1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

zipzap pop ups

Discussion in 'Malware and Virus Removal Archive' started by johnny1975, 2005/04/13.

Thread Status:
Not open for further replies.
  1. 2005/04/13
    johnny1975

    johnny1975 Inactive Thread Starter

    Joined:
    2005/04/13
    Messages:
    1
    Likes Received:
    0
    Hi i woulld be grateful for some help, i am a computer beginner, and keep getting those annoying zipzap pop ups, tried removing with adaware and spybot but it keeps coming back,

    Ive read some of the other posts but am a bit confused as it seems its not the same for everyone.

    thanks for any help

    Logfile of HijackThis v1.99.1
    Scan saved at 14:25:57, on 13/04/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
    C:\windows\system32\rk.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\slrundll.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\JOHNNY\Bureau\antispy\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rangers.premiumtv.co.uk/page/Home/0,,5,00.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {A491D208-B353-490F-B81A-A8A3DC97042D} - (no file)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66 "
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe "
    O4 - HKLM\..\Run: [OSS] c:\windows\system32\rk.exe -boot
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe "
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1058.dll,InstantAccess
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_FR_XP.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1058_XP.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C63B0A93-2080-4C77-847D-F4EDBD9F4C37}: NameServer = 213.36.80.1 213.36.80.1
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe


    INSTALLED SOFTWARE (56) - SHERRY - 13/04/2005 14:26:32

    Ad-Aware SE Personal
    Adobe Reader 6.0 - Français Ver: 6.0 Installed: 15/02/2005
    Aztech CNR2900 V.90 Modem
    Barre d'outils MSN
    CC_ccProxyMSI Ver: 2.0.2.806 Installed: 15/02/2005
    CC_ccStart Ver: 2.0.2.806 Installed: 15/02/2005
    ccCommon Ver: 2.0.2.806 Installed: 15/02/2005
    deaqzgpw
    EPSON Logiciel imprimante
    EPSON PhotoQuicker3.5
    EPSON PRINT Image Framer Tool2.1
    EPSON Web-To-Page
    ESC66 Guide de référence
    ESC66 Guide des logiciels
    HijackThis 1.99.1 Ver: 1.99.1
    IceChat 5.50 Ver: 5.50
    IceChat RunTimes
    Instant Access
    Java 2 Runtime Environment, SE v1.4.2_05 Ver: 1.4.2_05 Installed: 15/02/2005
    LiveReg (Symantec Corporation) Ver: 2.4.1.2056
    Logiciel QuickCam de Logitech Ver: 8.41.0000
    Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 15/02/2005
    Microsoft .NET Framework 1.1 French Language Pack Ver: 1.1.4322 Installed: 15/02/2005
    Microsoft Office Standard Edition 2003 Ver: 11.0.5614.0 Installed: 15/02/2005
    Microsoft Works 7.0 Ver: 07.02.0000 Installed: 15/02/2005
    MSN
    MSN Messenger 6.2 Ver: 6.2.0205 Installed: 12/03/2005
    MSRedist Ver: 1.0.0.0 Installed: 15/02/2005
    Norton AntiSpam Ver: 2004.1.0.147 Installed: 15/02/2005
    Norton AntiSpam Ver: 2004.1.0.147 Installed: 15/02/2005
    Norton AntiVirus Ver: 10.00.00 Installed: 15/02/2005
    Norton Internet Security Ver: 5.2.0.108 Installed: 15/02/2005
    Norton Internet Security Ver: 7.0.0.177 Installed: 15/02/2005
    Norton Internet Security Ver: 7.0.0.177 Installed: 15/02/2005
    Norton Internet Security Ver: 7.0.0.177 Installed: 15/02/2005
    Norton Internet Security Ver: 7.0.0.177 Installed: 15/02/2005
    Norton Internet Security Ver: 7.0.0.177 Installed: 15/02/2005
    Norton Internet Security Ver: 7.0.0.177 Installed: 15/02/2005
    Norton Internet Security Ver: 7.0.0.177 Installed: 15/02/2005
    Norton Internet Security Ver: 7.0.0.177 Installed: 15/02/2005
    Norton Internet Security Ver: 7.0.0.177 Installed: 15/02/2005
    Packard Bell InfoCentre
    Packard Bell Toolbar 1.0
    PIF DESIGNER2.1
    Programme de gestion Camera de Logitech®
    RelevantKnowledge
    ScanToWeb
    Shockwave Director 9.0
    Shockwave Flash
    Sonic MyDVD Ver: 5.3.0 Installed: 15/02/2005
    Sonic RecordNow! Ver: 7.22 Installed: 15/02/2005
    Spybot - Search & Destroy 1.3 Ver: 1.3
    Symantec Network Drivers Update Ver: 5.4.4.17 Installed: 31/03/2005
    Symantec Script Blocking Installer Ver: 1.0.0 Installed: 15/02/2005
    WebCam 5.00
    WebFldrs XP Ver: 9.50.7523 Installed: 16/08/2004
     
    johnny1975,
    #1
  2. 2005/04/13
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS johnny1975 :)

    You will need to open Spybot in advanced mode, click the tools button in the left column, then Resident, and uncheck TeaTimer.

    Download the RemInstAccXP.zip file attached to this post. Save it to your desktop. If it saves as attachment.php, right click and rename to GetLogXP.zip You may need to enable viewing extensions for known file types to see the zip and php extensions. To do that, open My Computer and click Tools on the menu, then folder options. Click the view tab of the window that opens, uncheck the box to Hide extensions...... and click OK. Now right click the zip and extract the RemInstAccXP.bat file to your desktop. Note to others.....the attachment was written specifically for this machine. Please do not use if you have zipzap popups too. Start your own thread and someone will gladly assist you.

    Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

    Either reboot and repeatedly tap F8 to enable the start menu, then select safe mode, or go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and click OK. Click yes to restart. This will restart your computer in safe mode. Logon to your user account.

    Double click the RemInstAccXP.bat file to run.

    Do a file search for EGDAccess_1058.inf and svcsysnet32.inf and delete.
    Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and click OK.


    If you used msconfig, uncheck the /safeboot box and click ok to reboot. Upon reboot you will be greeted with a message window from the System Configuration Utility. Check the box not to use and don't show, then click OK. If you used F8, just reboot back into Windows.

    Scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

    Run another HijackThis scan and post the log. Let us know if the popups have stopped.
     
    noahdfear,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...