1.

Solve : adware.zenoSearch think/adz popups search engine hijack?

Answer»

Hello, I am getting a lot of popups and alternate search engine popups.  I have scanned with Computer Associates Anti-Virus has found Zenotechinco virus and it says it removed it, AVG Anti-Spyware 7.5 finds Adware.ZenoSearch as malware and says that it quarantines and deletes it but I still have the issues and it is still there. downloaded and RAN HiJackThis based on other posts read here.  Below is the Hijackthis log. PLEASE help, the popups are BAD and often unsavory!!!  

Logfile of HijackThis v1.99.1
Scan saved at 3:25:32 PM, on 9/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Novadigm\AXF\Bin\XFSrvcNT.Exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec\SPA\smc.exe
C:\Program Files\Symantec\SPA\snac.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINNT\system32\IFXSPMGT.exe
C:\WINNT\system32\IFXTCS.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec\SPA\SmcGui.exe
C:\Program Files\Novadigm\AXF\Bin\XFStatus.Exe
C:\WINNT\system32\AccelerometerSt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Communication Now\2119264\Program\Communication Now.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\winnt\system32\lldsrngk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Belkin\F1U201.401\usbshare.exe
C:\WINNT\system32\pwinmmdt.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\Antivirus\caaviftest.exe
C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JBISHOP1\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

here is the remainder of the log from Hijackthis part 2 of 3:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cwinsider.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Countrywide
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,PROXYSERVER = PLAPROXY:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D1410B3-3870-4802-AC4A-D0A042719D3A} - C:\WINNT\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINNT\system32\urqroli.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {73000BDA-18CB-44C0-812D-2283F33B26CC} - C:\Program Files\Windows NT\hotehyt4444.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: (no name) - {E421A606-1576-4809-9877-645BA903F353} - C:\Program Files\Windows NT\hotehyt83122.dll (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINNT\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [MobileCfgMgr] C:\Program Files\Mobile Configuration Manager\MobileCfgMgr.exe Activate
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [zCMDConnectLaunch] C:\Program Files\CmdConnectLaunch\CmdConnectLauncher.exe
O4 - HKLM\..\Run: [Communication Now] "C:\Program Files\Communication Now\2119264\Program\Communication Now.exe" -startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RADUserCon] C:\PROGRA~1\Novadigm\radrexxw.exe USER.REX USER
O4 - HKLM\..\Run: [RadiaUserInfo] c:\progra~1\novadigm\radrexxw.exe userinfo.rex
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{8E-E4-44-4A-ZN}] C:\winnt\system32\lldsrngk.exe CHD003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [!AXF XFRunOne.Exe] "C:\Program Files\Novadigm\AXF\Bin\XFRunOne.Exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\pwinmmdt.exe CHD003
O4 - HKLM\..\RunOnce: [!AXF XFRunOne.Exe] "C:\Program Files\Novadigm\AXF\Bin\XFRunOne.Exe" /1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
looks like Vundo

so follow this guide

and dl superantispyware

do them in safe mode too


Discussion

No Comment Found

Related InterviewSolutions