I have a friend who says she's getting tons of pop-ups, and hasn't had any luck with the various programs I've suggested - Spybot, Adaware, etc. - so I had her send me her logfile. What suggestions do you propose to clean things up for her?
--------------------------
----------
----------
Logfile of HijackThis v1.98.2
Scan saved at 1:16:25 AM, on 9/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
v.exe
C:\WINDOWS\System32\hkcmd.
exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tf
swctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.ex
e
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.ex
e
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodManager
.exe
C:\Program Files\MUSICMATCH\MUSICMATC
H Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATC
H Jukebox\mmtask.exe
C:\WINDOWS\System32\twuhpg
.exe
C:\WINDOWS\System32\RunDLL
32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\SYSTEM32\SPOOL\
DRIVERS\W3
2X86\3\CAP
M1LAK.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QB
Update\qbu
pdate.exe
C:\WINDOWS\System32\CAPM1R
SK.EXE
C:\WINDOWS\System32\spool\
drivers\w3
2x86\3\CAP
M1SWK.EXE
C:\WINDOWS\System32\GEARSE
C.EXE
C:\PROGRA~1\NORTON~2\NORTO
N~1\GHOSTS
~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\ScsiAc
cess.EXE
C:\PROGRA~1\NORTON~2\SPEED
D~1\nopdb.
exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
e
C:\Program Files\iPod\bin\iPodService
.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Dell\Support\Alert\b
in\NotifyA
lert.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Susan\My Documents\hijackthis\Hijac
kThis.exe
R1 - HKCU\Software\Microsoft\In
ternet Explorer,SearchURL =
http://www.begin2search.com/googlesidesearch.htmlR1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Default_Page
_URL =
http://www.dellnet.comR1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://www.begin2search.com/googlesidesearch.htmlR1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://www.begin2search.com/googlesidesearch.htmlR0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://www.dellnet.comR0 - HKLM\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant =
http://www.begin2search.com/googlesidesearch.htmlR1 - HKCU\Software\Microsoft\In
ternet Connection Wizard,ShellNext =
http://www.dellnet.com/R1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,ProxyOverride = localhost
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F
1C52D674FA
D} - C:\WINDOWS\localNRD.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH
elper.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-4
15134C7877
7} - C:\WINDOWS\System32\winb2s
32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
06D7942484
F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-0
00874180BB
3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0
0123456789
0} - C:\WINDOWS\system32\dla\tf
swshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
ADC6B08487
2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
09B6AD74AC
C} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINDOWS\System32\msdxm.
ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
859DF00B1D
6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0
BE4D212C10
7} - C:\WINDOWS\System32\winb2s
32.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E
1B4C16F92E
B} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr
ay.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.
exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf
swctrl.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
e
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.ex
e
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTo
ols\ADVCHK
.EXE
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump
rep 0 -k
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager
.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC
H Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATC
H Jukebox\mmtask.exe
O4 - HKLM\..\Run: [fsqpfa] C:\WINDOWS\System32\twuhpg
.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
" /background
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL
32.exe C:\PROGRA~1\Ofoto\OfotoNow
\OFUSBS.DL
L,WatchFor
Connection
OfotoNow
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Canon PC1200 iC D600 iR1200G Status Window.LNK = C:\WINDOWS\SYSTEM32\SPOOL\
DRIVERS\W3
2X86\3\CAP
M1LAK.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB
Update\qbu
pdate.exe
O4 - Global Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.ex
e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - (no file)
O16 - DPF: {1D6711C8-7154-40BB-8380-3
DEA45B69CB
F} (Web P2P Installer) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0
0105AA9B6A
E} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D
305C1750EF
3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cabO16 - DPF: {62475759-9E84-458E-A1AB-5
D2C442ADFD
E} -
http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exeO16 - DPF: {6F750200-1362-4815-A476-8
8533DE61D0
C} (Ofoto Upload Manager Class) -
http://www.olympus.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-0
0C04F9A3B6
1} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabO16 - DPF: {E855A2D4-987E-4F3B-A51C-6
4D10A7E247
9} (EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cabStart Free Trial
