Results 1 to 4 of 4

Thread: buycheapadvertising.com popup

  1. 03-07-2006, 09:55 PM #1
    uyeda1m
    uyeda1m is offline
    Registered User
    Join Date
    Jul 2006
    Posts
    4
    Thanks
    0
    Thanked
    0 times in 0 posts

    buycheapadvertising.com popup

    I read a post about this before, and tried to use that to fix it, but I still have a problem. I am getting popups from buycheapadvertising.com along with many other sites. Here is my HJT log:

    Logfile of HijackThis v1.97.7
    Scan saved at 4:48:15 PM, on 7/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\poolsv.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Updater.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\v1201.exe
    C:\WINDOWS\win32063656189343.exe
    C:\WINDOWS\rrwcqhoA.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Mitchiyoshi Uyeda\Desktop\Mitch's Folder\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,cjvqvqw.exe
    O2 - BHO: (no name) - {00CBEFA0-BCBC-43CA-84F0-8D6A44104347} - \
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1B2CE5FB-88FF-C217-BAF7-D5F5EED5C292} - C:\WINDOWS\psapn.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D877597D46203BCE - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll (file missing)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {93989C8B-BD5F-4783-A470-EB07F08E83C7} - C:\WINDOWS\system32\winapic32.dll
    O2 - BHO: (no name) - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll (file missing)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - (no file)
    O2 - BHO: (no name) - {D1C8C237-D8B4-478C-83C2-4BB6BB3F7612} - \
    O3 - Toolbar: Windows Updates - {A20CC53E-61FE-4788-85FF-A0F9C9B4C2A9} - C:\WINDOWS\system32\msiedp32.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
    O4 - HKLM\..\Run: [win32063656189343] C:\WINDOWS\win32063656189343.exe
    O4 - HKLM\..\Run: [avcalj] C:\WINDOWS\system32\bexill.exe reg_run
    O4 - HKLM\..\Run: [rrwcqhoA] C:\WINDOWS\rrwcqhoA.exe
    O4 - HKLM\..\Run: [nlk95bba] RUNDLL32.EXE w0035e0f.dll,n 00195bb9000000030035e0f
    O4 - HKLM\..\Run: [{B8-81-13-38-ZN}] c:\windows\system32\dwdsregt.exe CORN003
    O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\swinnqez.exe CORN003
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [wsjcm] C:\WINDOWS\system32\bexill.exe reg_run
    O4 - HKLM\..\RunOnce: [I8FZWor] cmd /c IF EXIST "C:\WINDOWS\system32\gbe90qs.exe" del /s /q "C:\WINDOWS\system32\gbe90qs.exe"
    O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra 'Tools' menuitem: Java (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
    O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) - http://download.microsoft.com/downlo...WebCleaner.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/...ol/h2hpool.cab


    Let me know if you can help me out. Thanks!
    Reply With Quote Reply With Quote
  2. 03-07-2006, 10:34 PM #2
    streetster
    streetster is offline
    cat /dev/null streetster's Avatar
    Join Date
    Jul 2003
    Location
    London
    Posts
    4,138
    Thanks
    119
    Thanked
    100 times in 82 posts
    • streetster's system
      • Motherboard:
      • Asus P7P55D-E
      • CPU:
      • Intel i5 750 2.67 @ 4.0Ghz
      • Memory:
      • 4GB Corsair XMS DDR3
      • Storage:
      • 2x1TB Drives [RAID0]
      • Graphics card(s):
      • 2xSapphire HD 4870 512MB CrossFireX
      • PSU:
      • Corsair HX520W
      • Case:
      • Coolermaster Black Widow
      • Operating System:
      • Windows 7 x64
      • Monitor(s):
      • DELL U2311
      • Internet:
      • Virgin 50Mb
    C:\WINDOWS\poolsv.exe
    C:\WINDOWS\rrwcqhoA.exe
    C:\WINDOWS\v1201.exe
    C:\WINDOWS\win32063656189343.exe

    all seem a bit dodgy.. you tried deleting them (maybe boot into safemode?)
    e-mail | rating | web
    Reply With Quote Reply With Quote
  3. 04-07-2006, 12:53 AM #3
    MadduckUK
    MadduckUK is offline
    WEEEEEEEEEEEEE! MadduckUK's Avatar
    Join Date
    May 2006
    Location
    Lytham St. Annes
    Posts
    17,297
    Thanks
    653
    Thanked
    1,580 times in 1,006 posts
    • MadduckUK's system
      • Motherboard:
      • MSI B450M Mortar
      • CPU:
      • AMD Ryzen 5 3600
      • Memory:
      • 32GB 3200 DDR4
      • Storage:
      • 1x480GB SSD, 1x 2TB Hybrid, 1x 3TB Rust Spinner
      • Graphics card(s):
      • Radeon 5700XT
      • PSU:
      • Corsair TX750w
      • Case:
      • Phanteks Enthoo Evolv mATX
      • Operating System:
      • Windows 10 x64
      • Monitor(s):
      • Samsung SJ55W, DELL S2409W
      • Internet:
      • Plusnet 80
    C:\Program Files\AWS\WeatherBug\Weather.exe

    oh dear, if thats found its way on there then hell knows what else has
    Reply With Quote Reply With Quote
  4. 04-07-2006, 04:34 AM #4
    uyeda1m
    uyeda1m is offline
    Registered User
    Join Date
    Jul 2006
    Posts
    4
    Thanks
    0
    Thanked
    0 times in 0 posts
    I've booted into safe mode and use about:buster, CWShredder, Ewido, and it seems like the only thing it couldn't delete was Surf Sidekick.

    Ewido would freeze when I tried to remove it and when I fixed in HJT, it came back on next scan.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. removing winamp2 upgrade popup on winamp startup
    By |{££|" in forum Software
    Replies: 0
    Last Post: 01-01-2005, 09:55 PM
  2. Firefox reporting that www.hexus.net wants to open a popup
    By Rys in forum HEXUS Suggestions
    Replies: 16
    Last Post: 30-12-2004, 09:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules