1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Getting Rid of Zip Zap Promos

Discussion in 'Malware and Virus Removal Archive' started by mjdcm, 2005/11/26.

  1. 2005/11/26
    mjdcm

    mjdcm Inactive Thread Starter

    Joined:
    2005/11/26
    Messages:
    1
    Likes Received:
    0
    These pop ups are driving me crazy. Can some one help? here is my Hijackthis log file:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:53:50 AM, on 11/26/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Documents and Settings\All Users\Documents\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\aim\aim.exe
    C:\program files\mailskinner\mailskinner.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Dave Mansfield\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-

    exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://www.the-exit.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com

    /ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =

    http://www.the-exit.com/search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://www.the-exit.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com

    /ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.the-exit.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    http://www.the-exit.com/search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    http://files.cc.cometsystems.com/assist/cc/1.0/assist_st.html?src_id=312
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =

    http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

    http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    http://www.the-exit.com
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -

    (no file)
    O2 - BHO: (no name) - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1

    \Comet\bin\autosearch.dll (file missing)
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

    C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} -

    C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program

    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} -

    C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

    c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

    C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [AKYI] C:\WINDOWS\AKYI.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32

    \ezSP_Px.exe
    O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1

    \DeskMateAutoUpdate.exe
    O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version

    Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Documents and Settings\All

    Users\Documents\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

    -atboottime
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"

    /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1

    \mcafee.com\vso\mcvsshld.exe "
    O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32

    \spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series"

    /O6 "USB001" /M "Stylus Photo R320 "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04

    \bin\jusched.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32

    \spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1

    \bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software

    Update\HPWuSchd2.exe "
    O4 - HKLM\..\Run: [MSConfig]

    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!

    \Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program

    Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1

    \bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [MailSkinner] c:\program

    files\mailskinner\mailskinner.exe
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe

    EGDACCESS_1070.dll,InstantAccess
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -

    AutoStart
    O4 - Startup: eMule.lnk = C:\Program Files\eMule\emule.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program

    Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

    Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program

    Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program

    Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

    Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

    Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: >>> FREE **** GALLERIES <<< - javascript:

    {document.location='http://sexmaxx.com/freegalleries.htm';}
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

    Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program

    Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

    00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

    - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -

    C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -

    C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

    C:\Program Files\aim\aim.exe
    O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-

    053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk

    (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

    C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -

    C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -

    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O12 - Plugin for .pdf: C:\Program Files\Internet

    Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet

    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: Yahoo! Backgammon -

    http://download.games.yahoo.com/games/clients/y/at1_x.cab
    O16 - DPF: Yahoo! Bingo -

    http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Dominoes -

    http://download.games.yahoo.com/games/clients/y/dot8_x.cab
    O16 - DPF: Yahoo! Literati -

    http://download.games.yahoo.com/games/clients/y/tt3_x.cab
    O16 - DPF: Yahoo! Poker -

    http://download.games.yahoo.com/games/clients/y/pt1_x.cab
    O16 - DPF: {01234567-1234-1234-1234-012345678921} -

    http://register.voiceglo.com/neoblue.cab
    O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} -

    http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064_XP.cab
    O16 - DPF: {07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157} -

    http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063_XP.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111111} -

    http://fotosex.pl/msuser32.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

    http://ak.imgfarm.com/images/nocache/funwebproducts/ei-

    2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} -

    http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1051_pack_XP.ca

    b
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

    C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download

    Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} -

    http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_XP.cab
    O16 - DPF: {733A5CA7-C0E1-41D7-9506-F4AA354B4500} (ActiveFormX Control) -

    file://C:\Program

    Files\Intelore\AnimatedDesktop\advThemes\WorkDir\164795031

    \Files\ActiveFormProj1.inf
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -

    http://mirror.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} -

    http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_XP.cab
    O16 - DPF: {A1C392A2-B274-46DB-89BE-1FBD476B9C93} -

    http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1065_XP.cab
    O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} -

    http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -

    http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} -

    http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_XP.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -

    http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

    http://anu.popcap.com/games/popcaploader_v5.cab
    O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} -

    http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066_XP.cab
    O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} -

    http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067_XP.cab
    O16 - DPF: {EF4DCD99-D26B-44A4-BA77-CFDCC97E7291} -

    http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1062_XP.cab
    O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class)

    - http://www.sponsoradulto.com/en/SysWebTelecom.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1B73A0E7-0673-486C-B5B7-

    5C16F3A5DBE9}: NameServer = 207.217.126.81,207.217.120.83
    O17 - HKLM\System\CCS\Services\Tcpip\..\{564A5EAB-98B1-4D1B-9D7B-

    7457199326D1}: NameServer = 207.69.188.187 207.69.188.186
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1B73A0E7-0673-486C-B5B7-

    5C16F3A5DBE9}: NameServer = 207.217.126.81,207.217.120.83
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common

    Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program

    Files\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -

    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32

    \LxrJD31s.exe
    O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) -

    McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner -

    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -

    McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -

    McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common

    Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32

    \slserv.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program

    Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
     
    mjdcm,
    #1

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...