Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Cant locate Popup source [RESOLVED]

  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 2 posts
I've ran Spyware Dr, Microsoft's beta spyware program and spybot but can't seem to kill the source of this popup on a friend's computer. Can someone please add an extra set of eyes and some help

Logfile of HijackThis v1.99.1
Scan saved at 21:17:42, on 18/7/2548
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Tew\My Documents\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.th/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O1 - Hosts: google.ae
O1 - Hosts: google.am
O1 - Hosts: google.as
O1 - Hosts: google.at
O1 - Hosts: google.az
O1 - Hosts: google.be
O1 - Hosts: google.bi
O1 - Hosts: google.cd
O1 - Hosts: google.cg
O1 - Hosts: google.ch
O1 - Hosts: google.ci
O1 - Hosts: google.cl
O1 - Hosts: google.co.cr
O1 - Hosts: google.co.hu
O1 - Hosts: google.co.il
O1 - Hosts: google.co.in
O1 - Hosts: google.co.je
O1 - Hosts: google.co.jp
O1 - Hosts: google.co.ke
O1 - Hosts: google.co.kr
O1 - Hosts: google.co.ls
O1 - Hosts: google.co.nz
O1 - Hosts: google.co.th
O1 - Hosts: google.co.ug
O1 - Hosts: google.co.ve
O1 - Hosts: google.dj
O1 - Hosts: google.dk
O1 - Hosts: google.fi
O1 - Hosts: google.fm
O1 - Hosts: google.gg
O1 - Hosts: google.gl
O1 - Hosts: google.gm
O1 - Hosts: google.hn
O1 - Hosts: google.ie
O1 - Hosts: google.it
O1 - Hosts: google.kz
O1 - Hosts: google.li
O1 - Hosts: google.lt
O1 - Hosts: google.lu
O1 - Hosts: google.lv
O1 - Hosts: google.mn
O1 - Hosts: google.ms
O1 - Hosts: google.mu
O1 - Hosts: google.mw
O1 - Hosts: google.nl
O1 - Hosts: google.no
O1 - Hosts: google.off.ai
O1 - Hosts: google.pl
O1 - Hosts: google.pn
O1 - Hosts: google.pt
O1 - Hosts: google.ro
O1 - Hosts: google.ru
O1 - Hosts: google.rw
O1 - Hosts: google.se
O1 - Hosts: google.sh
O1 - Hosts: google.sk
O1 - Hosts: google.sm
O1 - Hosts: google.td
O1 - Hosts: google.tm
O1 - Hosts: google.tt
O1 - Hosts: google.uz
O1 - Hosts: google.vg
O1 - Hosts: www.alexa.com alexa.com
O2 - BHO: (no name) - {3330FD8F-364B-2BE4-3A26-3A31B2CEA5BB} - C:\WINDOWS\System32\alpfejj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {8ACBF2C3-6B57-7EF7-7B23-3FC11D544CB5} - C:\WINDOWS\System32\hjnnpyc.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ajalrb.exe reg_run
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [psmh3ne] mqenec.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Tefwdivr] C:\WINDOWS\System32\??plorer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mowz] C:\PROGRA~1\COMMON~1\mowz\mowzm.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121740327593
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winf...nnerInstall.cab
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\dyprop.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\dyprop.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • 0




    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello and welcome to Geeks To Go.

Lets start out with some general scans and see if we cant clean things up a little.

+++++ Step 1 +++++

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 2 +++++

Update HiJackThis
  • Open HiJackThis
  • Click Open the Misc Tools Section
  • Click Check for update online
+++++ Step 3 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

If you have recieved help elsewhere or no longer need our assistance, please let us know.

  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi Kristy,
Thanks for your help. I finally managed to figure it out. Some program called OIN somehow was installed on my friends network and once I took that out Ewidos took care of the rest
  • 0



    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP