annoying Popup

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Kenom, Jun 26, 2004.

  1. Kenom

    Kenom Private E-2

    Ok. I have Spybot S&d running. I have Popup stopper Companion. I have done a complete search for all spyware and removed all. Problem I'm having is I have this annoying Popup which occurs periodically. it's always the three same sites. deep-anal.us, pussypool.net and one other I can't remember. I've tried getting rid of all offline files and downloaded programs nothing get's rid of these popups. can anyone help?
    system specs
    Computer:
    Operating System Microsoft Windows XP Professional
    OS Service Pack Service Pack 1
    Internet Explorer 6.0.2800.1106 (IE 6.0 SP1)
    Motherboard:
    CPU Type AMD Athlon XP, 2166 MHz (6.5 x 333) 2700+
    Motherboard Name MSI K7N2 Delta-L (MS-6570G) (5 PCI, 1 AGP, 1 ACR, 3 DIMM, Audio, LAN)
    Motherboard Chipset nVIDIA nForce2 Ultra 400
    System Memory 1536 MB (DDR SDRAM)
    BIOS Type Award (11/07/03)
    Display:
    Video Adapter SAPPHIRE RADEON 9600 ATLANTIS - Secondary (256 MB)
    Video Adapter SAPPHIRE RADEON 9600 ATLANTIS (256 MB)
    3D Accelerator ATI Radeon 9600 (RV350)
    Multimedia:
    Audio Adapter nVIDIA MCP2 - Audio Codec Interface
    Storage:
    Floppy Drive Floppy disk drive
    Disk Drive HP photosmart 7200 USB Device
    Disk Drive Maxtor 4G160J8 (160 GB, 5400 RPM, Ultra-ATA/133)
    Disk Drive Maxtor 6Y200P0 (200 GB, 7200 RPM, Ultra-ATA/133)
    Optical Drive PLEXTOR DVDR PX-708A (DVD+RW:8x/4x, DVD-RW:4x/2x, DVD-ROM:12x, CD:40x/24x/40x DVD+RW/DVD-RW)
    Optical Drive SONY CD-ROM CDU5211 (52x CD-ROM)

    Hijack this log....Logfile of HijackThis v1.97.7
    Scan saved at 12:07:54 AM, on 6/26/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\AtomTime Pro\AtomTime.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\System32\mcc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Overnet\overnet.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Documents and Settings\Ken\My Documents\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [AtomTime] "C:\Program Files\AtomTime Pro\AtomTime.EXE"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Startup: Broadband Wizard.lnk = C:\Program Files\Broadband Wizard\bbwiz.exe
    O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\Sony Handheld\AlarmApp.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
    Kenom, Jun 26, 2004
    #1
  2. Omegamerc

    Omegamerc MajorGeek

    try using the popup stopper @ endpopups.com ; i really enjoy its performance and its free! (donations accepted though) not sure it might help...

    C:\Program Files\AtomTime Pro\AtomTime.EXE
    C:\Program Files\Overnet\overnet.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [AtomTime] "C:\Program Files\AtomTime Pro\AtomTime.EXE"
    O4 - Startup: Broadband Wizard.lnk = C:\Program Files\Broadband Wizard\bbwiz.exe

    all look like crap or have little or no reason to be there; but look into them all b4 removing or wait for a 2nd oppinion.
     
    Omegamerc, Jun 26, 2004
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Kenom,

    One of the items Omegamerc has pointed out can be a problem: C:\Program Files\Overnet\overnet.exe
    This is a file sharing program. See this link: http://www.pestpatrol.com/PestInfo/o/overnet.asp

    The other files are okay.

    I'm a little worried about the Multimedia Codecs lines though. Some searches seem to be pointing to a virus but others do not. Do you know anything about this stuff?

    I would however run this: http://housecall.trendmicro.com/housecall/start_corp.asp

    Also I would run CrapCleaner. Just run it and on the Windows tab (you'll see when you run it) leave the defaults and click Run Cleaner. Download it here: http://www.majorgeeks.com/download4191.html
     
    chaslang, Jun 26, 2004
    #3
  4. spot_on

    spot_on Private E-2

    spot_on, Jul 4, 2004
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds