Sponsored By

gpultorak

Zedo.com Pop-ups[INACTIVE]

Recommended Posts

I was using firefox while surfing on facebook when my browser starting acting strange. Pop-ups directing me to a bunch of odd sites starting with zedo.com frequently Below is my log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:18:36 PM, on 12/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\SYSTEM32\DWRCS.EXE

C:\WINDOWS\system32\enstart.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Program Files\Hummingbird\Connectivity\13.00\HostExplorer\PrintServices\PESRV.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe

C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe

C:\WINDOWS\system32\SgLogPlayer.exe

C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe

C:\Program Files\Intel\AMT\UNS.exe

C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\0FCD0G.EXE

C:\WINDOWS\SYSTEM32\DWRCST.exe

c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe

C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\AMT\atchk.exe

C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe

C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Microsoft Office Communicator\Communicator.exe

C:\Program Files\GetModule\GetModule31.exe

C:\Documents and Settings\pultogr\Application Data\gadcom\gadcom.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vzweb.vzwcorp.com/

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless

Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security

Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel

PROSet/Wireless

O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe"

-HideWindow

O4 - HKLM\..\Run: [sgeEcView] "C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe"

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [8828eae9] rundll32.exe "C:\WINDOWS\system32\itylhjif.dll",b

O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe

O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"

/silentRetrials /background

O4 - HKCU\..\Run: [GetModule31] C:\Program Files\GetModule\GetModule31.exe

O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\pultogr\Application Data\gadcom\gadcom.exe"

61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe

O4 - Global Startup: TunnelGuard Tray Monitor.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) -

https://njcwednavp1.win.eng.vzwnet.com:4343...ll/WinNTChk.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl

Class) - https://njcwednavp1.win.eng.vzwnet.com:4343...stall/setup.cab

O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) -

https://njcwednavp1.win.eng.vzwnet.com:4343...root/AtxEnc.cab

O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl

Class) -

https://njcwednavp1.win.eng.vzwnet.com:4343.../RemoveCtrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/windowsupd...b?1203987353890

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} -

http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/microsoftu...b?1203990046281

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -

https://ciscosales.webex.com/client/T26L10N...bex/ieatgpc.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = win.eng.vzwnet.com

O17 - HKLM\Software\..\Telephony: DomainName = win.eng.vzwnet.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = win.eng.vzwnet.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList =

win.eng.vzwnet.com,nss.vzwnet.com,uswin.ad.vzwcorp.com,eng.vzwcorp.com,msc.vzwne

t.com,vzwcorp.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList =

win.eng.vzwnet.com,nss.vzwnet.com,uswin.ad.vzwcorp.com,eng.vzwcorp.com,msc.vzwne

t.com,vzwcorp.com

O20 - AppInit_DLLs: APSHook.dll tscohk.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel

Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES

Client\BESClient.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe

O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC -

C:\WINDOWS\SYSTEM32\DWRCS.EXE

O23 - Service: enstart - Unknown owner - C:\WINDOWS\system32\enstart.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program

Files\Nortel Networks\Extranet_serv.exe

O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd -

c:\WINDOWS\system32\flcdlock.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program

Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program

Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard

Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation

- C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend

Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: Hummingbird HostExplorer Print Services (PESRV) - Open Text Corporation - C:\Program

Files\Hummingbird\Connectivity\13.00\HostExplorer\PrintServices\PESRV.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SafeGuard Easy Client (SgeClient) - Unknown owner - C:\Program Files\Utimaco\SafeGuard

Easy\SgeClient.exe

O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Program

Files\Utimaco\SafeGuard Easy\SgeCtl.exe

O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG -

C:\WINDOWS\system32\SgLogPlayer.exe

O23 - Service: SlingAgent Service (SlingAgentService) - Sling Media Inc. - C:\Program Files\Sling

Media\SlingAgent\SlingAgentService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing

Shared\stllssvr.exe

O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra

Wireless\Win32\Unicode\SWIHPWMI.exe

O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend

Micro\OfficeScan Client\tmlisten.exe

O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend

Micro\OfficeScan Client\TmProxy.exe

O23 - Service: Nortel Networks TunnelGuard (tunnelguardservice) - Alexandria Software Consulting -

C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation

- C:\Program Files\Intel\AMT\UNS.exe

O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Program

Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

--

Thanks

Greg

End of file - 14241 bytes

Share this post


Link to post
Share on other sites

Open notepad, click Format, uncheck wordwrap

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.