Jump to content


Photo

Raelly annoying Pop-ups


  • Please log in to reply
5 replies to this topic

#1 seanduvally

seanduvally

    Member

  • New Member
  • Pip
  • 3 posts

Posted 23 June 2004 - 04:16 PM

Hi All,
I keep getting really annoying Pop-ups using IE. The kids use the comp alot and keeping up with them is tuff. Could someone please look over this log for me?
Many Thanx,
Sean

Logfile of HijackThis v1.97.7
Scan saved at 5:12:32 PM, on 6/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OpenSSH\bin\cygrunsrv.exe
C:\Program Files\OpenSSH\usr\sbin\sshd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Easy Keyboard NT\Easykey.exe
C:\windows\msbb.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\raye\My Documents\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard NT\Easykey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [msbb] C:\windows\msbb.exe
O4 - HKLM\..\Run: [zcdozkd] C:\WINDOWS\zcdozkd.exe
O4 - HKLM\..\Run: [ytetof] C:\WINDOWS\ytetof.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hepilof] C:\WINDOWS\hepilof.exe
O4 - HKLM\..\Run: [ijmv] C:\WINDOWS\ijmv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsu...oad/tgctlcm.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macrom...tor/cabs/sw.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingsto...TInc/bridge.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...7.16/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88765EB5-8C9B-436B-AE1C-87CD8D8A9B3B}: NameServer = 63.240.76.19,204.127.198.19

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 23 June 2004 - 05:04 PM

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [msbb] C:\windows\msbb.exe
O4 - HKLM\..\Run: [zcdozkd] C:\WINDOWS\zcdozkd.exe
O4 - HKLM\..\Run: [ytetof] C:\WINDOWS\ytetof.exe
O4 - HKLM\..\Run: [hepilof] C:\WINDOWS\hepilof.exe
O4 - HKLM\..\Run: [ijmv] C:\WINDOWS\ijmv.exe

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingsto...TInc/bridge.cab

Reboot and delete

files
C:\WINDOWS\Downloaded Program Files\bridge.dl
C:\windows\msbb.exe
C:\WINDOWS\zcdozkd.exe
C:\WINDOWS\ytetof.exe
C:\WINDOWS\hepilof.exe
C:\WINDOWS\ijmv.exe

These may be hidden files. See HERE for how to show hidden files.

From your log, it looks as if you have no anti virus program running. That is absolutely essential; a good, free A/V can be downloaded from AVG free edition. Also ensure that it is kept up to date.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 I3lah

I3lah

    You goin eat jo cornbread??

  • Full Member
  • Pip
  • 2 posts

Posted 23 June 2004 - 05:31 PM

I got alot of adware with other programs such as 2004 Norton Antivirus(seriously) and looking up files that look really supicous. I you do this, you might get rid of alot of pop-ups. Go to this site and download it. http://www.pcworld.c...fid,4030,00.asp


Hope this helps you!

#4 seanduvally

seanduvally

    Member

  • New Member
  • Pip
  • 3 posts

Posted 23 June 2004 - 06:47 PM

Thanx alot,
Here is the log after I had hijackthis run its fix, and after I deleted the files. I couldn.t find the bridge.dll, I ran a search for it and came up with nothing.

Logfile of HijackThis v1.97.7
Scan saved at 7:44:45 PM, on 6/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OpenSSH\bin\cygrunsrv.exe
C:\Program Files\OpenSSH\usr\sbin\sshd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Easy Keyboard NT\Easykey.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\raye\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard NT\Easykey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsu...oad/tgctlcm.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macrom...tor/cabs/sw.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...7.16/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88765EB5-8C9B-436B-AE1C-87CD8D8A9B3B}: NameServer = 63.240.76.19,204.127.198.19

Thanx,
Sean

#5 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 24 June 2004 - 04:55 PM

Looking good! Well done.

Are you still having problems?
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#6 seanduvally

seanduvally

    Member

  • New Member
  • Pip
  • 3 posts

Posted 24 June 2004 - 05:55 PM

No, I'm not having any more problems. I downloaded and installed AVG, spywareguard, and spywareblaster. The AVG foung and fixed a few virus' I had, now everything is cool.
Thanx,
Sean




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button