Tech Support banner

Not open for further replies.
1 - 2 of 2 Posts

4 Posts
Discussion Starter #1
OK I don't know where these things have come from but they are REALLY annoying.

Every now and then a pop-up will appear on screen from no where. Literally from no where. I don't even have to have a Firefox browser window open.

The pop-ups are directed to a site called which then randomly directs to an advert site.

I have no idea how to get rid of this and have exausted my current knowledge. I have tried the following...

- Microsoft Anti-spyware
- Ad-aware SE
- Spybot S&D
- Ewido Security Suite

All of which found bits of spyware but none of which have cleaned this problem from my machine. These pop-ups really are driving me mad. If I DO have a browser window open then when the pop-up decides to come along it takes over my current window which means I have had to write this post in Notepad and then copy&paste the content into a new thread as I keep losing the text i've already typed when the page redirects.

I have also checked out my MSCONFIG startup items, the processes tab in Task manager and the Add/Remove programs dialogue in Control Panel but nothing there seems 'dodgy'.

Any help is greatly appreciated - PLEASE reply asap as this really is driving me insane and means I can't browse the web, play games or even listen to music in peace without a pop-up disturbing me!

My HiJack This Log.......


Logfile of HijackThis v1.99.1
Scan saved at 12:48:33, on 24/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
MFF: Firefox v1.0.7

Running processes:
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Darren\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{064217AC-9A25-4805-8E52-41583AD9E6E9}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{064217AC-9A25-4805-8E52-41583AD9E6E9}: NameServer =
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\ir4ml5h11.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


Please note I have tried to remove the entries...

HKLM\System\CCS\Services\Tcpip\..\{064217AC-9A25-4805-8E52-41583AD9E6E9}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{064217AC-9A25-4805-8E52-41583AD9E6E9}: NameServer =

But when I restart the seem to just come back!!!!!!!

How annoying is that?!!!!

Many thanks in advance for any help that can be given.


TSF Security Manager, Emeritus
52,197 Posts
Please don't try to remove entries with HJT without supervision. Do you use AOL as your ISP? Those entries are registered to AOL.

This will take a few steps. First do this:

Download, install & launch - Webroot SpySweeper (Trial) (8.3 MB)

When SpySweeper starts, please accept any prompts to update definitions.

Then configure it as followed:
  • From the left pane, click Options
  • Select the Sweep Options tab & ensure the following are ticked:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All Users accounts
    • Do Not Sweep System Restore Folder
    • Enable Direct Disk Sweeping
    • Sweep For Rootkits
  • After that's done, select Sweep from the left pane & click on the Start button
  • Allow Spysweeper to reboot your machine to remove the infected files.
After rebooting, launch SpySweeper & select Results from the left pane
Click the 'Session Log' tab & choose Save to File to create a log.

Post that in your next reply along with a new HJT log.
1 - 2 of 2 Posts
Not open for further replies.