Jump to content


Photo

Unstopable Pop-ups with browser closed


  • Please log in to reply
2 replies to this topic

#1 corpserv

corpserv

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 17 July 2004 - 12:52 PM

I have been unable to stop IE pop-up windows from appearing on screen. This is a computer configured to run SnapStream Beyond TV PVR software and does little else other than record shows and share files on my internal network. It also serves as my main video editing machine for home videos.

I have run Spybot and Adaware, turned off Windows messaging and other uneeded services to no avail. My default browser is Mozilla Firefox, but the pop ups appear in IE explorer.

I have a nephew that played some games on this system and visited some cheat-code web sites which is where I assume I was bombarded with mal-ware.


Here is my hijack-This log. Please advise what I can safely get rid of:

Logfile of HijackThis v1.98.0
Scan saved at 8:07:59 PM, on 7/14/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\EPSON\ESM2\eEBSVC.exe
E:\Program Files\EPSON\ESM2\eEBAgent.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\EPSON\ESM2\STMS.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\SnapStream Media\Beyond TV 3\WTLPVSApp.exe
E:\Program Files\SnapStream Media\Beyond TV 3\PVSLogService.exe
E:\Program Files\SnapStream Media\Beyond TV 3\SSBatchProcessorService.exe
E:\Program Files\SnapStream Media\Beyond TV 3\PVSGuideUpdaterService.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\System32\Hfl44uJ.exe
E:\WINDOWS\System32\Frf6AX.exe
E:\Documents and Settings\VCR\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] E:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] E:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [3EEQEE42DXA7E@] E:\WINDOWS\System32\Iyh5.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Beyond TV.lnk = E:\Program Files\SnapStream Media\Beyond TV 3\WTLPVSApp.exe
O4 - Global Startup: EPSON Background Monitor.lnk = E:\Program Files\EPSON\ESM2\STMS.exe
O8 - Extra context menu item: &Google Search - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA643334-ACF9-4341-A4EA-2E5E531F3AC8}: NameServer = 68.168.0.2,68.168.0.5

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 17 July 2004 - 03:50 PM

You have the Peper trojan, which requires special treatment to put it out of your misery!
Please download and run this uninstaller.

Click on the peperfix link, and download the program. Then go off line, and run the program. It will remove the files, leaving one orphaned entry to be cleaned up with Hijack this.

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [3EEQEE42DXA7E@] E:\WINDOWS\System32\Iyh5.exe

Reboot and delete the file E:\WINDOWS\System32\Iyh5.exe

This may be a hidden file. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 corpserv

corpserv

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 17 July 2004 - 09:32 PM

I followed your instructions and have now gone several hours with no pop-ups. You are my new hero. Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button