1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Annoying popups (partyfriendfinder.com, ...)

Discussion in 'Virus & Other Malware Removal' started by ofers, Feb 14, 2007.

Thread Status:
Not open for further replies.
  1. ofers

    ofers Thread Starter

    Joined:
    Feb 5, 2007
    Messages:
    4
    Hello Tech guys,
    Like many others in this forum, I'm getting a lot of pop-ups like partyfriendfinder.com, etc.
    After reading similar posts here I tried the following:
    1. Ran AVG Anti-Spyware. It found many Trojans and spyware, I let it do the recommended actions (log is saved if needed).
    2. Did the same in safe mode:

    F:\Downloads\EvID4226Patch223d-en\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : No action taken.
    :mozilla.51:C:\Documents and Settings\ofer\Application Data\Mozilla\Firefox\Profiles\default.g3m\cookies.txt -> TrackingCookie.Information : No action taken.
    C:\Documents and Settings\ofer\Cookies\[email protected][1].txt -> TrackingCookie.Information : No action taken.
    C:\System Volume Information\_restore{E95CA882-1652-424B-BE92-9785D77AC05B}\RP1012\A0210323.exe -> Trojan.Obfuscated.cb : No action taken.
    C:\Documents and Settings\ofer\Local Settings\Temp\bis92E.exe -> Trojan.Zapchast.nbc : No action taken.
    C:\System Volume Information\_restore{E95CA882-1652-424B-BE92-9785D77AC05B}\RP1015\A0210681.exe -> Trojan.Zapchast.nbc : No action taken.

    4. Ran again in normal mode:
    F:\Downloads\EvID4226Patch223d-en\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.

    Bottom line: Popups are very persistent and just laugh at me . Please help!



    Here's my current HJT log:


    Logfile of HijackThis v1.99.1
    Scan saved at 11:16:20 PM, on 2/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS.0\system32\nvsvc32.exe
    C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\jre\bin\java.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS.0\system32\ZONELABS\vsmon.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS.0\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\SYMANT~1\vptray.exe
    C:\WINDOWS.0\vVX3000.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\lg_fwupdate\fwupdate.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS.0\system32\ctfmon.exe
    C:\Program Files\PCPal\PalAgnt.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS.0\system32\NOTEPAD.EXE
    C:\WINDOWS.0\system32\NOTEPAD.EXE
    C:\WINDOWS.0\system32\wuauclt.exe
    F:\Downloads\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ofer
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: (no name) - {5038FED1-CEFE-11D2-9E74-00A0C945A948} - (no file)
    O1 - Hosts: 172.30.0.101 exil1
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.0.1\SmrtShpr.dll
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [USRpdA] "C:\WINDOWS.0\SYSTEM32\USRmlnkA.exe" RunServices \Device\3cpipe-USRpdA
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS.0\vVX3000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [spywareblaster] "C:\Program Files\SpywareBlaster\spywareblaster.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PCPal] "C:\Program Files\PCPal\PalAgnt.exe" /startup
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - Startup: zlclient.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - Startup: ADSL.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.0.1\SmrtShpr.dll
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.0.1\SmrtShpr.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://www.mapa.co.il
    O15 - Trusted Zone: http://www.walla.co.il
    O15 - Trusted Zone: http://www.ynet.co.il
    O16 - DPF: Tarantella 3.x Combined Java Archive - http://isp.egeoscience.com/tarantella/java/ttaA-du.cab
    O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp-il.paradigmgeo.com/qp2.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37380.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?221
    O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/BlogTVBU/launcher.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC4DD1C7-3549-4343-8ED8-B98E625E058A}: NameServer = 192.115.106.35 62.219.186.7
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS.0\Downloaded Program Files\mimectl.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: ckpNotify - C:\WINDOWS.0\SYSTEM32\ckpNotify.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS.0\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.0\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS.0\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\Wrapper.conf (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.0\system32\HPZipm12.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    O23 - Service: Check Point VPN-1 Securemote watchdog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS.0\system32\ZONELABS\vsmon.exe
     
  2. ofers

    ofers Thread Starter

    Joined:
    Feb 5, 2007
    Messages:
    4
    I disabled SpywareBlaster some time ago (unfortunately), and I'v just enabled it again after my computer got infected (lesson to learn).
     
  3. ofers

    ofers Thread Starter

    Joined:
    Feb 5, 2007
    Messages:
    4
    I saw some reference to NoLop.exe in this forum. Since from time to time I get a message "Access to lop.com denied" from one of the resident shields (SpySweeper, CounterSpy, ... , I don't really know), I decided to run NoLop.exe, and it did find and removed an infection (log file is bellow). I didn't run IE yet because I'm afraid to wake up the beast, so I don't know if problem is solved or not.
    And one more thing: When starting Windows, I get a message from Windows Defender about "Possible Hosts File Hijack". Itell it to remove, but it comes again whenever Windows start.

    NoLop.exe log:

    NoLop! Log by Skate_Punk_21

    Fix running from: C:\Program Files\Mozilla Firefox
    [2/14/2007]
    [11:53:44 PM]

    ---Infection Files Found/Removed---
    C:\WINDOWS.0\tasks\C017DA239B43849F.job

    Beginning Removal...
    Rebooting...
    Removing Lop's Leftover Files/Folders...
    Editing Registry...
    **Fix Complete!**

    ---Listing AppData sub directories---

    C:\Documents and Settings\Default User\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Quicktime
    C:\Documents and Settings\All Users\Application Data\Softdisk Llc
    C:\Documents and Settings\All Users\Application Data\Msn Messenger 5.0.0540
    C:\Documents and Settings\Administrator\Application Data\Microsoft
    C:\Documents and Settings\Administrator\Application Data\Identities
    C:\Documents and Settings\Administrator\Application Data\Microsoft Web Folders -- EMPTY Directory
    C:\Documents and Settings\Administrator\Application Data\Icaclient
    C:\Documents and Settings\Administrator\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Administrator\Application Data\Real
    C:\Documents and Settings\Default User.windows.0\Application Data\Microsoft
    C:\Documents and Settings\All Users.windows.0\Application Data\Microsoft
    C:\Documents and Settings\All Users.windows.0\Application Data\Symantec
    C:\Documents and Settings\All Users.windows.0\Application Data\Gtek
    C:\Documents and Settings\All Users.windows.0\Application Data\Raxco
    C:\Documents and Settings\All Users.windows.0\Application Data\Cyberlink
    C:\Documents and Settings\All Users.windows.0\Application Data\Adobe
    C:\Documents and Settings\All Users.windows.0\Application Data\Minnetonka Audio Software
    C:\Documents and Settings\All Users.windows.0\Application Data\Quicktime
    C:\Documents and Settings\All Users.windows.0\Application Data\Pinnacle
    C:\Documents and Settings\All Users.windows.0\Application Data\Spybot - Search & Destroy
    C:\Documents and Settings\All Users.windows.0\Application Data\Apple Computer
    C:\Documents and Settings\All Users.windows.0\Application Data\Dvd Shrink
    C:\Documents and Settings\All Users.windows.0\Application Data\Roboform
    C:\Documents and Settings\All Users.windows.0\Application Data\Espionserverdata
    C:\Documents and Settings\All Users.windows.0\Application Data\Skype -- EMPTY Directory
    C:\Documents and Settings\All Users.windows.0\Application Data\Windows Genuine Advantage
    C:\Documents and Settings\All Users.windows.0\Application Data\Google
    C:\Documents and Settings\All Users.windows.0\Application Data\Nview_profiles -- EMPTY Directory
    C:\Documents and Settings\All Users.windows.0\Application Data\Hp
    C:\Documents and Settings\All Users.windows.0\Application Data\Windows Live Toolbar
    C:\Documents and Settings\All Users.windows.0\Application Data\The Joy Anti Regs
    C:\Documents and Settings\All Users.windows.0\Application Data\Gretech
    C:\Documents and Settings\Networkservice\Application Data\Microsoft
    C:\Documents and Settings\Networkservice\Application Data\Webroot
    C:\Documents and Settings\Localservice\Application Data\Microsoft
    C:\Documents and Settings\Localservice\Application Data\Webroot
    C:\Documents and Settings\Ofer\Application Data\Microsoft
    C:\Documents and Settings\Ofer\Application Data\Identities
    C:\Documents and Settings\Ofer\Application Data\Microsoft Web Folders -- EMPTY Directory
    C:\Documents and Settings\Ofer\Application Data\Symantec
    C:\Documents and Settings\Ofer\Application Data\Adobe
    C:\Documents and Settings\Ofer\Application Data\Icaclient
    C:\Documents and Settings\Ofer\Application Data\Gtek
    C:\Documents and Settings\Ofer\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Ofer\Application Data\Macromedia
