PC Pals Forum

Technical Help & Discussion => Broadband, Networking, PC Security, Internet & ISPs => Topic started by: labopp on January 05, 2005, 18:26

Title: nasty popup
Post by: labopp on January 05, 2005, 18:26

hi
i have been some incredible difficulty in getting rid of a nasty popup that keep coming back. used adaware, norton and hijack, but nohing does it. i tried manually ih the reg, but cant find it.
what should i do??

Title: Re:nasty popup
Post by: Clive on January 05, 2005, 19:30

Try downloading HiJack This and post the results here.  I'm sure it will identify the culprit and one of the techies can help you eradicate it.

http://www.spychecker.com/program/hijackthis.html

Title: Re:nasty popup
Post by: Simon on January 05, 2005, 20:08

You could also try Spybot S&D (http://www.safer-networking.org/), which often finds things Ad Aware doesn't.

Title: Re:nasty popup
Post by: labopp on January 06, 2005, 16:20

actually now i have an official virus. nice... cant control my mouse, its going nuts...
what can i do to do get rid of this?
thannxxxx so much

Title: Re:nasty popup
Post by: Clive on January 06, 2005, 16:47

Has your antivirus software told you that you have a virus?  If not, try dismantling your mouse and cleaning all the fluff and hair from around the ball.

Title: Re:nasty popup
Post by: Simon on January 06, 2005, 23:16

If your mouse isn't suffering from a hairy ball  :o  try booting into Safe Mode, which should allow Windows to start without the virus / spyware launching, then, in Safe Mode, run a complete virus scan, and also do scans with Ad Aware and Spybot.  You should also disable System Restore, if you're using XP or ME, but don't forget to switch it back on afterwards.

Title: Re:nasty popup
Post by: labopp on January 10, 2005, 21:43

thanx simon
i tried absolutely everything i could to get rid of this constant popup, cant do it...
plus when do the hiujack, it keeps showing back in the scan. (the lsat one)
here is my log:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC}_ - (no file)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
O2 - BHO: (no name) - {95795B67-BBAB-47d0-8A9F-069E8242C0E5} - c:\Program Files\Fen\fen.dll
O2 - BHO: Core Library - {A23AB93D-6CFF-442c-BB8A-41F6145F47E7} - (no file)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF2463.dll
O4 - HKLM\..\Run: [WebCpr0] "C:\Program Files\Web_Cpr\WebCpr0.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [abu] abu.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bcre.exe"
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [Sys Ren] C:\WINDOWS\SysRen.exe /S
O4 - HKLM\..\Run: [Wast] C:\WINDOWS\wast2.exe 2
O4 - HKLM\..\Run: [xgqvyalbx] C:\WINDOWS\System32\nftueu.exe
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [F9224DFB] C:\WINDOWS\system32\dsadssfOCX.exe
O4 - HKLM\..\Run: [ABF5CA6E] C:\WINDOWS\system32\TIDCTACE.exe
O4 - HKLM\..\Run: [47E02E76] C:\WINDOWS\system32\i3ILT.exe
O4 - HKLM\..\Run: [0C996DEE] C:\WINDOWS\system32\CLUIMFDTMLI.exe
O4 - HKLM\..\Run: [FeCPY] "C:\Program Files\Common Files\Java\fecpy.exe"
O4 - HKLM\..\Run: [A9403BCE] C:\WINDOWS\system32\CAPOMPS.exe
O4 - HKLM\..\Run: [D002C3DB] C:\WINDOWS\system32\siUTO.exe
O4 - HKLM\..\Run: [ECFA42CE] C:\WINDOWS\system32\o32spr.exe
O4 - HKLM\..\Run: [0CF71A66] C:\WINDOWS\system32\NOLcs3d8.exe
O4 - HKLM\..\Run: [FBB56F73] C:\WINDOWS\system32\RESapphSYC.exe
O4 - HKLM\..\Run: [C978708E] C:\WINDOWS\system32\l3RElex.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\Run: [F9224DFB] C:\WINDOWS\system32\dsadssfOCX.exe
O4 - HKCU\..\Run: [ABF5CA6E] C:\WINDOWS\system32\TIDCTACE.exe
O4 - HKCU\..\Run: [47E02E76] C:\WINDOWS\system32\i3ILT.exe
O4 - HKCU\..\Run: [0C996DEE] C:\WINDOWS\system32\CLUIMFDTMLI.exe
O4 - HKCU\..\Run: [A9403BCE] C:\WINDOWS\system32\CAPOMPS.exe
O4 - HKCU\..\Run: [D002C3DB] C:\WINDOWS\system32\siUTO.exe
O4 - HKCU\..\Run: [ECFA42CE] C:\WINDOWS\system32\o32spr.exe
O4 - HKCU\..\Run: [0CF71A66] C:\WINDOWS\system32\NOLcs3d8.exe
O4 - HKCU\..\Run: [FBB56F73] C:\WINDOWS\system32\RESapphSYC.exe
O4 - HKCU\..\Run: [C978708E] C:\WINDOWS\system32\l3RElex.exe
O4 - Global Startup: eFax Tray Menu.lnk = C:\Program Files\eFax Messenger Plus\HotTray.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC}_ - (no file)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
O2 - BHO: (no name) - {95795B67-BBAB-47d0-8A9F-069E8242C0E5} - c:\Program Files\Fen\fen.dll
O2 - BHO: Core Library - {A23AB93D-6CFF-442c-BB8A-41F6145F47E7} - (no file)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF2463.dll
O4 - HKLM\..\Run: [WebCpr0] "C:\Program Files\Web_Cpr\WebCpr0.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [abu] abu.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bcre.exe"
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [Sys Ren] C:\WINDOWS\SysRen.exe /S
O4 - HKLM\..\Run: [Wast] C:\WINDOWS\wast2.exe 2
O4 - HKLM\..\Run: [xgqvyalbx] C:\WINDOWS\System32\nftueu.exe
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [F9224DFB] C:\WINDOWS\system32\dsadssfOCX.exe
O4 - HKLM\..\Run: [ABF5CA6E] C:\WINDOWS\system32\TIDCTACE.exe
O4 - HKLM\..\Run: [47E02E76] C:\WINDOWS\system32\i3ILT.exe
O4 - HKLM\..\Run: [0C996DEE] C:\WINDOWS\system32\CLUIMFDTMLI.exe
O4 - HKLM\..\Run: [FeCPY] "C:\Program Files\Common Files\Java\fecpy.exe"
O4 - HKLM\..\Run: [A9403BCE] C:\WINDOWS\system32\CAPOMPS.exe
O4 - HKLM\..\Run: [D002C3DB] C:\WINDOWS\system32\siUTO.exe
O4 - HKLM\..\Run: [ECFA42CE] C:\WINDOWS\system32\o32spr.exe
O4 - HKLM\..\Run: [0CF71A66] C:\WINDOWS\system32\NOLcs3d8.exe
O4 - HKLM\..\Run: [FBB56F73] C:\WINDOWS\system32\RESapphSYC.exe
O4 - HKLM\..\Run: [C978708E] C:\WINDOWS\system32\l3RElex.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\Run: [F9224DFB] C:\WINDOWS\system32\dsadssfOCX.exe
O4 - HKCU\..\Run: [ABF5CA6E] C:\WINDOWS\system32\TIDCTACE.exe
O4 - HKCU\..\Run: [47E02E76] C:\WINDOWS\system32\i3ILT.exe
O4 - HKCU\..\Run: [0C996DEE] C:\WINDOWS\system32\CLUIMFDTMLI.exe
O4 - HKCU\..\Run: [A9403BCE] C:\WINDOWS\system32\CAPOMPS.exe
O4 - HKCU\..\Run: [D002C3DB] C:\WINDOWS\system32\siUTO.exe
O4 - HKCU\..\Run: [ECFA42CE] C:\WINDOWS\system32\o32spr.exe
O4 - HKCU\..\Run: [0CF71A66] C:\WINDOWS\system32\NOLcs3d8.exe
O4 - HKCU\..\Run: [FBB56F73] C:\WINDOWS\system32\RESapphSYC.exe
O4 - HKCU\..\Run: [C978708E] C:\WINDOWS\system32\l3RElex.exe
O4 - Global Startup: eFax Tray Menu.lnk = C:\Program Files\eFax Messenger Plus\HotTray.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O15 - Trusted Zone: http://*.69sexsearch.com

Title: Re:nasty popup
Post by: Dack on January 10, 2005, 23:03

OUCH!

Firstly:
Uninstall Kazza - thats the one that gave you the p2p adware.

I take it you are using the latest version of Hijack This (you've clipped the top of the posting so it doesn't show the version).
http://www.spywareinfo.com/~merijn/ (http://www.spywareinfo.com/~merijn/) should get you version 1.99

Right...... Now reboot in safe mode, make sure that now explorer windows are open and run HJT again and fix the following.

Quote

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC}_ - (no file)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
O2 - BHO: (no name) - {95795B67-BBAB-47d0-8A9F-069E8242C0E5} - c:\Program Files\Fen\fen.dll
O2 - BHO: Core Library - {A23AB93D-6CFF-442c-BB8A-41F6145F47E7} - (no file)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF2463.dll
O4 - HKLM\..\Run: [WebCpr0] "C:\Program Files\Web_Cpr\WebCpr0.exe"

O4 - HKLM\..\Run: [abu] abu.exe

O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe[ - TROJAN
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bcre.exe"
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [Sys Ren] C:\WINDOWS\SysRen.exe /S
O4 - HKLM\..\Run: [Wast] C:\WINDOWS\wast2.exe 2
O4 - HKLM\..\Run: [xgqvyalbx] C:\WINDOWS\System32\nftueu.exe
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [F9224DFB] C:\WINDOWS\system32\dsadssfOCX.exe
O4 - HKLM\..\Run: [ABF5CA6E] C:\WINDOWS\system32\TIDCTACE.exe
O4 - HKLM\..\Run: [47E02E76] C:\WINDOWS\system32\i3ILT.exe
O4 - HKLM\..\Run: [0C996DEE] C:\WINDOWS\system32\CLUIMFDTMLI.exe
O4 - HKLM\..\Run: [FeCPY] "C:\Program Files\Common Files\Java\fecpy.exe"
O4 - HKLM\..\Run: [A9403BCE] C:\WINDOWS\system32\CAPOMPS.exe
O4 - HKLM\..\Run: [D002C3DB] C:\WINDOWS\system32\siUTO.exe
O4 - HKLM\..\Run: [ECFA42CE] C:\WINDOWS\system32\o32spr.exe
O4 - HKLM\..\Run: [0CF71A66] C:\WINDOWS\system32\NOLcs3d8.exe
O4 - HKLM\..\Run: [FBB56F73] C:\WINDOWS\system32\RESapphSYC.exe
O4 - HKLM\..\Run: [C978708E] C:\WINDOWS\system32\l3RElex.exe

O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe - TROJAN
O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\Run: [F9224DFB] C:\WINDOWS\system32\dsadssfOCX.exe
O4 - HKCU\..\Run: [ABF5CA6E] C:\WINDOWS\system32\TIDCTACE.exe
O4 - HKCU\..\Run: [47E02E76] C:\WINDOWS\system32\i3ILT.exe
O4 - HKCU\..\Run: [0C996DEE] C:\WINDOWS\system32\CLUIMFDTMLI.exe
O4 - HKCU\..\Run: [A9403BCE] C:\WINDOWS\system32\CAPOMPS.exe
O4 - HKCU\..\Run: [D002C3DB] C:\WINDOWS\system32\siUTO.exe
O4 - HKCU\..\Run: [ECFA42CE] C:\WINDOWS\system32\o32spr.exe
O4 - HKCU\..\Run: [0CF71A66] C:\WINDOWS\system32\NOLcs3d8.exe
O4 - HKCU\..\Run: [FBB56F73] C:\WINDOWS\system32\RESapphSYC.exe
O4 - HKCU\..\Run: [C978708E] C:\WINDOWS\system32\l3RElex.exe

O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)

O15 - Trusted Zone: http://*.69sexsearch.com

ALSO

You seem to be running part of Norton Antivirus and also Grisoft anti virus - niether of which picked up the trojan. I'd suggest avast as a free one (but then I hate Norton with a vengence and have not rated AVG for a while now)

Title: Re:nasty popup
Post by: Dack on January 10, 2005, 23:06

I'd also suggest NOT using internet explorer - use firefox or Opera (or in fact ANY other browser).

You also need a firewall - zone alarm is alright for that.

After rebooting you will need to scan with HJT again as some other nasties will probably then appear.

Title: Re:nasty popup
Post by: labopp on January 11, 2005, 17:02

hey dack.. thanx.
whatever i do, it still seems to come back.
but i switched to firefox anyway, i am done with IE, saved my cpu and my life.
thanx