Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop-Ups won't go away, help! [RESOLVED]

Started by fang_2k7 , Aug 11 2005 02:55 PM

  • This topic is locked This topic is locked

#1
fang_2k7
Posted 11 August 2005 - 02:55 PM

fang_2k7

    Member

  • Member
  • PipPip
  • 33 posts
Hello people, I've been getting a lot of pop-ups recently, some of these include: new offer, yield manager, search inquire, party poker. I've ran several scans with Ad-Aware and Spybot, but it doesn't seem to help.

any help would be greatly appreciated...

Here is my HJT log...

Logfile of HijackThis v1.99.1
Scan saved at 4:01:53 PM, on 8/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\PWSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\WINDOWS\UPDATER\NICKSUPDATER.EXE
C:\WINDOWS\SYSTEM\GOCM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\USES\ASER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {900B5523-E7B7-C73F-BCC8-C1FED8F70E97} - C:\WINDOWS\SYSTEM\QRAG.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\UPDATER\NICKSU~2.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [PWSTray] PwsTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [NICKSUPDATER] C:\WINDOWS\UPDATER\NICKSUPDATER.EXE
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Tstu] C:\WINDOWS\SYSTEM\gocm.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [Eaas] C:\Program Files\uses\aser.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O19 - User stylesheet: (file missing)
  • 0

Advertisements

#2
Armodeluxe
Posted 14 August 2005 - 09:23 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Welcome to GeeksToGo

There are some items on your log we have to fix. I'll bring the items in red on the list to your attention. Those entries belong to a keylogger. If for any reason of your own you, or another user on the computer didn't install it then it has to go. If that's the case, then you should change all your logins and passwords after nuking it. If you installed it, then don't touch those entries.

Run HijackThis and click Scan. Put a check next to these.

O2 - BHO: (no name) - {900B5523-E7B7-C73F-BCC8-C1FED8F70E97} - C:\WINDOWS\SYSTEM\QRAG.DLL
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\UPDATER\NICKSU~2.DLL
O4 - HKLM\..\Run: [NICKSUPDATER] C:\WINDOWS\UPDATER\NICKSUPDATER.EXE
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKCU\..\Run: [Tstu] C:\WINDOWS\SYSTEM\gocm.exe
O4 - HKCU\..\Run: [Eaas] C:\Program Files\uses\aser.exe
O19 - User stylesheet: (file missing)

Close all windows except HijackThis and click Fix Checked. Reboot.

Boot into safe mode by tapping the F8 key just before Windows starts to load.

Reconfigure Windows 98 to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Click the View menu, and then click Folder Options. Select the View tab.

In the Hidden files section select "Show all files".
Uncheck the box next to "Hide file extensions for known file types".
Click Apply, and then click OK.

Now delete these files and folders in bold:

C:\WINDOWS\SYSTEM\inetsrv
C:\WINDOWS\SYSTEM\gocm.exe
C:\Program Files\uses
C:\WINDOWS\SYSTEM\QRAG.DLL this one might be gone, but check

If you're ridding of the keylogger then delete this folder also:

C:\WINDOWS\UPDATER

Reboot to normal mode. Go here and make an online virus scan, let it delete what it can and save the results.

http://www.pandasoft...com/activescan/

Then come back and post a new log and the Panda results. Are the popups gone now? If not we should investigate further.

Regards,

Armodeluxe
  • 0

#3
fang_2k7
Posted 16 August 2005 - 03:18 PM

fang_2k7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Well, the pop-ups hasn't come back since those things are deleted.

but here are the logs...

Activescan Report

Incident Status Location

Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\SYSTEM\~GLH0006.TMP
Adware:Adware/IEDriver No disinfected C:\WINDOWS\SYSTEM\USBUI754.exe
Dialer:Dialer.Gen No disinfected C:\WINDOWS\SYSTEM\Live Net Sex-uninstall.exe
Adware:Adware/IEDriver No disinfected C:\WINDOWS\SYSTEM\FM205658.exe
Dialer:Dialer.BLG No disinfected C:\WINDOWS\SYSTEM\EGDHTML_1020.dll
Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\SYSTEM\Ffewp.exe.mwt
Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\SYSTEM\Fov1O.exe.mwt
Adware:Adware/NetPals No disinfected C:\WINDOWS\SYSTEM\ATPartners.dll
Adware:adware/favoriteman No disinfected C:\WINDOWS\SYSTEM\im64.dll
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM\SWRT01.dll
Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\zwdudd.exe
Adware:adware/virtualbouncer No disinfected C:\WINDOWS\SYSTEM\INNERADINSTALL.LOG
Adware:Adware/IEDriver No disinfected C:\WINDOWS\SYSTEM\DPSERIAL.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM\ezPopStub.exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM\Shex.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\ALCHEM.INF
Virus:Trj/Downloader.DRJ Disinfected C:\WINDOWS\TEMP\!update.exe
Virus:Trj/Downloader.AEE Disinfected C:\WINDOWS\Downloaded Program Files\counter.inf
Adware:Adware Program No disinfected C:\WINDOWS\Downloaded Program Files\WildApp.inf
Virus:Trj/Downloader.DRJ Disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\HK4B11WT\!update-2304[1].0000
Adware:Adware/PurityScan No disinfected C:\WINDOWS\Profiles\tfang\Application Data\calt.exe
Adware:adware/ipinsight No disinfected C:\WINDOWS\ALCHEM.INI
Virus:Bck/Agent.K Disinfected C:\WINDOWS\aqadcup.exe.mwt
Adware:adware/sidesearch No disinfected C:\WINDOWS\sepsd.bin
Adware:Adware/eZula No disinfected C:\WINDOWS\woinstall.exe
Spyware:Spyware/Overpro No disinfected C:\WINDOWS\inetFuel.exe
Virus:Trj/Iconz.A Disinfected C:\WINDOWS\iconz.exe
Virus:Trj/Downloader.DRJ Disinfected C:\RECYCLED\DC19\aser.exe
Dialer:Dialer.BCA No disinfected C:\Program Files\GIB\01setup.EXE
Adware:Adware/PurityScan No disinfected C:\Program Files\hijackthis\backups\backup-20050101-154145-128.dll
Adware:Adware/PurityScan No disinfected C:\Program Files\hijackthis\backups\backup-20050814-224328-315.dll
Spyware:Spyware/Clipgenie No disinfected C:\Program Files\Support Software\SS2.DLL
Adware:adware/delfinmedia No disinfected C:\keys.ini


Logfile of HijackThis v1.99.1
Scan saved at 4:24:20 PM, on 8/16/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\PWSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [PWSTray] PwsTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
  • 0

#4
Armodeluxe
Posted 16 August 2005 - 07:44 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi fang

This is why I :) Panda. Even though it doesn't remove, it detects all the spyware/adware files lurking in the background :)

Then it's our job to nuke them... :tazz:

Please first save these directions to the desktop as a text file, because you will need to copy and paste part of them later, once we are in Safe Mode.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot"

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Ctrl+C:

C:\WINDOWS\SYSTEM\USBUI754.exe
C:\WINDOWS\SYSTEM\Live Net Sex-uninstall.exe
C:\WINDOWS\SYSTEM\FM205658.exe
C:\WINDOWS\SYSTEM\EGDHTML_1020.dll
C:\WINDOWS\SYSTEM\Ffewp.exe.mwt
C:\WINDOWS\SYSTEM\Fov1O.exe.mwt
C:\WINDOWS\SYSTEM\ATPartners.dll
C:\WINDOWS\SYSTEM\im64.dll
C:\WINDOWS\SYSTEM\SWRT01.dll
C:\WINDOWS\SYSTEM\zwdudd.exe
C:\WINDOWS\SYSTEM\INNERADINSTALL.LOG
C:\WINDOWS\SYSTEM\DPSERIAL.exe
C:\WINDOWS\SYSTEM\ezPopStub.exe
C:\WINDOWS\SYSTEM\Shex.exe
C:\WINDOWS\INF\ALCHEM.INF
C:\WINDOWS\Downloaded Program Files\WildApp.inf
C:\WINDOWS\Profiles\tfang\Application Data\calt.exe
C:\WINDOWS\ALCHEM.INI
C:\WINDOWS\aqadcup.exe.mwt
C:\WINDOWS\sepsd.bin
C:\WINDOWS\woinstall.exe
C:\WINDOWS\inetFuel.exe
C:\Program Files\GIB\01setup.EXE
C:\Program Files\Support Software\SS2.DLL
C:\keys.ini
C:\WINDOWS\SYSTEM\~GLH0006.TMP


6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Allow machine to reboot.

8) Then come back and post a final HijackThis log to make sure nothing is coming back..any problems left now?
  • 0

#5
fang_2k7
Posted 16 August 2005 - 08:53 PM

fang_2k7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Here is the new HTJ log...

Logfile of HijackThis v1.99.1
Scan saved at 10:01:00 PM, on 8/16/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\PWSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [PWSTray] PwsTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab

I don't see anymore pop-ups now, thank-you so much!!!
  • 0

#6
Armodeluxe
Posted 16 August 2005 - 09:55 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
That log looks clean to me :tazz:

You need an antivirus program with realtime protection.Use only one,using more than one may cause conflicts and problems.These are free.

Antivir
AVG

Have a firewall to monitor the traffic in and out of your computer.Again,use only one.
Zonealarm
Sygate

Spyware scanners
AdAware
Spybot

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0

#7
Armodeluxe
Posted 16 August 2005 - 09:55 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP