Oh dear, these pop ups are driving me crazy
bursty1972 - 25 April 2008 - 8:01pm
<p>Hello... I have a new pc for 3 weeks, and my 7 year old managed to install a total nastie onto it. I`m getting frequent pop ups telling me i need to fix spyware now (like every mouse click)... My google searches have been altered to reveal rude pages, no matter what the search is. I cant search for "Malware" or "Spyware" on google , get no responses. From what i can gather its from Malwarebellagreement, from Russian side of waters to get you to pay for a spyware proggy. I have spybotted, and MalwareBytes it. As well as scan with mcafee, but i cant seem to clear it. searches for the name of it reveals no items in my google. I dont really know much about hijack this, although i`m reading fast now :).... so if anyone can de-cipher this, then here it is...</p>
<p>Logfile of Trend Micro HijackThis v2.0.2<br />
Scan saved at 20:11:23, on 25/04/2008<br />
Platform: Windows Vista (WinNT 6.00.1904)<br />
MSIE: Internet Explorer v7.00 (7.00.6000.16643)<br />
Boot mode: Normal</p>
<p>Running processes:<br />
C:\Windows\system32\Dwm.exe<br />
C:\Windows\system32\taskeng.exe<br />
C:\Windows\Explorer.EXE<br />
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe<br />
C:\Program Files\Java\jre1.6.0\bin\jusched.exe<br />
C:\Windows\System32\ico.exe<br />
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe<br />
C:\Program Files\McAfee.com\Agent\mcagent.exe<br />
C:\Windows\System32\rundll32.exe<br />
C:\Windows\System32\rundll32.exe<br />
C:\Program Files\Dell Support Center\bin\sprtcmd.exe<br />
C:\Program Files\Windows Sidebar\sidebar.exe<br />
C:\Windows\ehome\ehtray.exe<br />
C:\Program Files\DNA\btdna.exe<br />
C:\Program Files\Windows Media Player\wmpnscfg.exe<br />
C:\Windows\ehome\ehmsas.exe<br />
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe<br />
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe<br />
C:\Program Files\MagicDisc\MagicDisc.exe<br />
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe<br />
C:\Program Files\Windows Sidebar\sidebar.exe<br />
C:\Windows\System32\mobsync.exe<br />
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe<br />
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe<br />
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe<br />
C:\Program Files\Windows Media Player\wmplayer.exe<br />
C:\Program Files\Windows Mail\WindowsMailGadget.exe<br />
C:\Program Files\Windows Mail\WinMail.exe<br />
C:\Program Files\Internet Explorer\iexplore.exe<br />
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe<br />
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<br />
C:\Windows\system32\DllHost.exe<br />
C:\Windows\system32\SearchFilterHost.exe</p>
<p>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</a><br />
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.co.uk/">http://www.google.co.uk/</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</a><br />
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157</a><br />
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br />
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br />
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell<br />
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br />
O1 - Hosts: ::1 localhost<br />
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll<br />
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll<br />
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll<br />
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll<br />
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll<br />
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll<br />
O2 - BHO: Video - {F856BB9E-855B-498D-883E-3509C550A031} - C:\Windows\kol.dll<br />
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide<br />
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode<br />
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe<br />
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"<br />
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE<br />
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"<br />
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"<br />
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey<br />
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"<br />
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"<br />
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart<br />
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup<br />
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit<br />
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter<br />
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun<br />
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe<br />
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"<br />
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe<br />
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')<br />
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')<br />
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')<br />
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe<br />
O4 - Global Startup: Bluetooth.lnk = ?<br />
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe<br />
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000<br />
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm<br />
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm<br />
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll<br />
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll<br />
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll<br />
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll<br />
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL<br />
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm<br />
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm<br />
O13 - Gopher Prefix: <br />
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe<br />
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe<br />
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe<br />
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe<br />
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe<br />
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe<br />
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe<br />
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe<br />
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe<br />
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe<br />
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe<br />
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe<br />
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe<br />
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe<br />
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe<br />
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe<br />
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe<br />
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)<br />
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe<br />
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe<br />
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe<br />
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe</p>
<p>--<br />
End of file - 9780 bytes</p>
<p>I thank you for this web site.</p>
<p>Steve<br />
Wiltshire<br />
uk</p>
Log in to PCAnswers
How to...
