1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

popuppers ad windows...

Discussion in 'Malware and Virus Removal Archive' started by apyles, 2005/02/11.

Thread Status:
Not open for further replies.
  1. 2005/02/11
    apyles

    apyles Inactive Thread Starter

    Joined:
    2005/02/08
    Messages:
    7
    Likes Received:
    0
    i thought i was rid of these, but they showed up again last night. popuppers windows show up even when i am not using my browser...here is the log file:



    Logfile of HijackThis v1.99.0
    Scan saved at 3:28:14 PM, on 2/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\E-Color\Colorific\hgcctl95.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\E-Color\True Internet Color\TICIcon.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\WINDOWS\a64sddd.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Armstrong Telephone
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\Alexander\Application Data\Mozilla\Profiles\default\rfqcm93v.slt\prefs.js)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_6.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe "
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
    O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
    O4 - HKLM\..\Run: [/autorun] C:\Program Files\STOPzilla!\/autorun.exe
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [popuppers64] C:\WINDOWS\a64sddd.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - Startup: restart_vs.lnk = E:\Viewsonic.exe
    O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    O4 - Global Startup: Colorific.lnk = C:\Program Files\E-Color\Colorific\hgcctl95.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: SonnReg.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe
    O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
    O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt3_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.104/094688b8fcac75392803/netzip/RdxIE.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLcd.CAB
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_6.cab
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe



    thanks!
     
  2. 2005/02/11
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

    O4 - HKLM\..\Run: [popuppers64] C:\WINDOWS\a64sddd.exe
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.104/094688b8fcac75...etzip/RdxIE.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab

    Restart in safe mode and show hidden files and folders, as well as system files and extensions for known file types.

    Open C:\WINDOWS and delete the file a64sddd.exe.
    Open C:\Temp if present, select all and delete.
    Open C:\Windows\Temp, select all and delete.
    Open C:\Windows\Prefetch, select all and delete.
    Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
    Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content. Click the Security tab, then highlight Trusted Sites and click the Sites button. If *.media-motor.net and *.popuppers.com are present, remove them.
    Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and OK.
    Reboot back to Windows.

    Run another HijackThis scan and post the log.
     

  3. to hide this advert.

  4. 2005/02/12
    apyles

    apyles Inactive Thread Starter

    Joined:
    2005/02/08
    Messages:
    7
    Likes Received:
    0
    did exactly as you instructed...here is the new log file:


    Logfile of HijackThis v1.99.0
    Scan saved at 12:24:58 PM, on 2/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\E-Color\Colorific\hgcctl95.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\E-Color\True Internet Color\TICIcon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Armstrong Telephone
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\Alexander\Application Data\Mozilla\Profiles\default\rfqcm93v.slt\prefs.js)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_6.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe "
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
    O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
    O4 - HKLM\..\Run: [/autorun] C:\Program Files\STOPzilla!\/autorun.exe
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [popuppers64] C:\WINDOWS\a64sddd.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - Startup: restart_vs.lnk = E:\Viewsonic.exe
    O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    O4 - Global Startup: Colorific.lnk = C:\Program Files\E-Color\Colorific\hgcctl95.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: SonnReg.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe
    O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
    O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt3_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLcd.CAB
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_6.cab
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
     
  5. 2005/02/12
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

    O4 - HKLM\..\Run: [popuppers64] C:\WINDOWS\a64sddd.exe
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com

    Reboot and post a new HJT log.
     
  6. 2005/02/12
    apyles

    apyles Inactive Thread Starter

    Joined:
    2005/02/08
    Messages:
    7
    Likes Received:
    0
    done. heres the new log:


    Logfile of HijackThis v1.99.0
    Scan saved at 7:10:05 PM, on 2/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\E-Color\Colorific\hgcctl95.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\E-Color\True Internet Color\TICIcon.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Armstrong Telephone
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\Alexander\Application Data\Mozilla\Profiles\default\rfqcm93v.slt\prefs.js)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_6.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe "
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
    O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
    O4 - HKLM\..\Run: [/autorun] C:\Program Files\STOPzilla!\/autorun.exe
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - Startup: restart_vs.lnk = E:\Viewsonic.exe
    O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    O4 - Global Startup: Colorific.lnk = C:\Program Files\E-Color\Colorific\hgcctl95.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: SonnReg.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe
    O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
    O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
    O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt3_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLcd.CAB
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_6.cab
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
     
  7. 2005/02/12
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Your log looks clean. Have the popups stopped? If you haven't already done so, I also recommend you open Spybot and click mode on the toolbar, then advanced mode. Click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install, enable all protection and update. Check for updates regularly. Then, still in Spybot, click tools button, then IE tweaks and at least lock the HOSTS file.
    Then download and install IESpyad.

    That will give you some added layers of protection against unwanted parasites.
     
  8. 2005/02/12
    apyles

    apyles Inactive Thread Starter

    Joined:
    2005/02/08
    Messages:
    7
    Likes Received:
    0
    the popups have stopped. thank you for all your help! i'll check out spybot etc., as you suggested. thanks again!
     
  9. 2005/02/12
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Good to hear. Happy to help. :)
     
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.