Technology Forum

Tech Ace · #1 09-07-2008, 10:29 PM

Hi all...I'm a tech rookie so please be gentle! About 5 days ago, everytime I refreshed/booted IE I got hit with a popup. Since my key engineer buddy was unreachable, I went after them with everything I could, including: Yahoo's CA, Kaspersky, spyware Doctor, Panda, Ad-Aware, and Rootkit Revealer. While a lot of stuff got mopped up, these damned popups keep coming (Zedo, SmacChat, Virusscanner2009, etc).Then I found you guys! I did the 5 STEPS, and below is the Hijack log. So, two questions: (1) how do I kill these popups, and (2) once I've done so, what protection should I deploy, and which should I delete from my system?Many thanks,PatrickLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:25:42 PM, on 9/7/2008Platform: windows xp SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\s ystem32\csrss.exeC:\WINDOWS\system32\winlogon.exeC :\WINDOWS\system32\services.exeC:\WINDOWS\system32 \lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOW S\system32\svchost.exeC:\WINDOWS\System32\svchost. exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.ex eC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system3 2\inetsrv\inetinfo.exeC:\WINDOWS\System32\msdtc.ex eC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\System32\tcpsvcs.exeC :\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svc host.exeC:\WINDOWS\system32\mqsvc.exeC:\WINDOWS\sy stem32\mqtgsvc.exeC:\WINDOWS\System32\alg.exeC:\WI NDOWS\Explorer.EXEC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\Prog ram Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\s ystem32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC :\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\SBCL IG~1\SMARTB~1\MotiveSB.exeC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\ctfmon.exeC :\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exeC:\WINDOWS\System32\spool\DRIVER S\W32X86\3\HPZSTC12.exeC:\WINDOWS\System32\spool\D RIVERS\W32X86\3\HPZENG12.exeC:\WINDOWS\system32\HP Zipm12.exeC:\WINDOWS\System32\wbem\wmiprvse.exeC:\ Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\sw g.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInsta nce.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dllO4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exeO4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLYO4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [A00F1DAFE82.exe] C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\_A00F1DAFE82.ex eO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC LightSpeed Self Support Tool\bin\matcli.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...l_en_US.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa...SSupCtl.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives...2stubie.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dllO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...staller.exeO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...staller.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...86189067125O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa...ymAData.cabO16 - DPF: {EECC2B58-FDE7-4F3A-B933-B25BE90F1D37} (CTXAXSetupCtl Object) - http://download.yoomba.com/YoombaActivation.cabO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dllO20 - Winlogon Notify: __c00B8C4 - C:\WINDOWS\system32\__c00B8C4.datO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe--End of file - 10371 bytes

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Computer auto-spawning "invisible" popups	Tech Ace	Spyware	0	09-08-2008 08:02 PM
Can't Open "My Documents", "Trash" or other files in "My Computer"!?	Tech Ace	Windows XP	0	09-04-2008 12:02 AM
"anti spyware" popups & some websites wont load	Tech Ace	Spyware	0	06-17-2008 06:02 AM
Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"	Tech Ace	Windows XP	0	05-28-2008 04:20 PM
Hijacked winlogon.exe causing "system error fixer" popups	Tech Ace	Spyware	0	05-28-2008 01:30 PM

Technology Forum

IE popups unblocked and "right" prevention

IE popups unblocked and "right" prevention

Similar Threads