removing ad popups - hijackthis log included - pls review

[Rotbol]

CWshredder - came out clean.
spybot & search - came out clean
Ad-aware - found 4 tracking cookies wich i deleted.

i am still having problems with popups when i start/shutdown my browser. There are no spontanious popups.

heres my HijackThis log from just after cleanup (i left out some proxyserver registry setting for privacy issues):

Logfile of HijackThis v1.97.7
Scan saved at 13:28:08, on 15-03-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\Tablet.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\OfficeScan NT\PCCNTMON.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\WINDOWS\xcmon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\diosrvau.exe
C:\WINDOWS\System32\sferrora.exe
C:\WINDOWS\System32\ttriba.exe
C:\WINDOWS\System32\ostnameh.exe
C:\WINDOWS\System32\chgrcoim.exe
C:\WINDOWS\System32\shtmledm.exe
C:\WINDOWS\System32\iaacmgrw.exe
C:\WINDOWS\System32\mmkcertn.exe
C:\WINDOWS\System32\mdrvm.exe
C:\WINDOWS\System32\tdosn.exe
C:\WINDOWS\System32\pg4dmodm.exe
C:\WINDOWS\System32\tmartan.exe
C:\WINDOWS\System32\ssapm.exe
C:\WINDOWS\System32\vnt4cpln.exe
C:\WINDOWS\System32\lse.exe
C:\WINDOWS\System32\sdtcm.exe
C:\WINDOWS\System32\pnlobbyd.exe
C:\WINDOWS\System32\psu.exe
C:\WINDOWS\System32\ertmgrc.exe
C:\WINDOWS\System32\oskeyd.exe
C:\WINDOWS\System32\asfq.exe
C:\WINDOWS\System32\mutild.exe
C:\WINDOWS\System32\madmoew.exe
C:\WINDOWS\System32\rwtsn32d.exe
C:\WINDOWS\System32\lepro32o.exe
C:\WINDOWS\System32\oreank.exe
C:\WINDOWS\System32\smtu.exe
C:\WINDOWS\System32\pvsetupd.exe
C:\WINDOWS\System32\scriptj.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\WINDOWS\System32\erifierv.exe
C:\WINDOWS\System32\odctrl.exe
C:\WINDOWS\System32\bghelpd.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\sent97e.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\System32\ingp.exe
C:\WINDOWS\System32\execr.exe
C:\WINDOWS\System32\nt4cplnv.exe
C:\WINDOWS\System32\scont.exe
C:\WINDOWS\System32\llhst3gd.exe
C:\WINDOWS\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\KIRL\My Documents\spyware removal\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe"
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [DXAgent] C:\WINDOWS\xcmon32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [diosrvau] C:\WINDOWS\System32\diosrvau.exe
O4 - HKLM\..\Run: [sferrora] C:\WINDOWS\System32\sferrora.exe
O4 - HKLM\..\Run: [ttriba] C:\WINDOWS\System32\ttriba.exe
O4 - HKLM\..\Run: [ostnameh] C:\WINDOWS\System32\ostnameh.exe
O4 - HKLM\..\Run: [chgrcoim] C:\WINDOWS\System32\chgrcoim.exe
O4 - HKLM\..\Run: [shtmledm] C:\WINDOWS\System32\shtmledm.exe
O4 - HKLM\..\Run: [iaacmgrw] C:\WINDOWS\System32\iaacmgrw.exe
O4 - HKLM\..\Run: [mmkcertn] C:\WINDOWS\System32\mmkcertn.exe
O4 - HKLM\..\Run: [mdrvm] C:\WINDOWS\System32\mdrvm.exe
O4 - HKLM\..\Run: [tdosn] C:\WINDOWS\System32\tdosn.exe
O4 - HKLM\..\Run: [pg4dmodm] C:\WINDOWS\System32\pg4dmodm.exe
O4 - HKLM\..\Run: [tmartan] C:\WINDOWS\System32\tmartan.exe
O4 - HKLM\..\Run: [ssapm] C:\WINDOWS\System32\ssapm.exe
O4 - HKLM\..\Run: [vnt4cpln] C:\WINDOWS\System32\vnt4cpln.exe
O4 - HKLM\..\Run: [lse] C:\WINDOWS\System32\lse.exe
O4 - HKLM\..\Run: [sdtcm] C:\WINDOWS\System32\sdtcm.exe
O4 - HKLM\..\Run: [pnlobbyd] C:\WINDOWS\System32\pnlobbyd.exe
O4 - HKLM\..\Run: [psu] C:\WINDOWS\System32\psu.exe
O4 - HKLM\..\Run: [ertmgrc] C:\WINDOWS\System32\ertmgrc.exe
O4 - HKLM\..\Run: [oskeyd] C:\WINDOWS\System32\oskeyd.exe
O4 - HKLM\..\Run: [asfq] C:\WINDOWS\System32\asfq.exe
O4 - HKLM\..\Run: [mutild] C:\WINDOWS\System32\mutild.exe
O4 - HKLM\..\Run: [madmoew] C:\WINDOWS\System32\madmoew.exe
O4 - HKLM\..\Run: [rwtsn32d] C:\WINDOWS\System32\rwtsn32d.exe
O4 - HKLM\..\Run: [lepro32o] C:\WINDOWS\System32\lepro32o.exe
O4 - HKLM\..\Run: [oreank] C:\WINDOWS\System32\oreank.exe
O4 - HKLM\..\Run: [smtu] C:\WINDOWS\System32\smtu.exe
O4 - HKLM\..\Run: [pvsetupd] C:\WINDOWS\System32\pvsetupd.exe
O4 - HKLM\..\Run: [scriptj] C:\WINDOWS\System32\scriptj.exe
O4 - HKLM\..\Run: [erifierv] C:\WINDOWS\System32\erifierv.exe
O4 - HKLM\..\Run: [odctrl] C:\WINDOWS\System32\odctrl.exe
O4 - HKLM\..\Run: [bghelpd] C:\WINDOWS\System32\bghelpd.exe
O4 - HKLM\..\Run: [sent97e] C:\WINDOWS\System32\sent97e.exe
O4 - HKLM\..\Run: [ingp] C:\WINDOWS\System32\ingp.exe
O4 - HKLM\..\Run: [execr] C:\WINDOWS\System32\execr.exe
O4 - HKLM\..\Run: [nt4cplnv] C:\WINDOWS\System32\nt4cplnv.exe
O4 - HKLM\..\Run: [scont] C:\WINDOWS\System32\scont.exe
O4 - HKLM\..\Run: [llhst3gd] C:\WINDOWS\System32\llhst3gd.exe
O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

