Worried about Popups with IE

Hi everyone. I don't use IE as my primary web browser, but the last few times when I have used it I have noticed some unusual popups. I am a little worried that I have something tagging along with IE. I haven't noticed anything else unusual though, so I'm not sure if I am over reacting or not. I have run Ad-aware and Spybot and found nothing out of the ordinary, so I downloaded and ran Hijack This. I know some of the items on the log file, but others I don't recognize. Can anyone lend any assistance? Thanks,

Logfile of HijackThis v1.99.1
Scan saved at 11:20:20 PM, on 2/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Sorry, looks like I forgot to stop running everything before running Hijack This. y bad for not reading the directions first. This log file is after I closed everything and reran it. Thanks,

 

Hi Cxs293,

Note that these instructions assume familiarity with the Cleanup Tutorial HERE: READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal


And . . . . Off we go!
Please look in Add or Remove Programs for the following and Uninstall it if found:

Viewpoint Manager

Please print out these instructions so that you can operate with All Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running process and try to end it, if found:

zpsmxy.exe

Now scan with HijackThis and Check the Boxes for the following:
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [didwuymhcx] C:\WINDOWS\System32\zpsmxy.exe

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/221a0e95ffc05c...etzip/RdxIE.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\ZServ.dll
C:\WINDOWS\System32\zpsmxy.exe
C:\Program Files\Viewpoint --> The Folder

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis. Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits.

Best luck
PP