Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Boo Pop-Ups :(


  • Please log in to reply

#1
XbobobX

XbobobX

    New Member

  • Member
  • Pip
  • 1 posts
Hello! I'm trying to help a friend get rid of some pop-ups she keeps getting. She has run a scan with Norton AV and ad-aware, but the problems are still there. Hopefully this will be easy to diagnose and fix because I'm giving her instructions over AIM (She's on the other side of the country), and she's not very good with computer stuff. Here is the Hijack log. Thanks in advance!! <_<

Logfile of HijackThis v1.97.7
Scan saved at 1:56:59 AM, on 9/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\ndgqcau.exe
C:\WINDOWS\sosxfa.exe
C:\WINDOWS\bdmiaklho.exe
C:\WINDOWS\pxukokhcd.exe
C:\WINDOWS\hzefd.exe
C:\WINDOWS\pgwwduai.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\iancakkpg.exe
C:\WINDOWS\eeyy.exe
C:\WINDOWS\brcvmcbh.exe
C:\WINDOWS\knskm.exe
C:\WINDOWS\xurfuuyvx.exe
C:\WINDOWS\hclxwzble.exe
C:\WINDOWS\olym.exe
C:\WINDOWS\zlgvz.exe
C:\WINDOWS\homhgk.exe
C:\WINDOWS\wnmomq.exe
C:\WINDOWS\ydfrcpjw.exe
C:\WINDOWS\miluozz.exe
C:\WINDOWS\xhtcvkyf.exe
C:\WINDOWS\vrcsyh.exe
C:\WINDOWS\stscgzpe.exe
C:\WINDOWS\sswqrsks.exe
C:\WINDOWS\sryjkpum.exe
C:\WINDOWS\carcmux.exe
C:\WINDOWS\rogpdbjac.exe
C:\WINDOWS\awaifglr.exe
C:\WINDOWS\nftvklq.exe
C:\WINDOWS\aqlwxg.exe
C:\WINDOWS\wdvapr.exe
C:\WINDOWS\oyyaplu.exe
C:\WINDOWS\eebe.exe
C:\WINDOWS\rtxb.exe
C:\WINDOWS\dsavcnw.exe
C:\WINDOWS\nbstmvo.exe
C:\WINDOWS\tzaln.exe
C:\WINDOWS\vqhsgnkhz.exe
C:\WINDOWS\nntd.exe
C:\WINDOWS\wbpjt.exe
C:\WINDOWS\rxedva.exe
C:\WINDOWS\gsckxj.exe
C:\WINDOWS\ydkr.exe
C:\WINDOWS\qyaqkh.exe
C:\WINDOWS\ourzi.exe
C:\WINDOWS\lxjcke.exe
C:\WINDOWS\jqime.exe
C:\WINDOWS\qlbzusmdi.exe
C:\WINDOWS\ggxmdfipt.exe
C:\WINDOWS\qnvsqdgui.exe
C:\WINDOWS\naunesz.exe
C:\WINDOWS\qmxmjzrpa.exe
C:\WINDOWS\flcur.exe
C:\WINDOWS\xvopqihwu.exe
C:\WINDOWS\ixftwlk.exe
C:\WINDOWS\grgvauwdv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\aanb.exe
C:\WINDOWS\aanb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carly Zimmermann\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin\apuc.dll
O2 - BHO: (no name) - {D05EDEA3-E273-4672-83B4-5FC65C531A20} - C:\WINDOWS\afraevb.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [eghvx] C:\WINDOWS\orvtw.exe
O4 - HKLM\..\Run: [vyzmfij] C:\WINDOWS\ndgqcau.exe
O4 - HKLM\..\Run: [icxqpipw] C:\WINDOWS\sosxfa.exe
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\SYSTEM32\ossproxy.exe -boot
O4 - HKLM\..\Run: [qtkqzku] C:\WINDOWS\bdmiaklho.exe
O4 - HKLM\..\Run: [duohkxsl] C:\WINDOWS\pxukokhcd.exe
O4 - HKLM\..\Run: [egobmhp] C:\WINDOWS\hzefd.exe
O4 - HKLM\..\Run: [lvzmd] C:\WINDOWS\pgwwduai.exe
O4 - HKLM\..\Run: [gioriaaw] C:\WINDOWS\iancakkpg.exe
O4 - HKLM\..\Run: [imouwwrzb] C:\WINDOWS\eeyy.exe
O4 - HKLM\..\Run: [rnlj] C:\WINDOWS\brcvmcbh.exe
O4 - HKLM\..\Run: [ogvhwwunf] C:\WINDOWS\knskm.exe
O4 - HKLM\..\Run: [dwoytcrm] C:\WINDOWS\xurfuuyvx.exe
O4 - HKLM\..\Run: [yighkc] C:\WINDOWS\hclxwzble.exe
O4 - HKLM\..\Run: [oweqehjw] C:\WINDOWS\olym.exe
O4 - HKLM\..\Run: [uqoq] C:\WINDOWS\zlgvz.exe
O4 - HKLM\..\Run: [jalkj] C:\WINDOWS\homhgk.exe
O4 - HKLM\..\Run: [ntlvzhbe] C:\WINDOWS\wnmomq.exe
O4 - HKLM\..\Run: [gwftohgq] C:\WINDOWS\ydfrcpjw.exe
O4 - HKLM\..\Run: [vubiddhb] C:\WINDOWS\miluozz.exe
O4 - HKLM\..\Run: [gyyoelxr] C:\WINDOWS\xhtcvkyf.exe
O4 - HKLM\..\Run: [qkkxuzcd] C:\WINDOWS\vrcsyh.exe
O4 - HKLM\..\Run: [nmfdg] C:\WINDOWS\stscgzpe.exe
O4 - HKLM\..\Run: [nlhwafl] C:\WINDOWS\sswqrsks.exe
O4 - HKLM\..\Run: [nlitl] C:\WINDOWS\sryjkpum.exe
O4 - HKLM\..\Run: [oegv] C:\WINDOWS\carcmux.exe
O4 - HKLM\..\Run: [xdtduvsh] C:\WINDOWS\rogpdbjac.exe
O4 - HKLM\..\Run: [isqlnl] C:\WINDOWS\awaifglr.exe
O4 - HKLM\..\Run: [muanpsohh] C:\WINDOWS\nftvklq.exe
O4 - HKLM\..\Run: [ayxdtx] C:\WINDOWS\aqlwxg.exe
O4 - HKLM\..\Run: [pvitdx] C:\WINDOWS\wdvapr.exe
O4 - HKLM\..\Run: [anuijnvlv] C:\WINDOWS\oyyaplu.exe
O4 - HKLM\..\Run: [ycpgwn] C:\WINDOWS\eebe.exe
O4 - HKLM\..\Run: [fhvvhuj] C:\WINDOWS\rtxb.exe
O4 - HKLM\..\Run: [kwatyjoi] C:\WINDOWS\dsavcnw.exe
O4 - HKLM\..\Run: [amwfuij] C:\WINDOWS\nbstmvo.exe
O4 - HKLM\..\Run: [jvigt] C:\WINDOWS\tzaln.exe
O4 - HKLM\..\Run: [fyfbc] C:\WINDOWS\vqhsgnkhz.exe
O4 - HKLM\..\Run: [hulwmigf] C:\WINDOWS\nntd.exe
O4 - HKLM\..\Run: [vnufqcg] C:\WINDOWS\wbpjt.exe
O4 - HKLM\..\Run: [uvjg] C:\WINDOWS\rxedva.exe
O4 - HKLM\..\Run: [bxtmeh] C:\WINDOWS\gsckxj.exe
O4 - HKLM\..\Run: [vcnhbe] C:\WINDOWS\ydkr.exe
O4 - HKLM\..\Run: [gnjht] C:\WINDOWS\qyaqkh.exe
O4 - HKLM\..\Run: [axakiwh] C:\WINDOWS\ourzi.exe
O4 - HKLM\..\Run: [fooxi] C:\WINDOWS\lxjcke.exe
O4 - HKLM\..\Run: [rzspyrkrt] C:\WINDOWS\jqime.exe
O4 - HKLM\..\Run: [tuezaf] C:\WINDOWS\qlbzusmdi.exe
O4 - HKLM\..\Run: [abdqhjya] C:\WINDOWS\ggxmdfipt.exe
O4 - HKLM\..\Run: [vqouon] C:\WINDOWS\qnvsqdgui.exe
O4 - HKLM\..\Run: [smvgq] C:\WINDOWS\naunesz.exe
O4 - HKLM\..\Run: [urlejc] C:\WINDOWS\qmxmjzrpa.exe
O4 - HKLM\..\Run: [svcu] C:\WINDOWS\flcur.exe
O4 - HKLM\..\Run: [duuh] C:\WINDOWS\xvopqihwu.exe
O4 - HKLM\..\Run: [krmx] C:\WINDOWS\ixftwlk.exe
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [upyzbr] C:\WINDOWS\grgvauwdv.exe
O4 - HKLM\..\Run: [vbqfx] C:\WINDOWS\aanb.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
  • 0

Advertisements


#2
Smokey

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Before we start cleaning up your log please run a free online virus scan here:
http://housecall.antivirus.com/

And a free trojan scan here:
  • 0

#3
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Trojan scan is at www.moosoft.com
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP