Jump to content

epoclick/google analytics/clicksor


Recommended Posts

Hi all..

Seems I have the same problem as gonfieta and a few others. This started a few days ago, with the extra window popping up....I've run super antispyware, malwarebytes and now hijackthis....and still getting a popup window. help? =) carrie

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:16:14 AM, on 11/21/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:















C:Program FilesMotorolaSoftware Updatemumservice.exe

C:Program FilesBrownieBrstsWnd.exe

C:Program FilesCommon FilesJavaJava Updatejusched.exe

C:Program FilesCommon FilesCorelStandbyStandby.exe

C:Program FilesAdobeReader 9.0ReaderReader_sl.exe


C:Program FilesAVGAVG10avgtray.exe

C:Program FilesiTunesiTunesHelper.exe

C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe


C:Program FilesAVGAVG10avgwdsvc.exe

C:Program FilesSpybot - Search & DestroyTeaTimer.exe

C:Program FilesBonjourmDNSResponder.exe


C:Program FilesJavajre6binjqs.exe


C:Program FilesAVGAVG10Identity Protectionagentbinavgidsmonitor.exe


C:Program FilesPalmHOTSYNC.EXE

C:Program FilesBrowniebrpjp04a.exe



C:Program FilesAVGAVG10avgnsx.exe

C:Program FilesAVGAVG10avgemcx.exe


c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe


C:Program FilesTomTom HOME 2TomTomHOMEService.exe

C:Program FilesAVGAVG10Identity ProtectionAgentBinAVGIDSAgent.exe


C:Program FilesiPodbiniPodService.exe


C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComettoolsBitCometBHO_1.4.8.11.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG10avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [Lexmark X73 Button Monitor] C:PROGRA~1LEXMAR~1ACMonitor_X73.exe

O4 - HKLM..Run: [Lexmark X73 Button Manager] C:PROGRA~1LEXMAR~1AcBtnMgr_X73.exe

O4 - HKLM..Run: [PrinTray] C:WINDOWSSystem32spoolDRIVERSW32X863printray.exe

O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb09.exe

O4 - HKLM..Run: [Virtual PDF Printer] C:Program FilesVirtual PDF PrinterVirtualPDFPrinter.exe

O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot

O4 - HKLM..Run: [mumservice] C:Program FilesMotorolaSoftware Updatemumservice.exe

O4 - HKLM..Run: [brStsWnd] C:Program FilesBrownieBrstsWnd.exe Autorun

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"

O4 - HKLM..Run: [AdobeCS4ServiceManager] "C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" -launchedbylogin

O4 - HKLM..Run: [Corel File Shell Monitor] c:Program FilesCorelCorel PaintShop Photo ProX3PSPClassicCorelIOMonitor.exe

O4 - HKLM..Run: [standby] "c:Program FilesCommon FilesCorelStandbyStandby.exe" -START

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"

O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe"

O4 - HKLM..Run: [AVG_TRAY] C:Program FilesAVGAVG10avgtray.exe

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime

O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe

O4 - HKCU..Run: [Corel Photo Downloader] "C:Program FilesCommon FilesCorelCorel PhotoDownloaderCorel Photo Downloader.exe" -startup

O4 - Startup: HotSync Manager.lnk = C:Program FilesPalmHOTSYNC.EXE

O4 - Global Startup: Audible Download Manager.lnk = C:Program FilesAudibleBinAudibleDownloadHelper.exe

O4 - Global Startup: DataViz Messenger.lnk = C:WINDOWSDvzCommonDvzMsgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000

O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:Program FilesICQ7.2ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:Program FilesICQ7.2ICQ.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:Program FilesBitComettoolsBitCometBHO_1.4.8.11.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178592002187

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178596572218

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG10avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:Program FilesAreschatServer.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG10Identity ProtectionAgentBinAVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG10avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:WINDOWSSYSTEM32crypserv.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe

O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:WINDOWSsystem32IcdSptSv.exe

O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:Program FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe

O23 - Service: MotoConnect Service - Unknown owner - C:Program FilesMotorolaMotoConnectServiceMotoConnectService.exe

O23 - Service: mysql - Unknown owner - C:xampplitemysqlbinmysqld-nt.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe

O23 - Service: ptssvc - Unknown owner - C:Program FilesKODAKKODAK Picture Transfer SoftwarePTSsvc.exe (file missing)

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:Program FilesNetMeetingwin32.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:Program FilesTomTom HOME 2TomTomHOMEService.exe

O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:xamppliteservice.exe


End of file - 10878 bytes

I'm sorry, did I do it wrong? or should I follow the advice given to gonfieta?

Link to post
Share on other sites


DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.