http://www3.ca.com/virusinfo/webscan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[carrr]

Does this not trip some alarm bells with you?
C:\WINDOWS\System32\diosrvau.exe
C:\WINDOWS\System32\sferrora.exe
C:\WINDOWS\System32\ttriba.exe
C:\WINDOWS\System32\ostnameh.exe
C:\WINDOWS\System32\chgrcoim.exe
C:\WINDOWS\System32\shtmledm.exe
C:\WINDOWS\System32\iaacmgrw.exe
C:\WINDOWS\System32\mmkcertn.exe
C:\WINDOWS\System32\mdrvm.exe
C:\WINDOWS\System32\tdosn.exe
C:\WINDOWS\System32\pg4dmodm.exe
C:\WINDOWS\System32\tmartan.exe
C:\WINDOWS\System32\ssapm.exe
C:\WINDOWS\System32\vnt4cpln.exe
C:\WINDOWS\System32\lse.exe
C:\WINDOWS\System32\sdtcm.exe
C:\WINDOWS\System32\pnlobbyd.exe
C:\WINDOWS\System32\psu.exe
C:\WINDOWS\System32\ertmgrc.exe
C:\WINDOWS\System32\oskeyd.exe
C:\WINDOWS\System32\asfq.exe
C:\WINDOWS\System32\mutild.exe
C:\WINDOWS\System32\madmoew.exe
C:\WINDOWS\System32\rwtsn32d.exe
C:\WINDOWS\System32\lepro32o.exe
C:\WINDOWS\System32\oreank.exe
C:\WINDOWS\System32\smtu.exe
C:\WINDOWS\System32\pvsetupd.exe
C:\WINDOWS\System32\scriptj.exe
C:\WINDOWS\System32\erifierv.exe
C:\WINDOWS\System32\odctrl.exe
C:\WINDOWS\System32\bghelpd.exe
C:\WINDOWS\System32\sent97e.exe
C:\WINDOWS\System32\ingp.exe
C:\WINDOWS\System32\execr.exe
C:\WINDOWS\System32\nt4cplnv.exe
C:\WINDOWS\System32\scont.exe
C:\WINDOWS\System32\llhst3gd.exe


You're eaten up with a virus/viruses. I've a few guesses, but you'd better let a scanner be the judge.
Go here for a free online scan:

http://housecall.trendmicro.com/

"'Tis an ill wind that blows no minds." - Malaclypse the Younger

 

[noellees1]

Download and install AVG NOW, you are in some serious trouble some of them files look like variations on the blaster worm i.e not good

 

[Rotbol]

Thank you for your time going through my log.

i have asked tech support for a reinstall since the company virus scanner cant find any virus (and i do mean ANY virus hehe).

/me crossing my fingers and tapping my feet, awaiting the tech dude..

best regards

Rotbol