Thread: Extra "marketing" windows popping up
View Single Post
Old 12-03-2008, 10:02 AM   #1 (permalink)
The Mad Hatter
Registered User
 
Join Date: Aug 2004
Location: Hollywoodland
Posts: 51
OS: XP


Extra "marketing" windows popping up
Lately, when I've been doing random google searches, I will get an extra pop-up window, usually with something to the effect of AreaConnect Yellow Pages search results, and then local merchants listed for whatever I have googled.

Attached are my gmer and dds logs, per the New Instructions stickied in this forum...I have also run a HJT log, but won't post it yet per those instructions.

Thanks!


DDS (Version 1.0) - NTFSx86
Run by Owner at 8:54:44.04 on Wed 12/03/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.455 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DSL Extreme X-Dial Accelerator\PropelAC.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page =
uInternet Settings,ProxyOverride = localhost
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {656EC4B7-072B-4698-B504-2A414C1F0037} - c:\program files\dsl extreme x-dial accelerator\prpl_IePopupBlocker.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll
BHO: {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - c:\program files\common\helper.dll
TB: {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
uRun: [RecordNow!]
uRun: [Second Copy 2000] "c:\progra~1\seccopy\SecCopy.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Propel Accelerator] "c:\program files\dsl extreme x-dial accelerator\trayctl.exe" /STARTUPLAUNCH
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
mPolicies-explorer: NoActiveDesktopChanges = 0 (0x0)
mPolicies-system: DisableTaskMgr = 0 (0x0)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Allow pop-ups from this site - c:\program files\dsl extreme x-dial accelerator\pac-addwl.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Refresh Pa&ge with Full Quality - c:\program files\dsl extreme x-dial accelerator\pac-page.html
IE: Refresh Pi&cture with Full Quality - c:\program files\dsl extreme x-dial accelerator\pac-image.html
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\program files\dsl extreme x-dial accelerator\prplsf.dll
TCP: {9F06EE57-57D1-454D-B697-163DC721F333} = 192.168.2.1,192.168.2.2
Filter: text/html - {61e31874-7e3d-4871-be7b-47af391bcbf6} - c:\windows\system32\mst120.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-30 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-16 26824]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-10-14 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-10-14 394952]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-7-7 611664]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-2 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-2 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-30 76040]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []
S3 nenum13E;nenum13E;\??\c:\docume~1\owner\locals~1\temp\nenum13E.sys []

=============== Created Last 30 ================

2008-12-03 08:02 250 a------- c:\windows\gmer.ini
2008-12-02 16:53 32,256 a------- c:\windows\system32\digeste.dll
2008-11-25 17:35 <DIR> --d----- c:\program files\Common
2008-11-18 18:41 8,216 a------- c:\windows\system32\mst120.dll
2008-11-03 13:34 <DIR> --d----- c:\program files\Firefly Studios

==================== Find3M ====================

2008-12-03 07:34 14,309 a------- c:\windows\system32\tablet.dat
2008-12-02 18:52 <DIR> --d----- c:\program files\gmax
2008-12-02 13:48 <DIR> --d----- c:\docume~1\owner\applic~1\uTorrent
2008-12-02 10:01 <DIR> --d----- c:\program files\SpeedFan
2008-12-02 10:00 <DIR> --d----- c:\program files\SecCopy
2008-12-01 14:35 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-10 14:32 <DIR> --d----- c:\program files\Games
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-14 17:15 4,212 ----h--- c:\windows\system32\zllictbl.dat
2008-10-14 17:13 <DIR> --d----- c:\program files\Zone Labs
2008-10-14 10:10 <DIR> --d----- c:\program files\Trend Micro
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 03:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-08-11 13:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-05-30 11:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-01-07 10:08 <DIR> --d----- c:\docume~1\owner\applic~1\AdobeAUM
2007-05-01 23:46 <DIR> --d----- c:\docume~1\owner\applic~1\LimeWire
2007-04-26 09:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2007-02-12 22:30 <DIR> --d----- c:\docume~1\owner\applic~1\DSL Extreme
2006-10-30 20:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\espionServerData
2006-10-14 18:28 <DIR> --d----- c:\docume~1\owner\applic~1\Kinko's
2006-10-14 17:22 <DIR> --d----- c:\docume~1\owner\applic~1\Downloaded Installations
2006-06-21 21:01 <DIR> --d----- c:\docume~1\owner\applic~1\Lionhead Studios
2006-06-21 19:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lionhead Studios
2006-06-07 13:41 <DIR> --d----- c:\docume~1\owner\applic~1\msgy
2006-06-07 12:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2005-04-22 15:42 <DIR> --d----- c:\docume~1\owner\applic~1\spweng
2004-01-21 01:48 <DIR> --d----- c:\docume~1\owner\applic~1\Symantec
2004-01-20 17:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI
2004-06-14 20:03 0 a--sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 8:55:27.75 ===============
Attached Files
File Type: txt Attach.txt (15.8 KB, 1 views)
File Type: txt gmer.txt (13.3 KB, 1 views)
__________________
"Every normal man must be tempted, at times, to spit on his hands, hoist the black flag, and begin slitting throats." - H.L. Mencken
The Mad Hatter is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here