Edit photos for free with the Gimp
Nick Veitch - 7 October 2008 - 3:14pm
Adobe Photoshop is an expensive application to purchase or upgrade, Nick Veitch shows you how to get the same results using the Gimp. ... read more »
Latest PC news from TechRadar
- Average UK broadband speed is just 3.6Mbps
- 5 reasons widgets may be the next big TV trend
- Exclusive: Virgin & ITV: Internet details not yet finalised
- Ballmer's CES keynote - all the details
- Virgin Media seals on-demand deal with ITV
- AMD rolls out much improved Phenom II CPU
- In Depth: Is 45nm silicon enough to save AMD?
- Windows 7 Beta available worldwide Friday
Copyright 2006 - 2008 Future Publishing Limited(company registered number 2008885), a company registered in England and Wales
whose registered office is at Beauford Court, 30 Monmouth Street, Bath, BA1 2BW, UK
Oh dear, these pop ups are driving me crazy
Glamdring - 25 April 2008 - 10:10pm<p>Your list is clean.</p>
<p>For Malwarebellagreement removal try <a href="http://www.windowsvistaplace.com/malwarebellagreementcom-malware-bell-agreement-removal-instructions/spyware-removal" class="bb-url">here</a>.</p>
Oh dear, these pop ups are driving me crazy
bursty1972 - 25 April 2008 - 11:47pm<p>Spy hunter found some entries, but wouldnt clean up unless i paid to register...also i saw some sites earlier, putting spyhunter on the rogues list, with spyware of their own. i dont mind paying, but im still unconvinced this will clean me up.</p>
<p>it found..</p>
<p>DyFuca<br />
Atlas DMT<br />
webtrendslive<br />
tribalfusion<br />
media<br />
doubleclick<br />
hitbox</p>
<p>??is one of these my pain in butt?</p>
<p>steve</p>
<p>soz, also..... the manual removal cant work, cause i have not got the full blown download yate, so registery entries have not been completed, i have the "please install me phase", (i might have started a new phrase there)... all the removal notes ive seen for the registry, mine dont exist yet.</p>
<p>i tried earlier, but the entries just are not in there</p>
<p>damn pop ups though........its lucky i dont have a big red button to russia ....:(</p>
<p>steve</p>
<p><span style="color:red">Double post amalgamated</span></p>
Oh dear, these pop ups are driving me crazy
Glamdring - 26 April 2008 - 9:40pm<p>You need help with Vista. I've never used it and it might have foibles I'm unaware of.</p>
Oh dear, these pop ups are driving me crazy
bursty1972 - 27 April 2008 - 9:54am<p>Ah, tis ok, as machine was only a few weeks old, I used the Dell recovery image and restarted took about an hour all in. thanks anyway guys.</p>
<p>steve</p>
Oh dear, these pop ups are driving me crazy
Audiodood - 27 April 2008 - 2:21pm<p><div class="bb-quote"><b>steve1972 wrote:</b><blockquote class="bb-quote-body">Spy hunter found some entries, but wouldnt clean up unless i paid to register...</blockquote></div><br />
That rubbish is the infection, and at some point on the internet you agreed to install it.</p>
<p><div class="bb-quote"><b>steve1972 wrote:</b><blockquote class="bb-quote-body"><br />
damn pop ups though........its lucky i dont have a big red button to russia ....:(</blockquote></div><br />
You do have a big red button, unfortunately for you it led to your PC when you visited the dodgy site that made you install the software in the first place :D</p>
Oh dear, these pop ups are driving me crazy
Vino Rosso - 30 April 2008 - 9:11pm<p>You should fix this entry with HJT and, if you want any more help, uninstall SpyHunter and post a fresh HJT log.</p>
<p>O2 - BHO: Video - {F856BB9E-855B-498D-883E-3509C550A031} - C:\Windows\kol.dll</p>