KhalilS1 Posted December 24, 2007 CID Share Posted December 24, 2007 You see I've been Having a problem many pop ups and even pop ups on yahoo! Saying my computer is infected. Here is the hijack this log, HELP ME PLEASE Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 7:20:17 PM, on 12/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:Program FilesLavasoftAd-Aware 2007aawservice.exe C:PROGRA~1COMMON~1AOLACSAOLacsd.exe C:WINDOWSeHomeehRecvr.exe C:WINDOWSeHomeehSched.exe C:Program FilesIntelIntel Matrix Storage Manageriaantmon.exe C:PROGRA~1McAfee.comPERSON~1MPFSERVICE.exe C:WINDOWSsystem32svchost.exe C:Program FilesViewpointCommonViewpointService.exe C:WINDOWSsystem32dllhost.exe C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe C:WINDOWSSystem32alg.exe C:WINDOWSSystem32svchost.exe C:WINDOWSehomeehtray.exe C:Program FilesJavajre1.6.0_02binjusched.exe C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe C:WINDOWSstsystra.exe C:Program FilesIntelModem Event MonitorIntelMEM.exe C:Program FilesCyberLinkPowerDVDDVDLauncher.exe C:WINDOWSeHomeehmsas.exe C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe C:WINDOWSsystem32dlatfswctrl.exe C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe C:PROGRA~1mcafee.comagentmcagent.exe C:PROGRA~1McAfee.comPERSON~1MpfTray.exe C:WINDOWSsystem32LVCOMSX.EXE c:progra~1mcafee.comvsomcvsescn.exe C:Program FilesLogitechVideoLogiTray.exe C:Program FilesCommon FilesRealUpdate_OBrealsched.exe C:Program FilesYahoo!Search ProtectionSearchProtection.exe C:Program FilesMusicmatchMusicmatch Jukeboxmmtask.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesBitTorrent_DNAdna.exe C:Program FilesAIM6aim6.exe C:Program FilesMessengermsmsgs.exe C:Program FilesSpybot - Search & DestroyTeaTimer.exe C:Program FilesAmerica Online 9.0aoltray.exe C:PROGRA~1Yahoo!MESSEN~1ymsgr_tray.exe C:Program FilesWiFiConnectorNintendoWFCReg.exe C:Program FilesLogitechVideoFxSvr2.exe c:progra~1mcafee.comvsomcvsftsn.exe C:Program FilesAIM6aolsoftware.exe C:Program FilesSpyware Doctorsvcntaux.exe C:Program FilesSpyware Doctorswdsvc.exe C:Program FilesSpyware DoctorSDTrayApp.exe C:Documents and SettingsAbduDesktopHiJackThis_v2.exe C:PROGRA~1MOZILL~1FIREFOX.EXE C:Program FilesInternet Exploreriexplore.exe C:WINDOWSexplorer.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.yahoo.com'>http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/'>http://www.yahoo.com/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yahoo.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/'>http://www.yahoo.com/ext/search/search.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.yahoo.com'>http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dll O2 - BHO: {6205b8d3-ba11-5a39-48d4-d58e6897f2e7} - {7e2f7986-e85d-4d84-93a5-11ab3d8b5026} - C:WINDOWSsystem32hghbgiog.dll O2 - BHO: (no name) - {F1A10748-A56E-4540-A9D6-5FFA66C84691} - C:WINDOWSsystem32mllmk.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe" O4 - HKLM..Run: [iAAnotif] C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe O4 - HKLM..Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM..Run: [ATIPTA] "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" O4 - HKLM..Run: [intelMeM] C:Program FilesIntelModem Event MonitorIntelMEM.exe O4 - HKLM..Run: [DVDLauncher] "C:Program FilesCyberLinkPowerDVDDVDLauncher.exe" O4 - HKLM..Run: [MMTray] "C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe" O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe O4 - HKLM..Run: [iSUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup O4 - HKLM..Run: [iSUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start O4 - HKLM..Run: [VSOCheckTask] "c:PROGRA~1mcafee.comvsomcmnhdlr.exe" /checktask O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentMcUpdate.exe O4 - HKLM..Run: [VirusScan Online] c:PROGRA~1mcafee.comvsomcvsshld.exe O4 - HKLM..Run: [MPFExe] C:PROGRA~1McAfee.comPERSON~1MpfTray.exe O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE O4 - HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe O4 - HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot O4 - HKLM..Run: [YSearchProtection] "C:Program FilesYahoo!Search ProtectionSearchProtection.exe" O4 - HKLM..Run: [mmtask] "C:Program FilesMusicmatchMusicmatch Jukeboxmmtask.exe" O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k O4 - HKLM..Run: [f455830b] rundll32.exe "C:WINDOWSsystem32riehenhx.dll",b O4 - HKCU..Run: [YSearchProtection] C:Program FilesYahoo!Search ProtectionSearchProtection.exe O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [Yahoo! Pager] "C:PROGRA~1Yahoo!MESSEN~1YAHOOM~1.EXE" -quiet O4 - HKCU..Run: [bitTorrent DNA] "C:Program FilesBitTorrent_DNAdna.exe" O4 - HKCU..Run: [Aim6] "C:Program FilesAIM6aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:Program FilesAmerica Online 9.0aoltray.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:Program FilesCommon FilesIntuitQuickBooksQBUpdateqbupdate.exe O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:Program FilesWiFiConnectorNintendoWFCReg.exe O8 - Extra context menu item: &Search - ?p=ZJxdm049MMUS O8 - Extra context menu item: Add to AMV Convert Tool... - C:Program FilesMP3 Player Utilities 4.00AMVConvertergrab.html O8 - Extra context menu item: Add to AMV Converter... - C:Program FilesMP3 Player Utilities 4.05AMVConvertergrab.html O8 - Extra context menu item: Add to Media Manager... - C:Program FilesMP3 Player Utilities 4.00MediaManagergrab.html O8 - Extra context menu item: Myxer - Send image to phone! - http://www.myxertones.com/magic/ie/ O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1009 Class) - http://www.hangame.com/common/HanSetup1009.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll O22 - SharedTaskScheduler: equiparant - {25b7d2fd-4f71-46d1-801a-7de323e4ec82} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:Program FilesLavasoftAd-Aware 2007aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:PROGRA~1COMMON~1AOLACSAOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage Manageriaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:PROGRA~1mcafee.comvsomcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:PROGRA~1McAfee.comPERSON~1MPFSERVICE.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware Doctorsvcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware Doctorswdsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe O24 - Desktop Component 0: (no name) - http://i21.ebayimg.com/02/i/000/a2/9b/201c_1.JPG -- End of file - 12535 bytes Link to comment Share on other sites More sharing options...
coknuck Posted December 24, 2007 CID Share Posted December 24, 2007 Copy and paste your log file here. When my wife had lots of pop ups it was because she clicked on one of those you might have a virus pop ups. It put its self in 02 BHO section of the log. I ran yours and there were a lot of question marks. If you don't know what it is get rid of it. Good luck http://www.hijackthis.de/ Link to comment Share on other sites More sharing options...
KhalilS1 Posted December 24, 2007 Author CID Share Posted December 24, 2007 Thanks but still getting popups please. Anyone else? Link to comment Share on other sites More sharing options...
tommie gorman Posted December 25, 2007 CID Share Posted December 25, 2007 Try this link. Welcome to the forum. http://www.testmy.net/t-4257 Link to comment Share on other sites More sharing options...
prairiedogsplatr Posted December 25, 2007 CID Share Posted December 25, 2007 try superantispyware its free also maybe try uninstalling all of that yahoo junk Link to comment Share on other sites More sharing options...
Recommended Posts