.dll
> > > > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> > > > c:\program files\google\googletoolbar1.dll
> > > > O2 - BHO: Google Toolbar Notifier BHO -
> > > > {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
> > > > Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
> > > > O2 - BHO: (no name) - {E03B518B-3328-4F9D-949D-9BF824607BA8} -
> > > > C:\WINDOWS\system32\efcASjJa.dll
> > > > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> > > > files\google\googletoolbar1.dll
> > > > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> > > > C:\WINDOWS\System32\NvCpl.dll,NvStartup
> > > > O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
> > > > O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
> > > > O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
> > > > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
> > > > Experience\PCMService.exe"
> > > > O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> > > > Files\Sonic\Update Manager\sgtray.exe" /r
> > > > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
> > > > -atboottime
> > > > O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
> > > > Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
> > > > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> > > > Shared\ccApp.exe"
> > > > O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
> > > > O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
> > > > O4 - HKLM\..\Run: [3c427025] rundll32.exe "C:\WINDOWS\system32\vogjqinc.dll",b
> > > > O4 - HKLM\..\Run: [BM3f7143b9] Rundll32.exe
> > > > "C:\WINDOWS\system32\qmbbhcqx.dll",s
> > > > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> > > > O4 - HKCU\..\Run: [Printer Monitor] C:\WINDOWS\system32\webprinter.exe
> > > > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
> > > > O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
> > > > Player\WMPNSCFG.exe
> > > > O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel
> > > > FW\Desktop\DesktopWeather.exe"
> > > > O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common
> > > > Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
> > > > O8 - Extra context menu item: E&xport to Microsoft Excel -
> > > > res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
> > > > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> > > > C:\WINDOWS\System32\msjava.dll
> > > > O9 - Extra 'Tools' menuitem: Sun Java Console -
> > > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
> > > > O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no
> > > > file)
> > > > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> > > > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
> > > > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
> > > > C:\WINDOWS\System32\Shdocvw.dll
> > > > O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> > > > %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> > > > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> > > > {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
> > > > Diagnostic\xpnetdiag.exe (file missing)
> > > > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> > > > C:\Program Files\Messenger\msmsgs.exe
> > > > O9 - Extra 'Tools' menuitem: Windows Messenger -
> > > > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> > > > O11 - Options group: [INTERNATIONAL] International*
> > > > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> > > > Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
> > > > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
> > > > scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
> > > > O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) -
> > > > http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
> > > > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
> > > > Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
> > > > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
> > > > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743657453
> > > > O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
> > > > https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
> > > > O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -
> > > > C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll
> > > > O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll
> > > > (file missing)
> > > > O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
> > > > O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
> > > > C:\WINDOWS\system32\WPDShServiceObj.dll
> > > > O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
> > > > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
> > > > O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
> > > > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
> > > > O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
> > > > C:\Program Files\Canon\CAL\CALMAIN.exe
> > > > O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -
> > > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file
> > > > missing)
> > > > O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -
> > > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file
> > > > missing)
> > > > O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
> > > > owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h
> > > > ccCommon (file missing)
> > > > O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> > > > Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> > > > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> > > > Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
> > > > 32\IDriverT.exe
> > > > O23 - Service: LiveUpdate - Symantec Corporation - C:\Program
> > > > Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
> > > > O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common
> > > > Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
> > > > O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
> > > > C:\Program Files\Intel\NCS\Sync\NetSvc.exe
> > > > O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
> > > > C:\WINDOWS\System32\nvsvc32.exe
> > > > O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
> > > > O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
> > > > O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common
> > > > Files\Intuit\QuickBooks\QBCFMonitorService.exe
> > > > O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -
> > > > C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
> > > > O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common
> > > > Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> > > > O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
> > > > C:\Program Files\Viewpoint\Common\ViewpointService.exe
> > > >
> > > >
 
Back
Top