    C:\Documents and Settings\Ofer\Application Data\Sonic
    C:\Documents and Settings\Ofer\Application Data\Leadertech
    C:\Documents and Settings\Ofer\Application Data\Cyberlink
    C:\Documents and Settings\Ofer\Application Data\Veritas
    C:\Documents and Settings\Ofer\Application Data\Pegasys Inc
    C:\Documents and Settings\Ofer\Application Data\Mozilla
    C:\Documents and Settings\Ofer\Application Data\Talkback
    C:\Documents and Settings\Ofer\Application Data\Apple Computer
    C:\Documents and Settings\Ofer\Application Data\Avant Browser
    C:\Documents and Settings\Ofer\Application Data\Pc Suite
    C:\Documents and Settings\Ofer\Application Data\Nokia
    C:\Documents and Settings\Ofer\Application Data\Datalayer
    C:\Documents and Settings\Ofer\Application Data\Adobeum -- EMPTY Directory
    C:\Documents and Settings\Ofer\Application Data\Real
    C:\Documents and Settings\Ofer\Application Data\Nasa
    C:\Documents and Settings\Ofer\Application Data\Arcsoft
    C:\Documents and Settings\Ofer\Application Data\Google
    C:\Documents and Settings\Ofer\Application Data\Opera -- EMPTY Directory
    C:\Documents and Settings\Ofer\Application Data\Babylon
    C:\Documents and Settings\Ofer\Application Data\Skype
    C:\Documents and Settings\Ofer\Application Data\Cosmic Blobs
    C:\Documents and Settings\Ofer\Application Data\Avant Profiles
    C:\Documents and Settings\Ofer\Application Data\Sun
    C:\Documents and Settings\Ofer\Application Data\Webroot
    C:\Documents and Settings\Ofer\Application Data\Hp
    C:\Documents and Settings\Ofer\Application Data\Uniblue
    C:\Documents and Settings\Ofer\Application Data\Ahead
    C:\Documents and Settings\Ofer\Application Data\Smartshopper
    C:\Documents and Settings\Ofer\Application Data\Amust
    C:\Documents and Settings\Ofer\Application Data\Copernic
    C:\Documents and Settings\Ofer\Application Data\Divx
    C:\Documents and Settings\Ofer\Application Data\Desktop Sidebar
    C:\Documents and Settings\Ofer\Application Data\Bittorrent
    C:\Documents and Settings\Ofer\Application Data\Realthirdhold
    C:\Documents and Settings\Ofer\Application Data\Bitdownload
    C:\Documents and Settings\Ofer\Application Data\Gretech
    C:\Documents and Settings\Ofer\Application Data\Ripit4me
    C:\Documents and Settings\Ofer\Application Data\Utorrent
    C:\Documents and Settings\Ofer\Application Data\Image Zone Express
    C:\Documents and Settings\Guest\Application Data\Microsoft
    C:\Documents and Settings\Guest\Application Data\Identities
    C:\Documents and Settings\Guest\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Guest\Application Data\Mozilla
    C:\Documents and Settings\Guest\Application Data\Talkback
    C:\Documents and Settings\Guest\Application Data\Real
    C:\Documents and Settings\Guest\Application Data\Avant Browser
    C:\Documents and Settings\Guest\Application Data\Google -- EMPTY Directory
    C:\Documents and Settings\Guest\Application Data\Gtek
    C:\Documents and Settings\Guest\Application Data\Webroot
    C:\Documents and Settings\Guest\Application Data\Hp
    C:\Documents and Settings\Home\Application Data\Microsoft
    C:\Documents and Settings\Home\Application Data\Identities
    C:\Documents and Settings\Home\Application Data\Mozilla
    C:\Documents and Settings\Home\Application Data\Talkback
    C:\Documents and Settings\Home\Application Data\Macromedia
    C:\Documents and Settings\Home\Application Data\Apple Computer
    C:\Documents and Settings\Home\Application Data\Avant Browser
    C:\Documents and Settings\Home\Application Data\Real
    C:\Documents and Settings\Home\Application Data\Adobe
    C:\Documents and Settings\Home\Application Data\Leadertech
    C:\Documents and Settings\Home\Application Data\Nasa
    C:\Documents and Settings\Home\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Home\Application Data\Google
    C:\Documents and Settings\Home\Application Data\Avant Profiles
    C:\Documents and Settings\Home\Application Data\Gtek
    C:\Documents and Settings\Home\Application Data\Webroot
    C:\Documents and Settings\Home\Application Data\Hp
    C:\Documents and Settings\Home\Application Data\Smartshopper
    C:\Documents and Settings\Default User.win\Application Data\Microsoft
    C:\Documents and Settings\All Users.win\Application Data\Microsoft
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/544112

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice