G
Guest
I have some spyware/adware on my PC and despite using various methods I cannot find the offending file or files to remove it. One of the pop-up's is 'trafficmarketplace' i think.
Some help would be gratefully received, here is list of my running processes and other stuff from Hijack This:
Running processes
C:\WINDOWS\System32\smss.ex
C:\WINDOWS\system32\winlogon.ex
C:\WINDOWS\system32\services.ex
C:\WINDOWS\system32\lsass.ex
C:\WINDOWS\system32\svchost.ex
C:\WINDOWS\System32\svchost.ex
C:\WINDOWS\system32\spoolsv.ex
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.ex
C:\Program Files\Alwil Software\Avast4\aswUpdSv.ex
C:\Program Files\Alwil Software\Avast4\ashServ.ex
C:\WINDOWS\System32\CTsvcCDA.ex
C:\Program Files\Executive Software\Diskeeper\DkService.ex
C:\WINDOWS\System32\nvsvc32.ex
C:\WINDOWS\System32\SLEE503.ex
C:\WINDOWS\System32\svchost.ex
C:\WINDOWS\Explorer.EX
C:\WINDOWS\System32\CTHELPER.EX
C:\WINDOWS\System32\DSentry.ex
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.ex
C:\WINDOWS\System32\rundll32.ex
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.ex
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.ex
C:\WINDOWS\System32\RunDll32.ex
C:\Program Files\Logitech\MouseWare\system\em_exec.ex
C:\Program Files\PestPatrol\PPControl.ex
C:\PROGRA~1\PESTPA~1\PPMemCheck.ex
C:\PROGRA~1\PESTPA~1\CookiePatrol.ex
C:\WINDOWS\System32\RUNDLL32.EX
C:\WINDOWS\System32\ctfmon.ex
C:\Program Files\Digital Line Detect\DLG.ex
E:\Shareaza\Shareaza.ex
C:\Program Files\Internet Explorer\IEXPLORE.EX
E:\My Shared Folder\Utilities\Hijack this\HijackThis.ex
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blan
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blan
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blan
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bbc.co.uk
R3 - URLSearchHook: (no name) - - (no file
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dl
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dl
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dl
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EX
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DL
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.ex
O4 - HKLM\..\Run: [GLDStart] C:\Program Files\GLDirect\gldirect.exe -filterstar
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartu
O4 - HKLM\..\Run: [nwiz] nwiz.exe /instal
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.ex
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Ex
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.ex
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.ex
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.ex
O4 - HKLM\..\Run: [Acronis Popup Blocker] RunDll32.exe C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL,Ru
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.ex
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.ex
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.ex
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.ex
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarIni
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.ex
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autochec
O4 - Global Startup: Digital Line Detect.lnk =
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/300
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Acronis Pop-up Blocker (HKLM)
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13b7245d22c23f6a7b01/netzip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38064.4492708333
O16 - DPF: {CC110316-5BE7-4AAA-AEDD-1A5B147BE34C} (MyWebOperator Class) - http://198.143.27.21/dialer_loader/uk.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Some help would be gratefully received, here is list of my running processes and other stuff from Hijack This:
Running processes
C:\WINDOWS\System32\smss.ex
C:\WINDOWS\system32\winlogon.ex
C:\WINDOWS\system32\services.ex
C:\WINDOWS\system32\lsass.ex
C:\WINDOWS\system32\svchost.ex
C:\WINDOWS\System32\svchost.ex
C:\WINDOWS\system32\spoolsv.ex
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.ex
C:\Program Files\Alwil Software\Avast4\aswUpdSv.ex
C:\Program Files\Alwil Software\Avast4\ashServ.ex
C:\WINDOWS\System32\CTsvcCDA.ex
C:\Program Files\Executive Software\Diskeeper\DkService.ex
C:\WINDOWS\System32\nvsvc32.ex
C:\WINDOWS\System32\SLEE503.ex
C:\WINDOWS\System32\svchost.ex
C:\WINDOWS\Explorer.EX
C:\WINDOWS\System32\CTHELPER.EX
C:\WINDOWS\System32\DSentry.ex
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.ex
C:\WINDOWS\System32\rundll32.ex
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.ex
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.ex
C:\WINDOWS\System32\RunDll32.ex
C:\Program Files\Logitech\MouseWare\system\em_exec.ex
C:\Program Files\PestPatrol\PPControl.ex
C:\PROGRA~1\PESTPA~1\PPMemCheck.ex
C:\PROGRA~1\PESTPA~1\CookiePatrol.ex
C:\WINDOWS\System32\RUNDLL32.EX
C:\WINDOWS\System32\ctfmon.ex
C:\Program Files\Digital Line Detect\DLG.ex
E:\Shareaza\Shareaza.ex
C:\Program Files\Internet Explorer\IEXPLORE.EX
E:\My Shared Folder\Utilities\Hijack this\HijackThis.ex
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blan
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blan
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blan
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bbc.co.uk
R3 - URLSearchHook: (no name) - - (no file
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dl
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dl
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dl
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EX
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DL
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.ex
O4 - HKLM\..\Run: [GLDStart] C:\Program Files\GLDirect\gldirect.exe -filterstar
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartu
O4 - HKLM\..\Run: [nwiz] nwiz.exe /instal
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.ex
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Ex
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.ex
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.ex
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.ex
O4 - HKLM\..\Run: [Acronis Popup Blocker] RunDll32.exe C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL,Ru
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.ex
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.ex
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.ex
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.ex
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarIni
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.ex
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autochec
O4 - Global Startup: Digital Line Detect.lnk =
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/300
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Acronis Pop-up Blocker (HKLM)
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13b7245d22c23f6a7b01/netzip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38064.4492708333
O16 - DPF: {CC110316-5BE7-4AAA-AEDD-1A5B147BE34C} (MyWebOperator Class) - http://198.143.27.21/dialer_loader/uk.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab