Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with pop ups


  • Please log in to reply
1 reply to this topic

#1 sarahdawn

sarahdawn

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 04 July 2005 - 04:10 AM

I'm having problems with consistent pop-ups. I already ran ad aware and spybot. Thought hijackthis might help. Here's the log, see anything I can get rid of and/or that could solve the problem?

Thanks:

Logfile of HijackThis v1.99.1
Scan saved at 1:58:00 AM, on 7/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Toshiba\ivp\netint\netint.exe
C:\WINDOWS\System32\macromed\flash\GetFlash.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Documents and Settings\Sarah Dawn Jackson\Desktop\s-t-i-n-g-e-r.exe
C:\DOCUME~1\SARAHD~1\LOCALS~1\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [xfcpwrs] C:\WINDOWS\System32\omybdlr.exe
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\SARAHD~1\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitevba32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSMND1\Cache\SelectedContextSearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted IP range: http://64.4.26.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5012F1F-F712-443E-BD80-68ADBC266424}: NameServer = 209.63.0.6 207.173.86.6
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 July 2005 - 08:20 AM

Hi sarahdawn and Welcome to the Bleeping Computer!

Please place HijackThis in a permanent folder,to do this.

Right Click the Desktop and Select "New">> "Folder">> Name it whatever you like!

Now locate the original Zip folder that HijackThis came in and Right Click and Selet "Extract All"

Please go to Add\Remove Programs and Remove any of these that may exist

Kazza
ClearSearch
Clientman
PowerSearch
IncrediFind
Web Rebates
Websearch
zSearch


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Download and Install
CleanUp!
Dont use it yet!

LQfix
Unzip it and save it to your desktop, don't use it yet!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingcomputer.com/forums/ind...showtutorial=62

Doubleclick LQfix.bat that you saved on your desktop before.

A doswindow will open and close again, this is normal.

Locate and Delete these

C:\WINDOWS\System32\qttask.exe<< File only in that location Only!

C:\WINDOWS\System32\omybdlr.exe<< File only!

C:\windows\system32\elitevba32.exe<< File only!

C:\Program Files\Kazaa<< Folder!

C:\Program Files\Ebates_MoeMoneyMaker<< Folder!

C:\Program Files\PWRSMND1<< Folder>> Unless you know what this is!

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe

O4 - HKLM\..\Run: [xfcpwrs] C:\WINDOWS\System32\omybdlr.exe

O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\SARAHD~1\LOCALS~1\Temp\tb_setup.exe /dcheck

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitevba32.exe

O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSMND1\Cache\SelectedContextSearch.htm

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O15 - Trusted IP range: http://64.4.26.250

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!

Run CleanUp!

Click the "Cleanup" tab to begin scanning and when its finished,Click the "Close" tab and Click "No" to "Logoff"

Now Scan the PC with Ewido and Ad Aware using the Instructions above!

Once those Scans are Completed, Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>OK>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates

Post back with a fresh HijackThis log and the reports from Ewido and Panda!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users