Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
12 Posts
Discussion Starter · #1 ·
I am getting random pop-ups with IE6 SP2 on a XPPRO SP2 unit. I am using Avira Personal Antivirus, as it has done the best, but not perfect job so far. I have 2 computers infected, and this one is not as bad as the other one. I have a wireless home network, and have Hijackthis installed. I have a scan report that I can include and a recent hijackthis report. I have tried over 9 different trials, demos, and Norton, but still can't shake this bug!
Thanks for any help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:51 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\eMail ID\OEAddOn\OEdmn_3.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Weather Add-in for Windows Live Toolbar\WeatherDataClient.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Tax99\32bit\Ttax.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_29.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\eMail ID\OEAddOn\OEdmn_3.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?5b9e52f8bf474f2799fd7d78c501bbba
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?5b9e52f8bf474f2799fd7d78c501bbba
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_29.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_29.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_29.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_29.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/v/8.1.5.27/applet/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-8.0.3.36/backgammon/backgammon-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/v/8.1.7.44/applet/blackjack/blackjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/v/8.1.5.27/applet/vbjack2/vbjack2-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-8.0.7.27/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-8.0.5.48/canasta/canasta-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-8.0.7.27/cribbage/cribbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-8.0.4.32/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.7.44/applet/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game1.pogo.com/v/8.1.5.27/applet/domino2/domino2-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/v/8.1.5.27/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/v/8.1.6.21/applet/greenback/greenback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-8.0.6.59/hangman/hangman-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-8.0.5.48/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-8.0.6.49/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/v/8.1.6.3/applet/gin2/gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-8.0.6.59/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/v/8.1.9.1/applet/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.7.44/applet/mahjong2/mahjong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.5.48/shoes/shoes-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.41/freecell2/freecell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-8.0.5.30/penguins/penguins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/v/8.1.6.21/applet/waterwheel/waterwheel-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-8.0.5.30/pinochle/pinochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/v/8.1.5.27/applet/popfu/popfu-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/v/8.1.7.44/applet/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/v/8.1.7.44/applet/squares/squares-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.4.41/puck/puck-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-8.0.6.49/squelchies/squelchies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-8.0.7.27/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/v/8.1.5.27/applet/sweeper/sweeper-en_US.cab
O16 - DPF: Super Dominoes by pogo - http://game1.pogo.com/v/8.1.6.3/applet/superdomino/superdomino-en_US.cab
O16 - DPF: Swashbucks by pogo - http://game3.pogo.com/v/8.1.6.21/applet/piratesgold/piratesgold-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.6.21/applet/sweettooth2/sweettooth2-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-8.0.5.48/holdem/holdem-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.4.2/applet/millbrae/millbrae-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.7.27/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-8.0.3.36/tumbee2/tumbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/v/8.1.5.27/applet/turbo22/turbo22-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-8.0.5.48/babble/babble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.7.27/wordsearch/wordsearch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/v/8.1.4.1/applet/wordwhomp2/whomp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-8.0.6.59/whackdown/whackdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/v/8.1.4.1/applet/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/v/8.1.6.21/applet/worldclass/worldclass-en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13161 bytes
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #3 ·
I am still waiting for any response on this malware problem..I will go to another forum, if that is suggested, as it seems you folks are very busy.
thanks
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #4 ·
Hi and thanks to everyone who helped me cure the bugs on my computer thru Spykiller and Derek.

I just wanted to say how much I appreciated his patience and expertise.

THANKS:up::):D
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top