Problems with pops ups

July 13, 2008

Greetings,

I have been having a terrible time with pop ups apeparing whether I'm in IE7

or Mozilla. I have run hijackthis but don't klnow where to go from here.

Below is the log and I wold appreciate any help you can give me. Thank you

:) Anne

Logfile of HijackThis v1.99.1

Scan saved at 1:55:39 PM, on 7/13/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.kqed.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Symantec Intrusion Prevention -

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} -

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file

missing)

O2 - BHO: {49d36403-4326-c0ba-7394-78ce4a812919} -

{919218a4-ec87-4937-ab0c-623430463d94} - C:\WINDOWS\system32\nbwgmx.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: (no name) - {E03B518B-3328-4F9D-949D-9BF824607BA8} -

C:\WINDOWS\system32\efcASjJa.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

Experience\PCMService.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common

Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [3c427025] rundll32.exe "C:\WINDOWS\system32\vogjqinc.dll",b

O4 - HKLM\..\Run: [bM3f7143b9] Rundll32.exe

"C:\WINDOWS\system32\qmbbhcqx.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Printer Monitor] C:\WINDOWS\system32\webprinter.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel

FW\Desktop\DesktopWeather.exe"

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no

file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) -

http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743657453

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -

https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab

O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -

C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll

O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll

(file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -

C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown

owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h

ccCommon (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -

C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common

Files\Intuit\QuickBooks\QBCFMonitorService.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -

C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

C:\Program Files\Viewpoint\Common\ViewpointService.exe

July 13, 2008

Re: Problems with pops ups

You need to post the log to a website where security specialists can advise

you. Try one of these:

http://aumha.net/viewforum.php?f=30

http://forums.spybot.info/forumdisplay.php?f=22

http://castlecops.com/forum67.html .

--

Regards

Ron Badour

MS MVP

Windows Desktop Experience

"Redwolf" <Redwolf@discussions.microsoft.com> wrote in message

news:286DFE76-D816-4C87-887B-8098B5D55E91@microsoft.com...

> Greetings,

>

> I have been having a terrible time with pop ups apeparing whether I'm in

> IE7

> or Mozilla. I have run hijackthis but don't klnow where to go from here.

> Below is the log and I wold appreciate any help you can give me. Thank

> you

> :) Anne

>

> Logfile of HijackThis v1.99.1

> Scan saved at 1:55:39 PM, on 7/13/2008

> Platform: Windows XP SP2 (WinNT 5.01.2600)

> MSIE: Internet Explorer v7.00 (7.00.6000.16674)

>

> Running processes:

> C:\WINDOWS\System32\smss.exe

> C:\WINDOWS\system32\winlogon.exe

> C:\WINDOWS\system32\services.exe

> C:\WINDOWS\system32\lsass.exe

> C:\WINDOWS\system32\svchost.exe

> C:\WINDOWS\System32\svchost.exe

> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

> C:\WINDOWS\Explorer.EXE

> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

> C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

> C:\WINDOWS\system32\spoolsv.exe

> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

> C:\WINDOWS\System32\svchost.exe

> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

> C:\WINDOWS\System32\nvsvc32.exe

> C:\WINDOWS\system32\PnkBstrA.exe

> C:\WINDOWS\system32\PnkBstrB.exe

> C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

> C:\WINDOWS\System32\svchost.exe

> C:\Program Files\Viewpoint\Common\ViewpointService.exe

> C:\Program Files\Canon\CAL\CALMAIN.exe

> C:\WINDOWS\BCMSMMSG.exe

> C:\WINDOWS\system32\dla\tfswctrl.exe

> C:\WINDOWS\System32\DSentry.exe

> C:\Program Files\Dell\Media Experience\PCMService.exe

> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

> C:\WINDOWS\system32\rundll32.exe

> C:\WINDOWS\system32\Rundll32.exe

> C:\WINDOWS\system32\ctfmon.exe

> C:\Program Files\Windows Media Player\WMPNSCFG.exe

> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

> C:\Program Files\Internet Explorer\iexplore.exe

> C:\Program Files\Hijackthis\HijackThis.exe

>

> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

> http://www.kqed.org/

> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

> http://go.microsoft.com/fwlink/?LinkId=69157

> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

> http://go.microsoft.com/fwlink/?LinkId=54896

> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

> http://go.microsoft.com/fwlink/?LinkId=54896

> O2 - BHO: Symantec Intrusion Prevention -

> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

> C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

> O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} -

> C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file

> missing)

> O2 - BHO: {49d36403-4326-c0ba-7394-78ce4a812919} -

> {919218a4-ec87-4937-ab0c-623430463d94} - C:\WINDOWS\system32\nbwgmx.dll

> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

> c:\program files\google\googletoolbar1.dll

> O2 - BHO: Google Toolbar Notifier BHO -

> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

> Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

> O2 - BHO: (no name) - {E03B518B-3328-4F9D-949D-9BF824607BA8} -

> C:\WINDOWS\system32\efcASjJa.dll

> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

> c:\program

> files\google\googletoolbar1.dll

> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

> C:\WINDOWS\System32\NvCpl.dll,NvStartup

> O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

> O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

> Experience\PCMService.exe"

> O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common

> Files\Sonic\Update Manager\sgtray.exe" /r

> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

> -atboottime

> O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

> Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

> Shared\ccApp.exe"

> O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton

> AntiVirus\osCheck.exe"

> O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

> Files\iTunes\iTunesHelper.exe"

> O4 - HKLM\..\Run: [3c427025] rundll32.exe

> "C:\WINDOWS\system32\vogjqinc.dll",b

> O4 - HKLM\..\Run: [bM3f7143b9] Rundll32.exe

> "C:\WINDOWS\system32\qmbbhcqx.dll",s

> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

> O4 - HKCU\..\Run: [Printer Monitor] C:\WINDOWS\system32\webprinter.exe

> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

> /background

> O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

> Player\WMPNSCFG.exe

> O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel

> FW\Desktop\DesktopWeather.exe"

> O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

> Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

> O8 - Extra context menu item: E&xport to Microsoft Excel -

> res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

> C:\WINDOWS\System32\msjava.dll

> O9 - Extra 'Tools' menuitem: Sun Java Console -

> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

> O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} -

> (no

> file)

> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

> C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

> C:\WINDOWS\System32\Shdocvw.dll

> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

> %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

> {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

> Diagnostic\xpnetdiag.exe (file missing)

> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

> C:\Program Files\Messenger\msmsgs.exe

> O9 - Extra 'Tools' menuitem: Windows Messenger -

> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

> Files\Messenger\msmsgs.exe

> O11 - Options group: [iNTERNATIONAL] International*

> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

> Advantage

> Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

> O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

> scanner) -

> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

> O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player

> Engine) -

> http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab

> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

> Class) -

> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743657453

> O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -

> https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab

> O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -

> C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll

> O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

> mscoree.dll

> (file missing)

> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

> O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

> C:\WINDOWS\system32\WPDShServiceObj.dll

> O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

> C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

> O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

> O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -

> C:\Program Files\Canon\CAL\CALMAIN.exe

> O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -

> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon

> (file

> missing)

> O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -

> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon

> (file

> missing)

> O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown

> owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h

> ccCommon (file missing)

> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

> Files\Google\Common\Google Updater\GoogleUpdaterService.exe

> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

> Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

> 32\IDriverT.exe

> O23 - Service: LiveUpdate - Symantec Corporation - C:\Program

> Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

> O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common

> Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

> O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -

> C:\Program Files\Intel\NCS\Sync\NetSvc.exe

> O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

> C:\WINDOWS\System32\nvsvc32.exe

> O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

> O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

> O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common

> Files\Intuit\QuickBooks\QBCFMonitorService.exe

> O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -

> C:\Program Files\Common

> Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

> O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common

> Files\Symantec Shared\CCPD-LC\symlcsvc.exe

> O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

> C:\Program Files\Viewpoint\Common\ViewpointService.exe

>

July 13, 2008

RE: Problems with pops ups

Hi - I have the same problem but have discovered something very strange is

happening to my PC for a few days - see my question below for full

explanation: Cookie settings alter on own! - Andrew

"Redwolf" wrote:

> Greetings,

>

> I have been having a terrible time with pop ups apeparing whether I'm in IE7

> or Mozilla. I have run hijackthis but don't klnow where to go from here.

> Below is the log and I wold appreciate any help you can give me. Thank you

> :) Anne

>

> Logfile of HijackThis v1.99.1

> Scan saved at 1:55:39 PM, on 7/13/2008

> Platform: Windows XP SP2 (WinNT 5.01.2600)

> MSIE: Internet Explorer v7.00 (7.00.6000.16674)

>

> Running processes:

> C:\WINDOWS\System32\smss.exe

> C:\WINDOWS\system32\winlogon.exe

> C:\WINDOWS\system32\services.exe

> C:\WINDOWS\system32\lsass.exe

> C:\WINDOWS\system32\svchost.exe

> C:\WINDOWS\System32\svchost.exe

> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

> C:\WINDOWS\Explorer.EXE

> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

> C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

> C:\WINDOWS\system32\spoolsv.exe

> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

> C:\WINDOWS\System32\svchost.exe

> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

> C:\WINDOWS\System32\nvsvc32.exe

> C:\WINDOWS\system32\PnkBstrA.exe

> C:\WINDOWS\system32\PnkBstrB.exe

> C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

> C:\WINDOWS\System32\svchost.exe

> C:\Program Files\Viewpoint\Common\ViewpointService.exe

> C:\Program Files\Canon\CAL\CALMAIN.exe

> C:\WINDOWS\BCMSMMSG.exe

> C:\WINDOWS\system32\dla\tfswctrl.exe

> C:\WINDOWS\System32\DSentry.exe

> C:\Program Files\Dell\Media Experience\PCMService.exe

> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

> C:\WINDOWS\system32\rundll32.exe

> C:\WINDOWS\system32\Rundll32.exe

> C:\WINDOWS\system32\ctfmon.exe

> C:\Program Files\Windows Media Player\WMPNSCFG.exe

> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

> C:\Program Files\Internet Explorer\iexplore.exe

> C:\Program Files\Hijackthis\HijackThis.exe

>

> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

> http://www.kqed.org/

> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

> http://go.microsoft.com/fwlink/?LinkId=69157

> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

> http://go.microsoft.com/fwlink/?LinkId=54896

> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

> http://go.microsoft.com/fwlink/?LinkId=54896

> O2 - BHO: Symantec Intrusion Prevention -

> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

> C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

> O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} -

> C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file

> missing)

> O2 - BHO: {49d36403-4326-c0ba-7394-78ce4a812919} -

> {919218a4-ec87-4937-ab0c-623430463d94} - C:\WINDOWS\system32\nbwgmx.dll

> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

> c:\program files\google\googletoolbar1.dll

> O2 - BHO: Google Toolbar Notifier BHO -

> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

> Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

> O2 - BHO: (no name) - {E03B518B-3328-4F9D-949D-9BF824607BA8} -

> C:\WINDOWS\system32\efcASjJa.dll

> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

> files\google\googletoolbar1.dll

> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

> C:\WINDOWS\System32\NvCpl.dll,NvStartup

> O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

> O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

> Experience\PCMService.exe"

> O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common

> Files\Sonic\Update Manager\sgtray.exe" /r

> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

> -atboottime

> O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

> Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

> Shared\ccApp.exe"

> O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

> O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

> O4 - HKLM\..\Run: [3c427025] rundll32.exe "C:\WINDOWS\system32\vogjqinc.dll",b

> O4 - HKLM\..\Run: [bM3f7143b9] Rundll32.exe

> "C:\WINDOWS\system32\qmbbhcqx.dll",s

> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

> O4 - HKCU\..\Run: [Printer Monitor] C:\WINDOWS\system32\webprinter.exe

> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

> O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

> Player\WMPNSCFG.exe

> O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel

> FW\Desktop\DesktopWeather.exe"

> O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

> Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

> O8 - Extra context menu item: E&xport to Microsoft Excel -

> res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

> C:\WINDOWS\System32\msjava.dll

> O9 - Extra 'Tools' menuitem: Sun Java Console -

> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

> O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no

> file)

> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

> C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

> C:\WINDOWS\System32\Shdocvw.dll

> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

> %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

> {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

> Diagnostic\xpnetdiag.exe (file missing)

> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

> C:\Program Files\Messenger\msmsgs.exe

> O9 - Extra 'Tools' menuitem: Windows Messenger -

> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

> O11 - Options group: [iNTERNATIONAL] International*

> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

> Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

> O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

> scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

> O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) -

> http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab

> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

> Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743657453

> O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -

> https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab

> O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -

> C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll

> O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll

> (file missing)

> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

> O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

> C:\WINDOWS\system32\WPDShServiceObj.dll

> O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

> C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

> O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

> O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -

> C:\Program Files\Canon\CAL\CALMAIN.exe

> O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -

> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

> missing)

> O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -

> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

> missing)

> O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown

> owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h

> ccCommon (file missing)

> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

> Files\Google\Common\Google Updater\GoogleUpdaterService.exe

> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

> Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

> 32\IDriverT.exe

> O23 - Service: LiveUpdate - Symantec Corporation - C:\Program

> Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

> O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common

> Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

> O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -

> C:\Program Files\Intel\NCS\Sync\NetSvc.exe

> O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

> C:\WINDOWS\System32\nvsvc32.exe

> O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

> O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

> O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common

> Files\Intuit\QuickBooks\QBCFMonitorService.exe

> O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -

> C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

> O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common

> Files\Symantec Shared\CCPD-LC\symlcsvc.exe

> O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

> C:\Program Files\Viewpoint\Common\ViewpointService.exe

>

July 13, 2008

RE: Problems with pops ups

Please do not steal someone elses post, post your own question.

"Andrew" wrote:

> Hi - I have the same problem but have discovered something very strange is

> happening to my PC for a few days - see my question below for full

> explanation: Cookie settings alter on own! - Andrew

>

> "Redwolf" wrote:

>

> > Greetings,

> >

> > I have been having a terrible time with pop ups apeparing whether I'm in IE7

> > or Mozilla. I have run hijackthis but don't klnow where to go from here.

> > Below is the log and I wold appreciate any help you can give me. Thank you

> > :) Anne

> >

> > Logfile of HijackThis v1.99.1

> > Scan saved at 1:55:39 PM, on 7/13/2008

> > Platform: Windows XP SP2 (WinNT 5.01.2600)

> > MSIE: Internet Explorer v7.00 (7.00.6000.16674)

> >

> > Running processes:

> > C:\WINDOWS\System32\smss.exe

> > C:\WINDOWS\system32\winlogon.exe

> > C:\WINDOWS\system32\services.exe

> > C:\WINDOWS\system32\lsass.exe

> > C:\WINDOWS\system32\svchost.exe

> > C:\WINDOWS\System32\svchost.exe

> > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

> > C:\WINDOWS\Explorer.EXE

> > C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

> > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

> > C:\WINDOWS\system32\spoolsv.exe

> > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

> > C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

> > C:\WINDOWS\System32\svchost.exe

> > C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

> > C:\WINDOWS\System32\nvsvc32.exe

> > C:\WINDOWS\system32\PnkBstrA.exe

> > C:\WINDOWS\system32\PnkBstrB.exe

> > C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

> > C:\WINDOWS\System32\svchost.exe

> > C:\Program Files\Viewpoint\Common\ViewpointService.exe

> > C:\Program Files\Canon\CAL\CALMAIN.exe

> > C:\WINDOWS\BCMSMMSG.exe

> > C:\WINDOWS\system32\dla\tfswctrl.exe

> > C:\WINDOWS\System32\DSentry.exe

> > C:\Program Files\Dell\Media Experience\PCMService.exe

> > C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

> > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

> > C:\WINDOWS\system32\rundll32.exe

> > C:\WINDOWS\system32\Rundll32.exe

> > C:\WINDOWS\system32\ctfmon.exe

> > C:\Program Files\Windows Media Player\WMPNSCFG.exe

> > C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

> > C:\Program Files\Internet Explorer\iexplore.exe

> > C:\Program Files\Hijackthis\HijackThis.exe

> >

> > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

> > http://www.kqed.org/

> > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

> > http://go.microsoft.com/fwlink/?LinkId=69157

> > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

> > http://go.microsoft.com/fwlink/?LinkId=54896

> > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

> > http://go.microsoft.com/fwlink/?LinkId=54896

> > O2 - BHO: Symantec Intrusion Prevention -

> > {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

> > C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

> > O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} -

> > C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file

> > missing)

> > O2 - BHO: {49d36403-4326-c0ba-7394-78ce4a812919} -

> > {919218a4-ec87-4937-ab0c-623430463d94} - C:\WINDOWS\system32\nbwgmx.dll

> > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

> > c:\program files\google\googletoolbar1.dll

> > O2 - BHO: Google Toolbar Notifier BHO -

> > {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

> > Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

> > O2 - BHO: (no name) - {E03B518B-3328-4F9D-949D-9BF824607BA8} -

> > C:\WINDOWS\system32\efcASjJa.dll

> > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

> > files\google\googletoolbar1.dll

> > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

> > C:\WINDOWS\System32\NvCpl.dll,NvStartup

> > O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

> > O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

> > O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

> > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

> > Experience\PCMService.exe"

> > O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common

> > Files\Sonic\Update Manager\sgtray.exe" /r

> > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

> > -atboottime

> > O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

> > Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

> > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

> > Shared\ccApp.exe"

> > O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

> > O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

> > O4 - HKLM\..\Run: [3c427025] rundll32.exe "C:\WINDOWS\system32\vogjqinc.dll",b

> > O4 - HKLM\..\Run: [bM3f7143b9] Rundll32.exe

> > "C:\WINDOWS\system32\qmbbhcqx.dll",s

> > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

> > O4 - HKCU\..\Run: [Printer Monitor] C:\WINDOWS\system32\webprinter.exe

> > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

> > O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

> > Player\WMPNSCFG.exe

> > O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel

> > FW\Desktop\DesktopWeather.exe"

> > O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

> > Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

> > O8 - Extra context menu item: E&xport to Microsoft Excel -

> > res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

> > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

> > C:\WINDOWS\System32\msjava.dll

> > O9 - Extra 'Tools' menuitem: Sun Java Console -

> > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

> > O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no

> > file)

> > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

> > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

> > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

> > C:\WINDOWS\System32\Shdocvw.dll

> > O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

> > %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

> > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

> > {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

> > Diagnostic\xpnetdiag.exe (file missing)

> > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

> > C:\Program Files\Messenger\msmsgs.exe

> > O9 - Extra 'Tools' menuitem: Windows Messenger -

> > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

> > O11 - Options group: [iNTERNATIONAL] International*

> > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

> > Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

> > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

> > scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

> > O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) -

> > http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab

> > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

> > Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

> > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

> > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743657453

> > O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -

> > https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab

> > O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -

> > C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll

> > O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll

> > (file missing)

> > O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

> > O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

> > C:\WINDOWS\system32\WPDShServiceObj.dll

> > O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

> > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

> > O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

> > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

> > O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -

> > C:\Program Files\Canon\CAL\CALMAIN.exe

> > O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -

> > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

> > missing)

> > O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -

> > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

> > missing)

> > O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown

> > owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h

> > ccCommon (file missing)

> > O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

> > Files\Google\Common\Google Updater\GoogleUpdaterService.exe

> > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

> > Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

> > 32\IDriverT.exe

> > O23 - Service: LiveUpdate - Symantec Corporation - C:\Program

> > Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

> > O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common

> > Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

> > O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -

> > C:\Program Files\Intel\NCS\Sync\NetSvc.exe

> > O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

> > C:\WINDOWS\System32\nvsvc32.exe

> > O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

> > O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

> > O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common

> > Files\Intuit\QuickBooks\QBCFMonitorService.exe

> > O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -

> > C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

> > O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common

> > Files\Symantec Shared\CCPD-LC\symlcsvc.exe

> > O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

> > C:\Program Files\Viewpoint\Common\ViewpointService.exe

> >

July 13, 2008

RE: Problems with pops ups

Silly person Sgopussy - surely you are aware that this site does not ALLOW

what you suggest I have done! As I also am having sereous pop-up problems, I

simply directed Redwolf to my problem without rewriting it OK?

But if you insist - here it is again for Redwolf to contemplate and check

this is no happening to his PC also: My cookie settings via, Control Panel,

Internet Options and Privacy Tab are

permanently on Accept All Cookies – no matter what I set it at it always

returns to this lowest level of security. I have tried setting it on my

normal setting of Medium High, clicking Apply and OK, but on returning it is

always on this lower setting. The same occurs on Internet Explorer’s Internet

Options via Tools. Could malware have altered a setting that prevents my

Medium High security?

Signd in: Andrew

"sgopussy" wrote:

> Please do not steal someone elses post, post your own question.

>

> "Andrew" wrote:

>

> > Hi - I have the same problem but have discovered something very strange is

> > happening to my PC for a few days - see my question below for full

> > explanation: Cookie settings alter on own! - Andrew

> >

> > "Redwolf" wrote:

> >

> > > Greetings,

> > >

> > > I have been having a terrible time with pop ups apeparing whether I'm in IE7

> > > or Mozilla. I have run hijackthis but don't klnow where to go from here.

> > > Below is the log and I wold appreciate any help you can give me. Thank you

> > > :) Anne

> > >

> > > Logfile of HijackThis v1.99.1

> > > Scan saved at 1:55:39 PM, on 7/13/2008

> > > Platform: Windows XP SP2 (WinNT 5.01.2600)

> > > MSIE: Internet Explorer v7.00 (7.00.6000.16674)

> > >

> > > Running processes:

> > > C:\WINDOWS\System32\smss.exe

> > > C:\WINDOWS\system32\winlogon.exe

> > > C:\WINDOWS\system32\services.exe

> > > C:\WINDOWS\system32\lsass.exe

> > > C:\WINDOWS\system32\svchost.exe

> > > C:\WINDOWS\System32\svchost.exe

> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

> > > C:\WINDOWS\Explorer.EXE

> > > C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

> > > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

> > > C:\WINDOWS\system32\spoolsv.exe

> > > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

> > > C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

> > > C:\WINDOWS\System32\svchost.exe

> > > C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

> > > C:\WINDOWS\System32\nvsvc32.exe

> > > C:\WINDOWS\system32\PnkBstrA.exe

> > > C:\WINDOWS\system32\PnkBstrB.exe

> > > C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

> > > C:\WINDOWS\System32\svchost.exe

> > > C:\Program Files\Viewpoint\Common\ViewpointService.exe

> > > C:\Program Files\Canon\CAL\CALMAIN.exe

> > > C:\WINDOWS\BCMSMMSG.exe

> > > C:\WINDOWS\system32\dla\tfswctrl.exe

> > > C:\WINDOWS\System32\DSentry.exe

> > > C:\Program Files\Dell\Media Experience\PCMService.exe

> > > C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

> > > C:\WINDOWS\system32\rundll32.exe

> > > C:\WINDOWS\system32\Rundll32.exe

> > > C:\WINDOWS\system32\ctfmon.exe

> > > C:\Program Files\Windows Media Player\WMPNSCFG.exe

> > > C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

> > > C:\Program Files\Internet Explorer\iexplore.exe

> > > C:\Program Files\Hijackthis\HijackThis.exe

> > >

> > > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

> > > http://www.kqed.org/

> > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

> > > http://go.microsoft.com/fwlink/?LinkId=69157

> > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

> > > http://go.microsoft.com/fwlink/?LinkId=54896

> > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

> > > http://go.microsoft.com/fwlink/?LinkId=54896

> > > O2 - BHO: Symantec Intrusion Prevention -

> > > {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

> > > C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

> > > O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} -

> > > C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file

> > > missing)

> > > O2 - BHO: {49d36403-4326-c0ba-7394-78ce4a812919} -

> > > {919218a4-ec87-4937-ab0c-623430463d94} - C:\WINDOWS\system32\nbwgmx.dll

> > > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

> > > c:\program files\google\googletoolbar1.dll

> > > O2 - BHO: Google Toolbar Notifier BHO -

> > > {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

> > > Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

> > > O2 - BHO: (no name) - {E03B518B-3328-4F9D-949D-9BF824607BA8} -

> > > C:\WINDOWS\system32\efcASjJa.dll

> > > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

> > > files\google\googletoolbar1.dll

> > > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

> > > C:\WINDOWS\System32\NvCpl.dll,NvStartup

> > > O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

> > > O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

> > > O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

> > > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

> > > Experience\PCMService.exe"

> > > O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common

> > > Files\Sonic\Update Manager\sgtray.exe" /r

> > > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

> > > -atboottime

> > > O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

> > > Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

> > > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

> > > Shared\ccApp.exe"

> > > O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

> > > O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

> > > O4 - HKLM\..\Run: [3c427025] rundll32.exe "C:\WINDOWS\system32\vogjqinc.dll",b

> > > O4 - HKLM\..\Run: [bM3f7143b9] Rundll32.exe

> > > "C:\WINDOWS\system32\qmbbhcqx.dll",s

> > > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

> > > O4 - HKCU\..\Run: [Printer Monitor] C:\WINDOWS\system32\webprinter.exe

> > > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

> > > O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

> > > Player\WMPNSCFG.exe

> > > O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel

> > > FW\Desktop\DesktopWeather.exe"

> > > O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

> > > Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

> > > O8 - Extra context menu item: E&xport to Microsoft Excel -

> > > res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

> > > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

> > > C:\WINDOWS\System32\msjava.dll

> > > O9 - Extra 'Tools' menuitem: Sun Java Console -

> > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

> > > O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no

> > > file)

> > > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

> > > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

> > > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

> > > C:\WINDOWS\System32\Shdocvw.dll

> > > O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

> > > %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

> > > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

> > > {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

> > > Diagnostic\xpnetdiag.exe (file missing)

> > > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

> > > C:\Program Files\Messenger\msmsgs.exe

> > > O9 - Extra 'Tools' menuitem: Windows Messenger -

> > > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

> > > O11 - Options group: [iNTERNATIONAL] International*

> > > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

> > > Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

> > > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

> > > scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

> > > O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) -

> > > http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab

> > > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

> > > Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

> > > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

> > > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743657453

> > > O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -

> > > https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab

> > > O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -

> > > C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll

> > > O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll

> > > (file missing)

> > > O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

> > > O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

> > > C:\WINDOWS\system32\WPDShServiceObj.dll

> > > O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

> > > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

> > > O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

> > > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

> > > O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -

> > > C:\Program Files\Canon\CAL\CALMAIN.exe

> > > O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -

> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

> > > missing)

> > > O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -

> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

> > > missing)

> > > O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown

> > > owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h

> > > ccCommon (file missing)

> > > O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

> > > Files\Google\Common\Google Updater\GoogleUpdaterService.exe

> > > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

> > > Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

> > > 32\IDriverT.exe

> > > O23 - Service: LiveUpdate - Symantec Corporation - C:\Program

> > > Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

> > > O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common

> > > Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

> > > O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -

> > > C:\Program Files\Intel\NCS\Sync\NetSvc.exe

> > > O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

> > > C:\WINDOWS\System32\nvsvc32.exe

> > > O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

> > > O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

> > > O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common

> > > Files\Intuit\QuickBooks\QBCFMonitorService.exe

> > > O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -

> > > C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

> > > O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common

> > > Files\Symantec Shared\CCPD-LC\symlcsvc.exe

> > > O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

> > > C:\Program Files\Viewpoint\Common\ViewpointService.exe

> > >

July 14, 2008

Re: Problems with pops ups

Of course it could, and you almost certainly have been infected. But that

doesn't mean your issue and Redwolf's are in the least bit related, other

than you both probably have malware infections. The question is what kind?

Your attitude suggests that if Redwolf had a fever and you did too, that you

probably have the same infection, even though there's nothing else that's

remotely the same about the rest of your symptoms. Would you want the doctor

to treat your infection the same as Redwolf's, or wouldn't you rather he

diagnose *your* infection.

Thus far, there isn't the slightest known similarity between your infection

and Redwolf's. Please stick to your own thread and diagnose your own

problem. All you do here is confuse the issue.

--

Gary S. Terhune

MS-MVP Shell/User

http://grystmill.com

"Andrew" <Andrew@discussions.microsoft.com> wrote in message

news:363141F3-4909-4202-B908-8E3DD5F3A9FB@microsoft.com...

> Silly person Sgopussy - surely you are aware that this site does not ALLOW

> what you suggest I have done! As I also am having sereous pop-up problems,

> I

> simply directed Redwolf to my problem without rewriting it OK?

> But if you insist - here it is again for Redwolf to contemplate and check

> this is no happening to his PC also: My cookie settings via, Control

> Panel,

> Internet Options and Privacy Tab are

> permanently on Accept All Cookies - no matter what I set it at it always

> returns to this lowest level of security. I have tried setting it on my

> normal setting of Medium High, clicking Apply and OK, but on returning it

> is

> always on this lower setting. The same occurs on Internet Explorer's

> Internet

> Options via Tools. Could malware have altered a setting that prevents my

> Medium High security?

> Signd in: Andrew

> "sgopussy" wrote:

>

>> Please do not steal someone elses post, post your own question.

>>

>> "Andrew" wrote:

>>

>> > Hi - I have the same problem but have discovered something very strange

>> > is

>> > happening to my PC for a few days - see my question below for full

>> > explanation: Cookie settings alter on own! - Andrew

>> >

>> > "Redwolf" wrote:

>> >

>> > > Greetings,

>> > >

>> > > I have been having a terrible time with pop ups apeparing whether I'm

>> > > in IE7

>> > > or Mozilla. I have run hijackthis but don't klnow where to go from

>> > > here.

>> > > Below is the log and I wold appreciate any help you can give me.

>> > > Thank you

>> > > :) Anne

>> > >

>> > > Logfile of HijackThis v1.99.1

>> > > Scan saved at 1:55:39 PM, on 7/13/2008

>> > > Platform: Windows XP SP2 (WinNT 5.01.2600)

>> > > MSIE: Internet Explorer v7.00 (7.00.6000.16674)

>> > >

>> > > Running processes:

>> > > C:\WINDOWS\System32\smss.exe

>> > > C:\WINDOWS\system32\winlogon.exe

>> > > C:\WINDOWS\system32\services.exe

>> > > C:\WINDOWS\system32\lsass.exe

>> > > C:\WINDOWS\system32\svchost.exe

>> > > C:\WINDOWS\System32\svchost.exe

>> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

>> > > C:\WINDOWS\Explorer.EXE

>> > > C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

>> > > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

>> > > C:\WINDOWS\system32\spoolsv.exe

>> > > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

>> > > C:\Program Files\Google\Common\Google

>> > > Updater\GoogleUpdaterService.exe

>> > > C:\WINDOWS\System32\svchost.exe

>> > > C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

>> > > C:\WINDOWS\System32\nvsvc32.exe

>> > > C:\WINDOWS\system32\PnkBstrA.exe

>> > > C:\WINDOWS\system32\PnkBstrB.exe

>> > > C:\Program Files\Common

>> > > Files\Intuit\QuickBooks\QBCFMonitorService.exe

>> > > C:\WINDOWS\System32\svchost.exe

>> > > C:\Program Files\Viewpoint\Common\ViewpointService.exe

>> > > C:\Program Files\Canon\CAL\CALMAIN.exe

>> > > C:\WINDOWS\BCMSMMSG.exe

>> > > C:\WINDOWS\system32\dla\tfswctrl.exe

>> > > C:\WINDOWS\System32\DSentry.exe

>> > > C:\Program Files\Dell\Media Experience\PCMService.exe

>> > > C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

>> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

>> > > C:\WINDOWS\system32\rundll32.exe

>> > > C:\WINDOWS\system32\Rundll32.exe

>> > > C:\WINDOWS\system32\ctfmon.exe

>> > > C:\Program Files\Windows Media Player\WMPNSCFG.exe

>> > > C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

>> > > C:\Program Files\Internet Explorer\iexplore.exe

>> > > C:\Program Files\Hijackthis\HijackThis.exe

>> > >

>> > > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

>> > > http://www.kqed.org/

>> > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

>> > > =

>> > > http://go.microsoft.com/fwlink/?LinkId=69157

>> > > R1 - HKLM\Software\Microsoft\Internet

>> > > Explorer\Main,Default_Search_URL =

>> > > http://go.microsoft.com/fwlink/?LinkId=54896

>> > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

>> > > http://go.microsoft.com/fwlink/?LinkId=54896

>> > > O2 - BHO: Symantec Intrusion Prevention -

>> > > {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

>> > > C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

>> > > O2 - BHO: IeCaptureBho Object -

>> > > {7c1ce531-09e9-4fc5-9803-1c2956615786} -

>> > > C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

>> > > (file

>> > > missing)

>> > > O2 - BHO: {49d36403-4326-c0ba-7394-78ce4a812919} -

>> > > {919218a4-ec87-4937-ab0c-623430463d94} -

>> > > C:\WINDOWS\system32\nbwgmx.dll

>> > > O2 - BHO: Google Toolbar Helper -

>> > > {AA58ED58-01DD-4d91-8333-CF10577473F7} -

>> > > c:\program files\google\googletoolbar1.dll

>> > > O2 - BHO: Google Toolbar Notifier BHO -

>> > > {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

>> > > Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

>> > > O2 - BHO: (no name) - {E03B518B-3328-4F9D-949D-9BF824607BA8} -

>> > > C:\WINDOWS\system32\efcASjJa.dll

>> > > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

>> > > c:\program

>> > > files\google\googletoolbar1.dll

>> > > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

>> > > C:\WINDOWS\System32\NvCpl.dll,NvStartup

>> > > O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

>> > > O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

>> > > O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

>> > > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

>> > > Experience\PCMService.exe"

>> > > O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common

>> > > Files\Sonic\Update Manager\sgtray.exe" /r

>> > > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

>> > > Files\QuickTime\qttask.exe"

>> > > -atboottime

>> > > O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

>> > > Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

>> > > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

>> > > Shared\ccApp.exe"

>> > > O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton

>> > > AntiVirus\osCheck.exe"

>> > > O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

>> > > Files\iTunes\iTunesHelper.exe"

>> > > O4 - HKLM\..\Run: [3c427025] rundll32.exe

>> > > "C:\WINDOWS\system32\vogjqinc.dll",b

>> > > O4 - HKLM\..\Run: [bM3f7143b9] Rundll32.exe

>> > > "C:\WINDOWS\system32\qmbbhcqx.dll",s

>> > > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

>> > > O4 - HKCU\..\Run: [Printer Monitor]

>> > > C:\WINDOWS\system32\webprinter.exe

>> > > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

>> > > /background

>> > > O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

>> > > Player\WMPNSCFG.exe

>> > > O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel

>> > > FW\Desktop\DesktopWeather.exe"

>> > > O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program

>> > > Files\Common

>> > > Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

>> > > O8 - Extra context menu item: E&xport to Microsoft Excel -

>> > > res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

>> > > O9 - Extra button: (no name) -

>> > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

>> > > C:\WINDOWS\System32\msjava.dll

>> > > O9 - Extra 'Tools' menuitem: Sun Java Console -

>> > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

>> > > C:\WINDOWS\System32\msjava.dll

>> > > O9 - Extra button: (no name) -

>> > > {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no

>> > > file)

>> > > O9 - Extra button: Research -

>> > > {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

>> > > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

>> > > O9 - Extra button: Real.com -

>> > > {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

>> > > C:\WINDOWS\System32\Shdocvw.dll

>> > > O9 - Extra button: (no name) -

>> > > {e2e2dd38-d088-4134-82b7-f2ba38496583} -

>> > > %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

>> > > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

>> > > {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

>> > > Diagnostic\xpnetdiag.exe (file missing)

>> > > O9 - Extra button: Messenger -

>> > > {FB5F1910-F110-11d2-BB9E-00C04F795683} -

>> > > C:\Program Files\Messenger\msmsgs.exe

>> > > O9 - Extra 'Tools' menuitem: Windows Messenger -

>> > > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

>> > > Files\Messenger\msmsgs.exe

>> > > O11 - Options group: [iNTERNATIONAL] International*

>> > > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

>> > > Advantage

>> > > Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

>> > > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

>> > > scanner) -

>> > > http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

>> > > O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player

>> > > Engine) -

>> > > http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab

>> > > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI

>> > > Utility

>> > > Class) -

>> > > http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

>> > > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

>> > > Class) -

>> > > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743657453

>> > > O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -

>> > > https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab

>> > > O18 - Protocol: intu-help-qb1 -

>> > > {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -

>> > > C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll

>> > > O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

>> > > mscoree.dll

>> > > (file missing)

>> > > O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

>> > > O21 - SSODL: WPDShServiceObj -

>> > > {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

>> > > C:\WINDOWS\system32\WPDShServiceObj.dll

>> > > O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

>> > > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

>> > > O23 - Service: Automatic LiveUpdate Scheduler - Symantec

>> > > Corporation -

>> > > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

>> > > O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -

>> > > C:\Program Files\Canon\CAL\CALMAIN.exe

>> > > O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -

>> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h

>> > > ccCommon (file

>> > > missing)

>> > > O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -

>> > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h

>> > > ccCommon (file

>> > > missing)

>> > > O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -

>> > > Unknown

>> > > owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe"

>> > > /h

>> > > ccCommon (file missing)

>> > > O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

>> > > Files\Google\Common\Google Updater\GoogleUpdaterService.exe

>> > > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

>> > > Corporation - C:\Program Files\Common

>> > > Files\InstallShield\Driver\11\Intel

>> > > 32\IDriverT.exe

>> > > O23 - Service: LiveUpdate - Symantec Corporation - C:\Program

>> > > Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

>> > > O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program

>> > > Files\Common

>> > > Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

>> > > O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -

>> > > C:\Program Files\Intel\NCS\Sync\NetSvc.exe

>> > > O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

>> > > Corporation -

>> > > C:\WINDOWS\System32\nvsvc32.exe

>> > > O23 - Service: PnkBstrA - Unknown owner -

>> > > C:\WINDOWS\system32\PnkBstrA.exe

>> > > O23 - Service: PnkBstrB - Unknown owner -

>> > > C:\WINDOWS\system32\PnkBstrB.exe

>> > > O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common

>> > > Files\Intuit\QuickBooks\QBCFMonitorService.exe

>> > > O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -

>> > > C:\Program Files\Common

>> > > Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

>> > > O23 - Service: Symantec Core LC - Unknown owner - C:\Program

>> > > Files\Common

>> > > Files\Symantec Shared\CCPD-LC\symlcsvc.exe

>> > > O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

>> > > C:\Program Files\Viewpoint\Common\ViewpointService.exe

>> > >

July 14, 2008

RE: Problems with pops ups

it's not a suggestion, make your own post and keep to it, do not include your

own issues

with someone elses post.

The reaction of an insecure person is to resort to name calling when

confronted with their poor behaviour.

"Andrew" wrote:

> Silly person Sgopussy - surely you are aware that this site does not ALLOW

> what you suggest I have done! As I also am having sereous pop-up problems, I

> simply directed Redwolf to my problem without rewriting it OK?

> But if you insist - here it is again for Redwolf to contemplate and check

> this is no happening to his PC also: My cookie settings via, Control Panel,

> Internet Options and Privacy Tab are

> permanently on Accept All Cookies – no matter what I set it at it always

> returns to this lowest level of security. I have tried setting it on my

> normal setting of Medium High, clicking Apply and OK, but on returning it is

> always on this lower setting. The same occurs on Internet Explorer’s Internet

> Options via Tools. Could malware have altered a setting that prevents my

> Medium High security?

> Signd in: Andrew

> "sgopussy" wrote:

>

> > Please do not steal someone elses post, post your own question.

> >

> > "Andrew" wrote:

> >

> > > Hi - I have the same problem but have discovered something very strange is

> > > happening to my PC for a few days - see my question below for full

> > > explanation: Cookie settings alter on own! - Andrew

> > >

> > > "Redwolf" wrote:

> > >

> > > > Greetings,

> > > >

> > > > I have been having a terrible time with pop ups apeparing whether I'm in IE7

> > > > or Mozilla. I have run hijackthis but don't klnow where to go from here.

> > > > Below is the log and I wold appreciate any help you can give me. Thank you

> > > > :) Anne

> > > >

> > > > Logfile of HijackThis v1.99.1

> > > > Scan saved at 1:55:39 PM, on 7/13/2008

> > > > Platform: Windows XP SP2 (WinNT 5.01.2600)

> > > > MSIE: Internet Explorer v7.00 (7.00.6000.16674)

> > > >

> > > > Running processes:

> > > > C:\WINDOWS\System32\smss.exe

> > > > C:\WINDOWS\system32\winlogon.exe

> > > > C:\WINDOWS\system32\services.exe

> > > > C:\WINDOWS\system32\lsass.exe

> > > > C:\WINDOWS\system32\svchost.exe

> > > > C:\WINDOWS\System32\svchost.exe

> > > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

> > > > C:\WINDOWS\Explorer.EXE

> > > > C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

> > > > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

> > > > C:\WINDOWS\system32\spoolsv.exe

> > > > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

> > > > C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

> > > > C:\WINDOWS\System32\svchost.exe

> > > > C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

> > > > C:\WINDOWS\System32\nvsvc32.exe

> > > > C:\WINDOWS\system32\PnkBstrA.exe

> > > > C:\WINDOWS\system32\PnkBstrB.exe

> > > > C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

> > > > C:\WINDOWS\System32\svchost.exe

> > > > C:\Program Files\Viewpoint\Common\ViewpointService.exe

> > > > C:\Program Files\Canon\CAL\CALMAIN.exe

> > > > C:\WINDOWS\BCMSMMSG.exe

> > > > C:\WINDOWS\system32\dla\tfswctrl.exe

> > > > C:\WINDOWS\System32\DSentry.exe

> > > > C:\Program Files\Dell\Media Experience\PCMService.exe

> > > > C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

> > > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

> > > > C:\WINDOWS\system32\rundll32.exe

> > > > C:\WINDOWS\system32\Rundll32.exe

> > > > C:\WINDOWS\system32\ctfmon.exe

> > > > C:\Program Files\Windows Media Player\WMPNSCFG.exe

> > > > C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

> > > > C:\Program Files\Internet Explorer\iexplore.exe

> > > > C:\Program Files\Hijackthis\HijackThis.exe

> > > >

> > > > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

> > > > http://www.kqed.org/

> > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

> > > > http://go.microsoft.com/fwlink/?LinkId=69157

> > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

> > > > http://go.microsoft.com/fwlink/?LinkId=54896

> > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

> > > > http://go.microsoft.com/fwlink/?LinkId=54896

> > > > O2 - BHO: Symantec Intrusion Prevention -

> > > > {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

> > > > C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

> > > > O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} -

> > > > C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file

> > > > missing)

> > > > O2 - BHO: {49d36403-4326-c0ba-7394-78ce4a812919} -

> > > > {919218a4-ec87-4937-ab0c-623430463d94} - C:\WINDOWS\system32\nbwgmx.dll

> > > > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

> > > > c:\program files\google\googletoolbar1.dll

> > > > O2 - BHO: Google Toolbar Notifier BHO -

> > > > {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

> > > > Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

> > > > O2 - BHO: (no name) - {E03B518B-3328-4F9D-949D-9BF824607BA8} -

> > > > C:\WINDOWS\system32\efcASjJa.dll

> > > > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

> > > > files\google\googletoolbar1.dll

> > > > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

> > > > C:\WINDOWS\System32\NvCpl.dll,NvStartup

> > > > O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

> > > > O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

> > > > O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

> > > > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

> > > > Experience\PCMService.exe"

> > > > O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common

> > > > Files\Sonic\Update Manager\sgtray.exe" /r

> > > > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

> > > > -atboottime

> > > > O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

> > > > Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

> > > > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

> > > > Shared\ccApp.exe"

> > > > O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

> > > > O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

> > > > O4 - HKLM\..\Run: [3c427025] rundll32.exe "C:\WINDOWS\system32\vogjqinc.dll",b

> > > > O4 - HKLM\..\Run: [bM3f7143b9] Rundll32.exe

> > > > "C:\WINDOWS\system32\qmbbhcqx.dll",s

> > > > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

> > > > O4 - HKCU\..\Run: [Printer Monitor] C:\WINDOWS\system32\webprinter.exe

> > > > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

> > > > O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

> > > > Player\WMPNSCFG.exe

> > > > O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel

> > > > FW\Desktop\DesktopWeather.exe"

> > > > O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

> > > > Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

> > > > O8 - Extra context menu item: E&xport to Microsoft Excel -

> > > > res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

> > > > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

> > > > C:\WINDOWS\System32\msjava.dll

> > > > O9 - Extra 'Tools' menuitem: Sun Java Console -

> > > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

> > > > O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no

> > > > file)

> > > > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

> > > > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

> > > > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

> > > > C:\WINDOWS\System32\Shdocvw.dll

> > > > O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

> > > > %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

> > > > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

> > > > {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

> > > > Diagnostic\xpnetdiag.exe (file missing)

> > > > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

> > > > C:\Program Files\Messenger\msmsgs.exe

> > > > O9 - Extra 'Tools' menuitem: Windows Messenger -

> > > > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

> > > > O11 - Options group: [iNTERNATIONAL] International*

> > > > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

> > > > Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

> > > > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

> > > > scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

> > > > O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) -

> > > > http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab

> > > > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

> > > > Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

> > > > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

> > > > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743657453

> > > > O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -

> > > > https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab

> > > > O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -

> > > > C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll

> > > > O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll

> > > > (file missing)

> > > > O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

> > > > O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

> > > > C:\WINDOWS\system32\WPDShServiceObj.dll

> > > > O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

> > > > C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

> > > > O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

> > > > C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

> > > > O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -

> > > > C:\Program Files\Canon\CAL\CALMAIN.exe

> > > > O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -

> > > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

> > > > missing)

> > > > O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -

> > > > C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

> > > > missing)

> > > > O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown

> > > > owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h

> > > > ccCommon (file missing)

> > > > O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

> > > > Files\Google\Common\Google Updater\GoogleUpdaterService.exe

> > > > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

> > > > Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

> > > > 32\IDriverT.exe

> > > > O23 - Service: LiveUpdate - Symantec Corporation - C:\Program

> > > > Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

> > > > O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common

> > > > Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

> > > > O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -

> > > > C:\Program Files\Intel\NCS\Sync\NetSvc.exe

> > > > O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

> > > > C:\WINDOWS\System32\nvsvc32.exe

> > > > O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

> > > > O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

> > > > O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common

> > > > Files\Intuit\QuickBooks\QBCFMonitorService.exe

> > > > O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -

> > > > C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

> > > > O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common

> > > > Files\Symantec Shared\CCPD-LC\symlcsvc.exe

> > > > O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

> > > > C:\Program Files\Viewpoint\Common\ViewpointService.exe

> > > >

Sign In

Problems with pops ups

Recommended Posts

Guest Redwolf

Popular Days

Popular Days

Guest Ron Badour

Guest Andrew

Guest sgopus

Guest Andrew

Guest Gary S. Terhune

Guest sgopus

Similar Content

'Update Mesdenger' pop-up

ntoskrnl.exe Problem

VM Problem.

Automatically pop out of front window

Update Problem

Browse

Activity

Site Info