Jump to content
Sign in to follow this  
KhalilS1

Spy ware popups and Other Popups! hijack this log included

Recommended Posts

You see I've been Having a problem many pop ups and even pop ups on yahoo! Saying my computer is infected. Here is the hijack this log, HELP ME PLEASE

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 7:20:17 PM, on 12/23/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesLavasoftAd-Aware 2007aawservice.exe

C:PROGRA~1COMMON~1AOLACSAOLacsd.exe

C:WINDOWSeHomeehRecvr.exe

C:WINDOWSeHomeehSched.exe

C:Program FilesIntelIntel Matrix Storage Manageriaantmon.exe

C:PROGRA~1McAfee.comPERSON~1MPFSERVICE.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesViewpointCommonViewpointService.exe

C:WINDOWSsystem32dllhost.exe

C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe

C:WINDOWSSystem32alg.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSehomeehtray.exe

C:Program FilesJavajre1.6.0_02binjusched.exe

C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe

C:WINDOWSstsystra.exe

C:Program FilesIntelModem Event MonitorIntelMEM.exe

C:Program FilesCyberLinkPowerDVDDVDLauncher.exe

C:WINDOWSeHomeehmsas.exe

C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe

C:WINDOWSsystem32dlatfswctrl.exe

C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe

C:PROGRA~1mcafee.comagentmcagent.exe

C:PROGRA~1McAfee.comPERSON~1MpfTray.exe

C:WINDOWSsystem32LVCOMSX.EXE

c:progra~1mcafee.comvsomcvsescn.exe

C:Program FilesLogitechVideoLogiTray.exe

C:Program FilesCommon FilesRealUpdate_OBrealsched.exe

C:Program FilesYahoo!Search ProtectionSearchProtection.exe

C:Program FilesMusicmatchMusicmatch Jukeboxmmtask.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesBitTorrent_DNAdna.exe

C:Program FilesAIM6aim6.exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesSpybot - Search & DestroyTeaTimer.exe

C:Program FilesAmerica Online 9.0aoltray.exe

C:PROGRA~1Yahoo!MESSEN~1ymsgr_tray.exe

C:Program FilesWiFiConnectorNintendoWFCReg.exe

C:Program FilesLogitechVideoFxSvr2.exe

c:progra~1mcafee.comvsomcvsftsn.exe

C:Program FilesAIM6aolsoftware.exe

C:Program FilesSpyware Doctorsvcntaux.exe

C:Program FilesSpyware Doctorswdsvc.exe

C:Program FilesSpyware DoctorSDTrayApp.exe

C:Documents and SettingsAbduDesktopHiJackThis_v2.exe

C:PROGRA~1MOZILL~1FIREFOX.EXE

C:Program FilesInternet Exploreriexplore.exe

C:WINDOWSexplorer.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.yahoo.com'>http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/'>http://www.yahoo.com/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yahoo.com

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/'>http://www.yahoo.com/ext/search/search.html

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.yahoo.com'>http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer provided by Yahoo!

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dll

O2 - BHO: {6205b8d3-ba11-5a39-48d4-d58e6897f2e7} - {7e2f7986-e85d-4d84-93a5-11ab3d8b5026} - C:WINDOWSsystem32hghbgiog.dll

O2 - BHO: (no name) - {F1A10748-A56E-4540-A9D6-5FFA66C84691} - C:WINDOWSsystem32mllmk.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll

O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe"

O4 - HKLM..Run: [iAAnotif] C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe

O4 - HKLM..Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM..Run: [ATIPTA] "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe"

O4 - HKLM..Run: [intelMeM] C:Program FilesIntelModem Event MonitorIntelMEM.exe

O4 - HKLM..Run: [DVDLauncher] "C:Program FilesCyberLinkPowerDVDDVDLauncher.exe"

O4 - HKLM..Run: [MMTray] "C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe"

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe

O4 - HKLM..Run: [iSUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup

O4 - HKLM..Run: [iSUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start

O4 - HKLM..Run: [VSOCheckTask] "c:PROGRA~1mcafee.comvsomcmnhdlr.exe" /checktask

O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe

O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentMcUpdate.exe

O4 - HKLM..Run: [VirusScan Online] c:PROGRA~1mcafee.comvsomcvsshld.exe

O4 - HKLM..Run: [MPFExe] C:PROGRA~1McAfee.comPERSON~1MpfTray.exe

O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE

O4 - HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe

O4 - HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe

O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe"  -osboot

O4 - HKLM..Run: [YSearchProtection] "C:Program FilesYahoo!Search ProtectionSearchProtection.exe"

O4 - HKLM..Run: [mmtask] "C:Program FilesMusicmatchMusicmatch Jukeboxmmtask.exe"

O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k

O4 - HKLM..Run: [f455830b] rundll32.exe "C:WINDOWSsystem32riehenhx.dll",b

O4 - HKCU..Run: [YSearchProtection] C:Program FilesYahoo!Search ProtectionSearchProtection.exe

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [Yahoo! Pager] "C:PROGRA~1Yahoo!MESSEN~1YAHOOM~1.EXE" -quiet

O4 - HKCU..Run: [bitTorrent DNA] "C:Program FilesBitTorrent_DNAdna.exe"

O4 - HKCU..Run: [Aim6] "C:Program FilesAIM6aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:Program FilesAmerica Online 9.0aoltray.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:Program FilesCommon FilesIntuitQuickBooksQBUpdateqbupdate.exe

O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:Program FilesWiFiConnectorNintendoWFCReg.exe

O8 - Extra context menu item: &Search - ?p=ZJxdm049MMUS

O8 - Extra context menu item: Add to AMV Convert Tool... - C:Program FilesMP3 Player Utilities 4.00AMVConvertergrab.html

O8 - Extra context menu item: Add to AMV Converter... - C:Program FilesMP3 Player Utilities 4.05AMVConvertergrab.html

O8 - Extra context menu item: Add to Media Manager... - C:Program FilesMP3 Player Utilities 4.00MediaManagergrab.html

O8 - Extra context menu item: Myxer - Send image to phone! - http://www.myxertones.com/magic/ie/

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab

O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1009 Class) - http://www.hangame.com/common/HanSetup1009.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab

O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll

O22 - SharedTaskScheduler: equiparant - {25b7d2fd-4f71-46d1-801a-7de323e4ec82} - (no file)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:Program FilesLavasoftAd-Aware 2007aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:PROGRA~1COMMON~1AOLACSAOLacsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage Manageriaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:PROGRA~1mcafee.comvsomcvsrte.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:PROGRA~1McAfee.comPERSON~1MPFSERVICE.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware Doctorsvcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware Doctorswdsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

O24 - Desktop Component 0: (no name) - http://i21.ebayimg.com/02/i/000/a2/9b/201c_1.JPG

--

End of file - 12535 bytes

Share this post


Link to post
Share on other sites

Copy and paste your log file here. When my wife had lots of pop ups it was because she clicked on one of those you might have a virus pop ups. It put its self in 02 BHO section of the log. I ran yours and there were a lot of question marks. If you don't know what it is get rid of it. Good luck

http://www.hijackthis.de/

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...