annoying popup's

ZumaZuma Rio de Janeiro - Brazil
edited June 2005 in Spyware & Virus Removal
Please help me .. i'm getting these popups while playing .. any help is appreciated .. thanks in advance!

This is my log:::

Logfile of HijackThis v1.99.1
Scan saved at 15:13:38, on 27/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\newdll2.exe
C:\WINDOWS\System32\newdll2.exe
C:\WINDOWS\abcdefg.exe
C:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\newdll2.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe
C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe
C:\Arquivos de programas\The All-Seeing Eye\eye.exe
C:\Documents and Settings\Samuel\Meus documentos\Minhas imagens\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gratis.com.br
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KAVPersonal50] C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] newdll2.exe
O4 - HKLM\..\Run: [FILE] C:\WINDOWS\abcdefg.exe
O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll2.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] newdll2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Arquivos de programas\Zilla Popup Killer\ZillaPop.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.gratis.com.br
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} - http://ocx3.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46E0C283-1855-4597-AC8B-75EFE98EE579}: NameServer = 201.10.1.2 201.10.120.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{46E0C283-1855-4597-AC8B-75EFE98EE579}: NameServer = 201.10.1.2 201.10.120.3
O23 - Service: kavsvc - Kaspersky Labs - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Comments

  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited June 2005
    Please remove these entries from Add/Remove Programs in the Control Panel(if present):

    Media Access
    Elite Toolbar



    Please make sure that you can VIEW ALL HIDDEN FILES.

    Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
    O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] newdll2.exe
    O4 - HKLM\..\Run: [FILE] C:\WINDOWS\abcdefg.exe
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll2.exe
    O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] newdll2.exe
    O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} - http://ocx3.advnt01.com/dialer/internazionale_ver3.CAB



    Reboot your computer into SAFE MODE

    Then delete these files or directories (Do not be concerned if they do not exist):

    C:\WINDOWS\EliteToolBar
    C:\WINDOWS\abcdefg.exe
    C:\WINDOWS\System32\newdll2.exe
    C:\Program Files\Media Access


    Reboot your computer to go back to normal mode.



    Please run at least two of these online scans.
    Make sure they are set to clean automatically

    Panda Virus Scan

    Bit Defender

    TrendMicro Housecall

    There will be files that these scans will not remove. Please include that information in your next post.


    Reboot and post a new hijackthis log and the info from your virus scans.
Sign In or Register to comment.