 |  |  |  |  |  |  |  |
My log of annoingness
 |
I tried hijackthis will that help with pop ups because im not kidingfor like 20 minutes I got a pop up ever 5 to 15 seconds. I also have Ad-aware and spyware blaster. Is there anything else iI should do?
The 3 things at the bottom won't go away ive tried and tried i had 101 other things on it but I got rid of those. Is this bad?
Logfile of HijackThis v1.98.2
Scan saved at 7:58:05 PM, on 8/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\HTMPLA~1\axis wait.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\gcesrmpc.exe
C:\docume~1\owner\locals~1\temp\taCQu.exe
C:\WINNT\SM1BG.EXE
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WebSphere\AppServer\installedApps\cfusion.ear\cfusion.war\WEB-INF\cfusion\db\slserver52\bin\swagent.exe
C:\WebSphere\AppServer\installedApps\cfusion.ear\cfusion.war\WEB-INF\cfusion\db\slserver52\bin\swstrtr.exe
C:\WebSphere\AppServer\installedApps\cfusion.ear\cfusion.war\WEB-INF\cfusion\db\slserver52\bin\swsoc.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Macromedia\Flash Communication Server MX\FlashComAdmin.exe
C:\WINNT\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\Emis.exe
C:\WINNT\System32\Bpr5o82k.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ix0hs42o.slt\prefs.js)
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Pvd8k13.exe
O4 - HKLM\..\Run: [owns dart] C:\PROGRA~1\HTMPLA~1\axis wait.exe
Logfile of HijackThis v1.98.2
Scan saved at 7:58:05 PM, on 8/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\HTMPLA~1\axis wait.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\gcesrmpc.exe
C:\docume~1\owner\locals~1\temp\taCQu.exe
C:\WINNT\SM1BG.EXE
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WebSphere\AppServer\installedApps\cfusion.ear\cfusion.war\WEB-INF\cfusion\db\slserver52\bin\swagent.exe
C:\WebSphere\AppServer\installedApps\cfusion.ear\cfusion.war\WEB-INF\cfusion\db\slserver52\bin\swstrtr.exe
C:\WebSphere\AppServer\installedApps\cfusion.ear\cfusion.war\WEB-INF\cfusion\db\slserver52\bin\swsoc.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Macromedia\Flash Communication Server MX\FlashComAdmin.exe
C:\WINNT\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\Emis.exe
C:\WINNT\System32\Bpr5o82k.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ix0hs42o.slt\prefs.js)
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Pvd8k13.exe
O4 - HKLM\..\Run: [owns dart] C:\PROGRA~1\HTMPLA~1\axis wait.exe
•
•
Join Date: May 2004
Posts: 1,478
Reputation: 
Solved Threads: 18
spybot search and destroy if using internet explorer then try mozilla which has better pop up blocking tech in it or if u dont want mozilla then get panicware popup stopper. When sp2 is finally released in its full version the internet explorer has a pop up blocking.
One question is this happening while browsing or just connected to the internet?
One question is this happening while browsing or just connected to the internet?
•
•
Join Date: Feb 2004
Posts: 9,945
Reputation: 
Solved Threads: 712
You got the peper trojan. Once you run the following tool you may want to post the entire log. You have other stuff that I can see that needs to be removed.
Clear the contents of the following folder in safe mode;
C:\docume~1\owner\locals~1\temp
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Uninstal *Mywebsearch* from add remove programs. Also uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller:
http://lop.com/new_uninstall.exe
Download the PeperFix.exe tool from here:
http://downloads.subratam.org/PeperFix.exe
Click on the PeperFix.exe to launch it.
Click the Find and Fix button.
It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files.
Ensure that you are online before starting the fix. Make sure to run the fix twice.
Clear the contents of the following folder in safe mode;
C:\docume~1\owner\locals~1\temp
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Uninstal *Mywebsearch* from add remove programs. Also uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller:
http://lop.com/new_uninstall.exe
Download the PeperFix.exe tool from here:
http://downloads.subratam.org/PeperFix.exe
Click on the PeperFix.exe to launch it.
Click the Find and Fix button.
It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files.
Ensure that you are online before starting the fix. Make sure to run the fix twice.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Feb 2004
Posts: 9,945
Reputation:
Solved Threads: 712
Merged your two threads. Please do not post in more than one forum with the same problem 
. Thank you.
. Thank you. Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Thank so much!How did I get the peper trojan I have norton and spyware blaster and adaware and hijackthis?
•
•
Join Date: Feb 2004
Posts: 9,945
Reputation:
Solved Threads: 712
Both issues are spyware related. Peper trojan is bundled with memorywatcher.
From the vendor: "By installing the Memory Watcher Software on your computer, you understand that: (i) Several ADVERTISING CONSOLES may be launched for the duration of time you spend online."
From the vendor: "By installing the Memory Watcher Software on your computer, you understand that: (i) Several ADVERTISING CONSOLES may be launched for the duration of time you spend online."
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Bridge.dll
- Next Thread: logfile
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday