Microsoft internet explorer popups

Discussion in 'adware, spyware & hijack cleaning' started by sergiobboy, Jun 18, 2004.

Thread Status:
Not open for further replies.
  1. sergiobboy

    sergiobboy Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    13
    I don't know what's going on, but everytime I'm searching the web, I get tons of internet eplorer popups. I used spybot SD and spyhunter and I cleaned all the spywares I found. I don't know what else to do. Using hijack, this is what I found:

    Since yesterday, I started to notice a lots of popup in my computer, specially when I use the internet explorer. They all are from "microsoft internet explorer"
    I have spyhunter and spybot and I killed all the garbage they both found, but I have no idea where this popups are coming from.
    Could you PLEASE, help meo_O??Logfile of HijackThis v1.97.7
    Scan saved at 2:16:53 PM, on 6/18/2004
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\Twain_32\fjscan32\FjtwSetup.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Alteer\Bin\AltGuiConsole.exe
    C:\Program Files\Alteer\Bin\altqueuesvc.exe
    C:\PROGRA~1\MICROS~1\Office\OUTLOOK.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINNT\msagent\AgentSvr.exe
    C:\Program Files\Accessories\Popup Ad Filter\PopFilter.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (disabled by BHODemon)
    O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINNT\system32\SWin32.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (disabled by BHODemon)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [tcphost] C:\WINNT\System32\tcphost.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINNT\Twain_32\fjscan32\FjtwSetup.exe /Station
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [Adstartup] C:\WINNT\system32\automove.exe
    O4 - Startup: BHODemon.lnk = C:\Program Files\BHODemon\BHODemon.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = alteer.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = alteer.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = alteer.local

    what should I removed from here?
     
  2. dave38

    dave38 Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    377
    Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINNT\system32\SWin32.dll

    O4 - HKLM\..\Run: [tcphost] C:\WINNT\System32\tcphost.exe
    O4 - HKLM\..\Run: [Adstartup] C:\WINNT\system32\automove.exe

    Reboot and delete

    files
    C:\WINNT\System32\tcphost.exe
    C:\WINNT\system32\automove.exe

    These may be hidden files. See HERE for how to show hidden files.

    Please post a followup Hijack this log, and say if your problems persist.
     
  3. sergiobboy

    sergiobboy Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    13
    Thanks Dave38. It looks that the problem has been fixed.
     
Thread Status:
Not open for further replies.