needs help again

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

artillery

Thread Starter
Joined
Mar 18, 2004
Messages
9
I have several problems - whenever I start Internet Explorer it loads a popup. Is there a way to stop this? Also, every five minutes my computer launches a pop up that has the Maximize button shaded. Its like the Kazaa pop ups but I dont have Kazaa.

I've used several programs; Spybot S&D, Adaware6, Spy Sweeper, Spyware Blaster, Spyhunter, CWShredder, and Pest Patrol. All delete certain files but do not find the one that causes my IE browser to launch that popup or stop the program that launches a popup every five minutes.

Here is my Hijack

Logfile of HijackThis v1.97.7
Scan saved at 8:59:35 PM, on 4/5/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\Common Files\Vbox\Common\vboxm.dll
C:\WINDOWS\System32\srdbg32i.exe
C:\PROGRA~1\PESTPA~1\PPCONT~1.EXE
C:\Documents and Settings\new\My Documents\My Downloads\Software\hijackthis1977\HijackThis.exe
C:\Program Files\PestPatrol\PestPatrol.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {40B74D63-9A27-4D7E-9AF0-EC2D9EA3BDA9} - C:\WINDOWS\System32\pspmsg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "c:\Software folder\qttask.exe" -atboottime
O4 - HKLM\..\Run: [srdbg32i] C:\WINDOWS\System32\srdbg32i.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKCU\..\Run: [directs.exe] C:\WINDOWS\System32\directs.exe
O4 - HKCU\..\Run: [WAPI] C:\WINDOWS\System32\wtsit.exe
O4 - HKCU\..\Run: [rate.exe] C:\WINDOWS\System32\i11r54n4.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38030.9918634259
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

any help is appreciated.
 
Joined
Jun 26, 2002
Messages
176
These dont look good.

See what the online AV scan says

C:\WINDOWS\System32\srdbg32i.exe

O4 - HKCU\..\Run: [WAPI] C:\WINDOWS\System32\wtsit.exe
O4 - HKCU\..\Run: [rate.exe] C:\WINDOWS\System32\i11r54n4.exe
 

mjack547

Malware Specialist
Joined
Sep 1, 2003
Messages
3,181
jameso321

Reason for the on line scans is from this line

O4 - HKCU\..\Run: [rate.exe] C:\WINDOWS\System32\i11r54n4.exe
__________________


Added as a result of the BEAGLE.E or BEAGLE.F or BEAGLE.G or BEAGLE.H or BEAGLE.I VIRUSES!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top