1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

needs help again

Discussion in 'Virus & Other Malware Removal' started by artillery, Apr 6, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. artillery

    artillery Thread Starter

    Joined:
    Mar 18, 2004
    Messages:
    9
    I have several problems - whenever I start Internet Explorer it loads a popup. Is there a way to stop this? Also, every five minutes my computer launches a pop up that has the Maximize button shaded. Its like the Kazaa pop ups but I dont have Kazaa.

    I've used several programs; Spybot S&D, Adaware6, Spy Sweeper, Spyware Blaster, Spyhunter, CWShredder, and Pest Patrol. All delete certain files but do not find the one that causes my IE browser to launch that popup or stop the program that launches a popup every five minutes.

    Here is my Hijack

    Logfile of HijackThis v1.97.7
    Scan saved at 8:59:35 PM, on 4/5/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4\System\vcdsecs.exe
    C:\Program Files\PopUp Killer\popupkiller.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
    C:\Program Files\Common Files\Vbox\Common\vboxm.dll
    C:\WINDOWS\System32\srdbg32i.exe
    C:\PROGRA~1\PESTPA~1\PPCONT~1.EXE
    C:\Documents and Settings\new\My Documents\My Downloads\Software\hijackthis1977\HijackThis.exe
    C:\Program Files\PestPatrol\PestPatrol.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
    O2 - BHO: (no name) - {40B74D63-9A27-4D7E-9AF0-EC2D9EA3BDA9} - C:\WINDOWS\System32\pspmsg.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "c:\Software folder\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [srdbg32i] C:\WINDOWS\System32\srdbg32i.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
    O4 - HKCU\..\Run: [directs.exe] C:\WINDOWS\System32\directs.exe
    O4 - HKCU\..\Run: [WAPI] C:\WINDOWS\System32\wtsit.exe
    O4 - HKCU\..\Run: [rate.exe] C:\WINDOWS\System32\i11r54n4.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38030.9918634259
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    any help is appreciated.
     
  2. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
  3. jameso321

    jameso321

    Joined:
    Jun 26, 2002
    Messages:
    176
    These dont look good.

    See what the online AV scan says

    C:\WINDOWS\System32\srdbg32i.exe

    O4 - HKCU\..\Run: [WAPI] C:\WINDOWS\System32\wtsit.exe
    O4 - HKCU\..\Run: [rate.exe] C:\WINDOWS\System32\i11r54n4.exe
     
  4. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    jameso321

    Reason for the on line scans is from this line

    O4 - HKCU\..\Run: [rate.exe] C:\WINDOWS\System32\i11r54n4.exe
    __________________


    Added as a result of the BEAGLE.E or BEAGLE.F or BEAGLE.G or BEAGLE.H or BEAGLE.I VIRUSES!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/217542

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice