Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Boo Pop-Ups :(

Started by XbobobX , Sep 07 2004 12:13 AM

  • Please log in to reply

#1
XbobobX
Posted 07 September 2004 - 12:13 AM

XbobobX

    New Member

  • Member
  • Pip
  • 1 posts
Hello! I'm trying to help a friend get rid of some pop-ups she keeps getting. She has run a scan with Norton AV and ad-aware, but the problems are still there. Hopefully this will be easy to diagnose and fix because I'm giving her instructions over AIM (She's on the other side of the country), and she's not very good with computer stuff. Here is the Hijack log. Thanks in advance!! <_<

Logfile of HijackThis v1.97.7
Scan saved at 1:56:59 AM, on 9/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\ndgqcau.exe
C:\WINDOWS\sosxfa.exe
C:\WINDOWS\bdmiaklho.exe
C:\WINDOWS\pxukokhcd.exe
C:\WINDOWS\hzefd.exe
C:\WINDOWS\pgwwduai.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\iancakkpg.exe
C:\WINDOWS\eeyy.exe
C:\WINDOWS\brcvmcbh.exe
C:\WINDOWS\knskm.exe
C:\WINDOWS\xurfuuyvx.exe
C:\WINDOWS\hclxwzble.exe
C:\WINDOWS\olym.exe
C:\WINDOWS\zlgvz.exe
C:\WINDOWS\homhgk.exe
C:\WINDOWS\wnmomq.exe
C:\WINDOWS\ydfrcpjw.exe
C:\WINDOWS\miluozz.exe
C:\WINDOWS\xhtcvkyf.exe
C:\WINDOWS\vrcsyh.exe
C:\WINDOWS\stscgzpe.exe
C:\WINDOWS\sswqrsks.exe
C:\WINDOWS\sryjkpum.exe
C:\WINDOWS\carcmux.exe
C:\WINDOWS\rogpdbjac.exe
C:\WINDOWS\awaifglr.exe
C:\WINDOWS\nftvklq.exe
C:\WINDOWS\aqlwxg.exe
C:\WINDOWS\wdvapr.exe
C:\WINDOWS\oyyaplu.exe
C:\WINDOWS\eebe.exe
C:\WINDOWS\rtxb.exe
C:\WINDOWS\dsavcnw.exe
C:\WINDOWS\nbstmvo.exe
C:\WINDOWS\tzaln.exe
C:\WINDOWS\vqhsgnkhz.exe
C:\WINDOWS\nntd.exe
C:\WINDOWS\wbpjt.exe
C:\WINDOWS\rxedva.exe
C:\WINDOWS\gsckxj.exe
C:\WINDOWS\ydkr.exe
C:\WINDOWS\qyaqkh.exe
C:\WINDOWS\ourzi.exe
C:\WINDOWS\lxjcke.exe
C:\WINDOWS\jqime.exe
C:\WINDOWS\qlbzusmdi.exe
C:\WINDOWS\ggxmdfipt.exe
C:\WINDOWS\qnvsqdgui.exe
C:\WINDOWS\naunesz.exe
C:\WINDOWS\qmxmjzrpa.exe
C:\WINDOWS\flcur.exe
C:\WINDOWS\xvopqihwu.exe
C:\WINDOWS\ixftwlk.exe
C:\WINDOWS\grgvauwdv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\aanb.exe
C:\WINDOWS\aanb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carly Zimmermann\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin\apuc.dll
O2 - BHO: (no name) - {D05EDEA3-E273-4672-83B4-5FC65C531A20} - C:\WINDOWS\afraevb.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [eghvx] C:\WINDOWS\orvtw.exe
O4 - HKLM\..\Run: [vyzmfij] C:\WINDOWS\ndgqcau.exe
O4 - HKLM\..\Run: [icxqpipw] C:\WINDOWS\sosxfa.exe
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\SYSTEM32\ossproxy.exe -boot
O4 - HKLM\..\Run: [qtkqzku] C:\WINDOWS\bdmiaklho.exe
O4 - HKLM\..\Run: [duohkxsl] C:\WINDOWS\pxukokhcd.exe
O4 - HKLM\..\Run: [egobmhp] C:\WINDOWS\hzefd.exe
O4 - HKLM\..\Run: [lvzmd] C:\WINDOWS\pgwwduai.exe
O4 - HKLM\..\Run: [gioriaaw] C:\WINDOWS\iancakkpg.exe
O4 - HKLM\..\Run: [imouwwrzb] C:\WINDOWS\eeyy.exe
O4 - HKLM\..\Run: [rnlj] C:\WINDOWS\brcvmcbh.exe
O4 - HKLM\..\Run: [ogvhwwunf] C:\WINDOWS\knskm.exe
O4 - HKLM\..\Run: [dwoytcrm] C:\WINDOWS\xurfuuyvx.exe
O4 - HKLM\..\Run: [yighkc] C:\WINDOWS\hclxwzble.exe
O4 - HKLM\..\Run: [oweqehjw] C:\WINDOWS\olym.exe
O4 - HKLM\..\Run: [uqoq] C:\WINDOWS\zlgvz.exe
O4 - HKLM\..\Run: [jalkj] C:\WINDOWS\homhgk.exe
O4 - HKLM\..\Run: [ntlvzhbe] C:\WINDOWS\wnmomq.exe
O4 - HKLM\..\Run: [gwftohgq] C:\WINDOWS\ydfrcpjw.exe
O4 - HKLM\..\Run: [vubiddhb] C:\WINDOWS\miluozz.exe
O4 - HKLM\..\Run: [gyyoelxr] C:\WINDOWS\xhtcvkyf.exe
O4 - HKLM\..\Run: [qkkxuzcd] C:\WINDOWS\vrcsyh.exe
O4 - HKLM\..\Run: [nmfdg] C:\WINDOWS\stscgzpe.exe
O4 - HKLM\..\Run: [nlhwafl] C:\WINDOWS\sswqrsks.exe
O4 - HKLM\..\Run: [nlitl] C:\WINDOWS\sryjkpum.exe
O4 - HKLM\..\Run: [oegv] C:\WINDOWS\carcmux.exe
O4 - HKLM\..\Run: [xdtduvsh] C:\WINDOWS\rogpdbjac.exe
O4 - HKLM\..\Run: [isqlnl] C:\WINDOWS\awaifglr.exe
O4 - HKLM\..\Run: [muanpsohh] C:\WINDOWS\nftvklq.exe
O4 - HKLM\..\Run: [ayxdtx] C:\WINDOWS\aqlwxg.exe
O4 - HKLM\..\Run: [pvitdx] C:\WINDOWS\wdvapr.exe
O4 - HKLM\..\Run: [anuijnvlv] C:\WINDOWS\oyyaplu.exe
O4 - HKLM\..\Run: [ycpgwn] C:\WINDOWS\eebe.exe
O4 - HKLM\..\Run: [fhvvhuj] C:\WINDOWS\rtxb.exe
O4 - HKLM\..\Run: [kwatyjoi] C:\WINDOWS\dsavcnw.exe
O4 - HKLM\..\Run: [amwfuij] C:\WINDOWS\nbstmvo.exe
O4 - HKLM\..\Run: [jvigt] C:\WINDOWS\tzaln.exe
O4 - HKLM\..\Run: [fyfbc] C:\WINDOWS\vqhsgnkhz.exe
O4 - HKLM\..\Run: [hulwmigf] C:\WINDOWS\nntd.exe
O4 - HKLM\..\Run: [vnufqcg] C:\WINDOWS\wbpjt.exe
O4 - HKLM\..\Run: [uvjg] C:\WINDOWS\rxedva.exe
O4 - HKLM\..\Run: [bxtmeh] C:\WINDOWS\gsckxj.exe
O4 - HKLM\..\Run: [vcnhbe] C:\WINDOWS\ydkr.exe
O4 - HKLM\..\Run: [gnjht] C:\WINDOWS\qyaqkh.exe
O4 - HKLM\..\Run: [axakiwh] C:\WINDOWS\ourzi.exe
O4 - HKLM\..\Run: [fooxi] C:\WINDOWS\lxjcke.exe
O4 - HKLM\..\Run: [rzspyrkrt] C:\WINDOWS\jqime.exe
O4 - HKLM\..\Run: [tuezaf] C:\WINDOWS\qlbzusmdi.exe
O4 - HKLM\..\Run: [abdqhjya] C:\WINDOWS\ggxmdfipt.exe
O4 - HKLM\..\Run: [vqouon] C:\WINDOWS\qnvsqdgui.exe
O4 - HKLM\..\Run: [smvgq] C:\WINDOWS\naunesz.exe
O4 - HKLM\..\Run: [urlejc] C:\WINDOWS\qmxmjzrpa.exe
O4 - HKLM\..\Run: [svcu] C:\WINDOWS\flcur.exe
O4 - HKLM\..\Run: [duuh] C:\WINDOWS\xvopqihwu.exe
O4 - HKLM\..\Run: [krmx] C:\WINDOWS\ixftwlk.exe
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [upyzbr] C:\WINDOWS\grgvauwdv.exe
O4 - HKLM\..\Run: [vbqfx] C:\WINDOWS\aanb.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
  • 0

Advertisements

#2
Smokey
Posted 07 September 2004 - 06:11 AM

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Before we start cleaning up your log please run a free online virus scan here:
http://housecall.antivirus.com/

And a free trojan scan here:
  • 0

#3
coachwife6
Posted 07 September 2004 - 09:09 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Trojan scan is at www.moosoft.com
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP