Options
SVT Team Attention Needed: help me get rid of 9ringtone pop up!
Hi guys ,
I am desparatly looking for solution to help get rid of the 9ringtone pop up and 214.paypopup.I run adaware and spybot, but that didn't help. than I found this site and saw thst you use the hijackthis program, so i pasting the log here. I would grately appriciate if someone could tell me what to do with this log. Thanks in advance.
Logfile of HijackThis v1.99.1
Scan saved at 10:07:42 AM, on 08/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Sap Business One\SAP Business One.exe
C:\SAPBUS~1\SAPBOU~1.EXE
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\estie\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.il
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.il
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/PageOn1/Portal/portal.html
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon\Babylon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm47736
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: הורד באמצעות פלאש-גט - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: הורד הכל באמצעות פלאש-גט - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {3EA00DAB-812E-4894-A7D2-E9B0F80E94AE} (ARSign Class) - https://www.join.poalim.co.il/reg/pk/cabs/arpkcom.cab
O16 - DPF: {470A6E01-15A3-49B3-B8B9-8EDF4AC1A480} - http://sp.ask.com/docs/teoma/toolbar/download/teomab-inst.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} -
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.xs4all.nl/~kuhljf/nl.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = uiac.org.il
O17 - HKLM\Software\..\Telephony: DomainName = uiac.org.il
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = uiac.org.il
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\iEssdo.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
I am desparatly looking for solution to help get rid of the 9ringtone pop up and 214.paypopup.I run adaware and spybot, but that didn't help. than I found this site and saw thst you use the hijackthis program, so i pasting the log here. I would grately appriciate if someone could tell me what to do with this log. Thanks in advance.
Logfile of HijackThis v1.99.1
Scan saved at 10:07:42 AM, on 08/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Sap Business One\SAP Business One.exe
C:\SAPBUS~1\SAPBOU~1.EXE
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\estie\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.il
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.il
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/PageOn1/Portal/portal.html
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon\Babylon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm47736
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: הורד באמצעות פלאש-גט - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: הורד הכל באמצעות פלאש-גט - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {3EA00DAB-812E-4894-A7D2-E9B0F80E94AE} (ARSign Class) - https://www.join.poalim.co.il/reg/pk/cabs/arpkcom.cab
O16 - DPF: {470A6E01-15A3-49B3-B8B9-8EDF4AC1A480} - http://sp.ask.com/docs/teoma/toolbar/download/teomab-inst.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} -
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.xs4all.nl/~kuhljf/nl.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = uiac.org.il
O17 - HKLM\Software\..\Telephony: DomainName = uiac.org.il
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = uiac.org.il
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\iEssdo.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
0