1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

New pop up?

Discussion in 'Virus & Other Malware Removal' started by kvanpelt, Jan 24, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. kvanpelt

    kvanpelt Thread Starter

    Joined:
    Nov 4, 2003
    Messages:
    56
    I can't seem to get rid of. I even have pop up blocker and I cannot get the properties of this new pop up so I can add it. All it says at the top is "only the best". I even did a search and destroy for spyware. Does anyone know what this is or how to get rid of it?
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
    AdAware SE http://www.majorgeeks.com/download506.html
    SpyBot S&D 1.3 http://www.safer-networking.org/en/download/

    DL them (they are free), install them, check each for their
    definition updates
    and then run AdAware and Spybot, fixing anything
    they say.

    In SpywareBlaster - Always enable all protection after updates
    SpyBot - After an update run immunize

    Do these and reboot before the next step.

    Then get HiJack This http://www.majorgeeks.com/download3155.html, put
    it in a permanent folder (C:\HJT) , run it , DO NOT fix anything, post the
    log here.
     
  3. kvanpelt

    kvanpelt Thread Starter

    Joined:
    Nov 4, 2003
    Messages:
    56
    The adaware keeps locking up on me, but I have done the others. Here is the log though.

    Logfile of HijackThis v1.99.0
    Scan saved at 9:56:10 PM, on 1/24/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\2Wire\Gateway\2PortalMon.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe
    C:\WINDOWS\iepz.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    C:\Program Files\Quicken\bagent.exe
    C:\Program Files\SECRETMAKER\secretmaker.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\mfcoq32.exe
    C:\WINDOWS\System32\hpoipm07.exe
    C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert1.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Karen Van Pelt\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zqgal.dll/sp.html#14044
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zqgal.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zqgal.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zqgal.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zqgal.dll/sp.html#14044
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zqgal.dll/sp.html#14044
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zqgal.dll/sp.html#14044
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {CDA7655D-27CA-4F67-07DB-DBE1FF31B073} - C:\WINDOWS\system32\ipmr.dll
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [MyPointsPointAlert0] "C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"
    O4 - HKLM\..\Run: [iepz.exe] C:\WINDOWS\iepz.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
    O9 - Extra button: (no name) - {173F3521-8FBE-4d0c-B14D-C4D8513A06C0} - C:\WINDOWS\htasys.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {173F3521-8FBE-4d0c-B14D-C4D8513A06C0} - C:\WINDOWS\htasys.dll (HKCU)
    O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (HKCU)
    O15 - Trusted IP range: 206.161.125.149 (HKLM)
    O16 - DPF: VIN.net Clients - http://app2.outtask.com/vinnet/clients/154.28/vin2-116.CAB
    O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
    O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout Control) - http://www.imagestation.com/common/classes/BPPrintClient.cab?ver=2,0,0,50
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
    O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://costco.internetimagingnetwork.com/activex/PCAXSetup.cab?
    O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.149/code/iPIX-ImageWell-ipix.cab
    O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\mfcoq32.exe
     
  4. kvanpelt

    kvanpelt Thread Starter

    Joined:
    Nov 4, 2003
    Messages:
    56
    Now about.blank has made it my homepage. :mad:
     
  5. kvanpelt

    kvanpelt Thread Starter

    Joined:
    Nov 4, 2003
    Messages:
    56
    I wonder if should do another HJT, because some other things have changed.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/323141

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice